SignalR Core authorization with refreshing token

1
votes

I have a couple of questions regarding SignalR Core authorization on the server side;

My server is written in ASP.NET Core, and it uses SignalR CORE for sending notifications to users.

1) If a client has connected with an options object containing an AccessTokenProvider and the access token changes -- does the server re-authorize the user even when using a long-running connection like a socket? Ie does SignalR create a new User object on the server side when the client's access token changes, while a connection is alive? If not -- how should this be handled?

2) On the client side - if a connection is aborted either from server side or by the client requesting a stop, does DisposeAsync() have to be called and a new connection object created, or can the previous one be reused safely without disposing it?

Thanks.

1
signalrsignalr-hubasp.net-core-signalr

1 Answers

0
votes

1) When token expires, you will need to refresh the token. To do that you will need to abort the connection and make it again. This is stupid but server will drop the connection when token will be expired.

2) If it is manually aborted, the object is disposed and the new connection will be new. If connection will drop for like, internet connection issues, with automatic reconnect, it will have the same instance and maintain same connection (and same connectionId).