
I'm have an IIS hosted MVC 5 app that uses Asp.Net Identity and OWIN for authentication via .AspNet.ApplicationCookie. From one of its views, I make calls to long-running methods on a self-hosted SignalR hub (running on the same server) via a SignalR JS client. These calls all work as expected. I now wish to decorate my hub with [Authorize(Roles = "Administrator")]. This has proved problematic. Setting a breakpoint in a hub method reveals that the Context.User is null, even though the .AspNet.ApplicationCookie is clearly in the Context.RequestCookies.

Here is the bootstrap for the hub (self-hosted in a windows service):

app.Map("/signalr", map =>
    map.UseCookieAuthentication(new CookieAuthenticationOptions
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie

    var hubConfiguration = new HubConfiguration();

Here is the auth config for the web app (hosted in IIS):

// Configure the db context, user manager and signin manager to use a single instance per request

// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(30),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))

Question 1: Is the use of [Authorize] possible in the scenario described above? If so, how?

Question 2: Would it be better to just merge the self-hosted hub into the IIS hosted app? If so, are there any issues with long-running hub methods under IIS?

Update 1 I've tried adding TicketDataFormat = new TicketDataFormat(new MachineKeyDataProtector("ASP.NET Identity")) to the CookieAuthenticationOptions on my hub config, but that didn't help. Sure seems like this should be easier than it is.

Code would help us help you. What does the bootstrap of the SignalR hub look like?Brendan Green
hosted on the same server, but is in the same app? because I think that by default Asp.net Identity shares the credentials only for the same app not for the serverbto.rdz
@bto.rdz the hub is self-hosted as a windows service, so it is not in the same app as the MVC 5 app that is hosted in IIS.Lance Held
@LanceHeld what you need is to share the auth, try this link stackoverflow.com/questions/20589429/…bto.rdz
@bto.rdz The link you posted is what I want but doesn't offer any new information from what I've already attempted.Lance Held

1 Answers


I ended up moving my self-hosted hub into my ASP.Net application and it worked just fine. This seemed easier and more maintainable than implementing the workaround in this SO question, OWIN Self-Host CookieAuthentication & Legacy .NET 4.0 Application / FormsAuthenticationTicket