Azure Mobile Service requires authentication for SignalR HTML/Javascript Client

1
votes

I have a fresh Azure Mobile Service running locally at localhost:52253. I installed the latest SignalR Nuget Package: Azure Mobile Services .NET Backend SignalR Extension 1.0.450

I also have a test HTML/Javascript client served from localhost:54697/

After working out the CORs issues, I still cannot connect to signalR hubs because the negotiation requests from the SignalR javascript client to the Mobile Service at localhost:52232/signalr/negotiate always result in HTTP/1.1 401 Unauthorized.

I have not enabled any authentication on the server, everything is the default. I also confirmed a WebApi controller works without any authentication. I've also tried decorating the hub and all hub methods with:

[AuthorizeLevel(AuthorizationLevel.Anonymous)]
public class ChatHub : Hub
{
    public ApiServices Services { get; set; }

    [AuthorizeLevel(AuthorizationLevel.Anonymous)]
    public string Send(string message)
    {
        return "Hello from SignalR Chat Hub!";
    }
}

The exact request via fiddler is: 

GET http://localhost:52253/signalr/negotiate?clientProtocol=1.4&connectionData=%5B%7B%22name%22%3A%22chathub%22%7D%5D&_=1434677053589 HTTP/1.1
Host: localhost:52253
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/plain, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36
Content-Type: application/json; charset=UTF-8
Referer: http://localhost:52253
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: ai_user=09b8290770484a41bec47ce63b379abf|2015-04-01T02:18:46.1194121+00:00; ai_session=ab23831e90cb4773b79353cd4e2963ff|2015-04-28T01:14:18.415Z|2015-04-28T01:52:17.864Z


HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/10.0
X-Content-Type-Options: nosniff
WWW-Authenticate: Basic realm="Service"
X-SourceFiles: =?UTF-8?B?YzpcdXNlcnNca2Fsd2VfMDAwXGRvY3VtZW50c1x2aXN1YWwgc3R1ZGlvIDIwMTNcUHJvamVjdHNcVGVzdFNpZ25hbFIuTW9iaWxlU2VydmljZVxUZXN0U2lnbmFsUi5Nb2JpbGVTZXJ2aWNlXHNpZ25hbHJcbmVnb3RpYXRl?=
X-Powered-By: ASP.NET
Date: Fri, 19 Jun 2015 04:32:28 GMT
Content-Length: 0

The browser then pops up a form asking for basic authentication, but I have no username or password. This is running locally, so there is also no Azure Application Key.

How can I disable or work around this authentication requirement for SignalR hubs on Azure Mobile Services?

1
azuresignalrazure-mobile-services
Sometimes I have this kind of weird issues on AMS after decorating a method to anonymous as well. What I usually do is to clear my browser cache or restart AMS, that mostly works. Have you tried that? And I feel anonymous is really not secured. Using authorizationlevel.application should be better and fulfill most of the scenarios. (You do want to make sure people use your API are using your apps, don't you?) Hope that helps.beast
You're right beast, I plan to add authentication for production. I want anonymous for now for rapid development and local debugging. Thanks again.jkalweit
Hi, there. I recently explore into signalR with Mobile services and found that I am running into an issue at negotiate request as well. But in my case, I got a 404 not found. I am using generated proxy and I can see the hub file with the correct hub methods. But when I call $.conneciton.hub.start I am getting a 404 on the negotiate request. And another interesting thing is that I see my request host being the javascript client ip address:port/index.html. But your posted example is your mobile service ip:port. I think I am missing something obvious. Hope you could help :)beast
I got the problem resolved. I realize that I had to set my javascript client URL with $connection.hub.url. But now I am running into CORs issues. Will try to figure it out.beast

1 Answers

1
votes

Have you looked at this blog post? http://blogs.msdn.com/b/azuremobile/archive/2014/05/30/realtime-with-signalr-and-azure-mobile-net-backend.aspx

You can set your authorization globally with:

public static void Register()
   {
       // Initialize SignalR
       SignalRExtensionConfig.Initialize();

       // Use this class to set configuration options for your mobile service
       ConfigOptions options = new ConfigOptions();
       options.SetRealtimeAuthorization(AuthorizationLevel.Anonymous);

       ...
   }