Azure SignalR Hub Authorization from .AddAzureADB2CBearer

1
votes

I've been looking for an answer on Internet for days with regards to [Authorize] over the SignalR Hub class. I'm using Azure B2C to authenticate users. Everything works great when the class is not decorated with [Authorize], however I require the user to be authorized, so that I can access the Claims. All my Controllers are authenticating correctly.

 [Authorize]
    public class SignalRHub : Hub
    {

My SignalR Service is running on Azure and started on the server as follows:


public void ConfigureServices(IServiceCollection services)
{

 services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
                .AddAzureADB2CBearer(options => Configuration.Bind("AzureAdB2C", options));

 .....

 services.AddSignalR().AddAzureSignalR(ConnectionString)

}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseEndpoints(endpoint =>
            {
                .....

                endpoint.MapHub<AzureSignalRSevice.SignalRHub>("/rhub");

            });
}

The Debugger is indicating when the client tries to connect:

Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/1.1 POST https://localhost:44301/rhub/negotiate?negotiateVersion=1 0

Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: AzureADB2CJwtBearer was not authenticated. Failure message: No SecurityTokenValidator available for token: {Token} Microsoft.AspNetCore.Authorization.DefaultAuthorizationService: Information: Authorization failed. Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Information: AuthenticationScheme: AzureADB2CJwtBearer was challenged.

The client code is as follows:

 var connection = new HubConnectionBuilder().WithUrl("https://localhost:44301/rhub", options =>
            {
                options.AccessTokenProvider = () => Task.FromResult(token);
            }).Build();

All the articles I have read say that the token is passed as a parameter, however in my instance it is being sent in the Authorization header correctly.

I have tried to configure the JwtBearerOptions and pass the token to context.Token, however I get the same Authentication failure.

services.Configure<JwtBearerOptions>(AzureADB2CDefaults.JwtBearerAuthenticationScheme, options =>
           {
}

OnChallenge is hit when it fails with invalid_token in the context.

All the Packages are the most recent and up to date running on Core 3.1.2

I've been though many articles, this was the best so far https://github.com/dotnet/aspnetcore/issues/10582

It doesn't use B2C Authetication though.

1
azureasp.net-coresignalrazure-ad-b2c
This is the tutorial for authenticating the Azure SignalR hub. docs.microsoft.com/en-us/azure/azure-signalr/…, also not using AzureB2C authentication.Ryan Glenn

1 Answers

1
votes

I have it working ! The solution is to include the Authentication Scheme

 [Authorize(AuthenticationSchemes = AzureADB2CDefaults.BearerAuthenticationScheme + ", " + AzureADB2CDefaults.JwtBearerAuthenticationScheme)]
public class SignalRHub : Hub
    {
}