SignalR authentication with javascript client
Solution 1
You have to use Forms or windows authentication as you would use is any other asp.net application. Once you are authenticated your calls would work in the same way as they did before you putting [Authorize]
attribute on the hub.
SignalR does not itself deal with authentication.
You will have to authenticate first then send the token to server, I think this link can help you achieve what you want to do.
Solution 2
you can add your authentication token into the querystring which will be passed into server when java script client initial the connection to signalr server.
client side: connection.qs = { 'Token' : 'your token string'};
server side: var Token = IRequest.QueryString["Token"];
Comments
-
AD.Net almost 2 years
I was playing with the
open authentication
inMVC5
andSignalR
. I use a javascript client to call a simple server method onSignalR
and receive a reply from Server. It works well, but if I add the[Authorize]
tag, it does not even call the server method (did not get any response while debugging).My assumption was the server will use the Authentication mechanism to challenge the client. Am I missing anything? Do I have to manually authenticate the user from the client side and if so how do I pass the authentication token?
Here's my
hub
:[HubName("authChatHub")] public class AuthChatHub : Hub { [Authorize] public void Ping() { Clients.Caller.Pong("Connection is FINE!!"); Clients.Caller.Pong(Context.User == null ? "Null user" : Context.User.Identity.IsAuthenticated.ToString()); } }
Here's my
Startup.Auth.cs
public void ConfigureAuth(IAppBuilder app) { app.UseGoogleAuthentication(); }
Here's the
Startup.cs
, using the code to enable CORS.public partial class Startup { public void Configuration(IAppBuilder app) { ConfigureAuth(app); //added this after a suggestion here, not sure if this is the right place. app.Map("/signalr", map => { map.UseCors(CorsOptions.AllowAll); var hubConfiguration = new HubConfiguration { // EnableJSONP = true //empty for now }; map.RunSignalR(hubConfiguration); }); } }
And finally this
client
side code calls thehub
method and listens to the server RPC.this.sendMessage = () => { this.authChat.server.ping(); }; this.authChat.client.pong = (message) => { console.log(message); };
-
AD.Net over 10 yearsI've seen that page, what is not clear to me is how to authorize users in javascript client.
-
davidfowl over 10 yearsThe million dollar question, what authentication scheme are you using? If the answer is "I don't know" then that's the problem. There's cookie based auth (forms auth), basic auth, windows auth.. the list goes on. Once you know what authentication scheme you're using then we can talk about the [Authorize] attribute.
-
AD.Net over 10 yearsI'm trying to use Google auth that comes with MVC5, I have the code in Startup.Auth.cs in the question.
-
davidfowl over 10 yearsMake sure you call MapSignalR after calling ConfigureAuth
-
AD.Net over 10 years@dfowler, I'll try it, but could you please explain how the auth should work. For a javascript client (e.g. html5/js app in mobile) do I have to authenticate and then add the token to the request header manually?
-
davidfowl over 10 yearsNo, when you do the handshake (redirect to google and come back to your site) you should be authenticated.
-
AD.Net over 10 yearsIt's exactly not what I want to do.
-
AD.Net over 10 years@dfowler, I have added some extra code. Please take a look. I think I'm missing something somewhere. I expect when the client side calls the server.pong() the server should challenge the client to log in. As mentioned before it works without the authorize.
-
davidfowl over 10 yearsYe, that assumption is completely wrong. Who is performing the challenge?
-
Shashank Chaturvedi over 10 yearsI had a long discussion on stackoverflow.com/questions/20272611/… about signalr authentication and authorization. I can say signalR does not dwell in Authentication or Authorization. I have updated my answer above, hope it helps. You may also want to look at this post stackoverflow.com/questions/16190148/… .
-
Motoko over 7 yearsThis will not work. At this moment,
AuthorizeEchoHub.cshtml
callsstartSignalR()
but there is no such method that accepts 0 arg