0
votes

I have a webapi running on a self hosted app, security provided via oauth, and I'm setting the authorisation header for calling the API. This works great, we have a user identity on all calls.

Now I can pass the same authorization token by query string or cookie (or header on some connection types) to signalr (self hosted in the same app).

The token gets to the server for signalr, I can can add it into context.cookie, or into the headers.

but..nowhere can I get it to create an authenticated user, I seem to be plagued by 401 errors

I assume I am missing a key piece of code thats supposed to take the token and create an authenticated user for signalr (even though webapi/owin does it itself).

does anybody have any pointers, or examples where signalr works with oauth on self-host?

1
Ok - if I turn off the code used to enable webapi bearer auth, then it works (comment these 2 lines) : //config.SuppressDefaultHostAuthentication(); //config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType)); So I'm guessing I have to add a filter into the signalR pipeline too.AndyBond

1 Answers

0
votes

You are correct that you need to setup a way to authenticate and set the user when wanting to use SignalR with OAuth.

You can create a customer AuthorizeAttribute for SignalR. In it you can basically get the query string to get hold of the token, once you have the token, you can unprotect it and start validating it and setting the user context in the request.

I have an example at

https://github.com/louislewis2/AngularJSAuthentication/blob/master/AngularJSAuthentication.API/SignalRHelpers/QueryStringBearerAuthorizeAttribute.cs

Once that has been implemented, you simply decorate your hub with [QueryStringBearerAuthorize]

The github link has a full working example for this and might provide some valuable insight.