Is there a way to Authenticate users who connect to Azure SignalR?

1
votes

I am really struggling to understand on how to implement this. I have an Azure SignalR service running. I have an Azure Function setup. I have a Web API.

The Web API fires a HTTP POST to the Azure Function and using a HTTPTrigger it then sends out (broadcasts) to all users who are connected to the Azure SignalR service. Great!

Now I have a problem, the Web API must send messages only to a specific user for each HTTP POST. Obviously this would me the user would need to authenticate somehow when they connect to (or "Negotiate") with Azure SignalR.

Truth be told, I know how to authenticate users when I have a self-hosted SignalR application. Done this prior with bearer token authentication whenever users connected to the Hub for SignalR. However, that was self-hosted SignalR. I am now using Azure SignalR hosted on Azure.

Also I need to say that the Negotatiate and all methods that the clients for the Azure SignalR listen to are Azure Functions.

[FunctionName("negotiate")]
    public static SignalRConnectionInfo Negotiate(
    [HttpTrigger(AuthorizationLevel.Anonymous)] HttpRequest req,
    [SignalRConnectionInfo
        (HubName = "notifications")] //, UserId = "{headers.x-ms-client-principal-id}"
        SignalRConnectionInfo connectionInfo)
    {
        // connectionInfo contains an access key token with a name identifier claim set to the authenticated user
        return connectionInfo;
    }

    [FunctionName("PlacedOrderNotification")]
    public static async Task Placed(
    [QueueTrigger("new-order-notifications")] OrderPlacement orderPlacement,
    [SignalR(HubName = "notifications")] IAsyncCollector<SignalRMessage> signalRMessages,
    ILogger log)
        {
            log.LogInformation($"Sending notification for {orderPlacement.CustomerName}");

            await signalRMessages.AddAsync(
                new SignalRMessage
                {
                    Target = "productOrdered",
                    Arguments = new[] { orderPlacement }
                });
        }

I want to take my bearer token authentication and place it within Azure SignalR somehow.

Now the million dollar question... how on earth do I go about doing that? Can I re-use my Bearer Auth code used for a self hosted SignalR service and integrate it into my architecture somehow?

1
c#azureazure-functionssignalrazure-signalr
Has your problem been solved? Is there any progress?Jason Pan

1 Answers

1
votes

The normal use process should be the scenario described below.

The Web API fires a HTTP POST to the Azure Function and using a HTTPTrigger it then sends out (broadcasts) to all users who are connected to the Azure SignalR service. Great!

From your description, Web API send a post which body contains json data, like:

{
  "orderid": "0001",
  "status" : "created",
  "userid" : "Jason",
  ......
}

Then your function app needs to process this order information and find out who needs to push to receive this message.

Suggestion, you can integrate signlar with function app.

According to business information and requirements, push order information to designated users.

1. SignalR - Checking if a user is still connected

2. Send message to specific user in SignalR