8
votes

i am trying to make SignalR work using ASP.NET Identity. The code is very simple, where we create a new MVC5 Web Application, enable Google Account External, login with google account and make request to the Hub recognize the user by calling:

Context.User.Identity

Anyway, this is always returning null and it seems the client proxy is not able to send the external cookie.

The only workaround is doing the same steps as stated here:

http://gobbe.net/2013/06/13/use-the-asp-net-membership-in-a-signalr-chat-with-an-asp-net-mvc-4-application/

The workaround works, but I would prefer to use another solution. I also checked https://github.com/gustavo-armenta/CookieAuthenticationSample but this is not using external authentication.

Do you have any other ideas on how the Hub can recognize the external authentication schema of ASP.NET Identity?

Thanks

1
"The workaround works, but I would prefer to use another solution" - can you give any concrete reasons for that? What if the next suggestion that someone gives you has exactly the same problems as the workaround you're already aware of? That can be avoided if you give the reasons.Damien_The_Unbeliever
Thanks for the feedback. I am trying just to understand if I am missing something or if SignalR just does not support External Authentication using ASP.NET Identity and if so, I would fallback to the workaround.s s
The workaround is very insecure. It wouldn't be difficult for a malicious client to create a valid token for an arbitrary display name. It seems like the author was trying to manually implement some sort of HMAC, but completely failed due to the lack of any sort of secret key. You would be much better off using something like System.Web.Security.MachineKey or System.Security.Cryptography.ProtectedData.halter73

1 Answers

12
votes

Ok. After hours of searching I went to jabbr online support and davidfowl helped out. The problem was the ordering of the calls on the Startup class. I had:

        app.MapSignalR();
        ConfigureAuth(app);

instead of:

        ConfigureAuth(app);
        app.MapSignalR();

Thanks David.