I'm struggling to decide how best to add authentication and authorization to my SignalR service.
It is currently hosted by Owin along with the WebApi2 web service. I use OAuth2 media tokens to authenticate with them, and it works fine. However, I wonder if they are suitable for SignalR?
My client is JavaScript-based, and SignalR uses WebSockets, if available. This means that I cannot use the authorization header. I realized that I can provide a token using the qs property before connecting. But of course, the OAuth2 access token expires (and relatively shortly in my implementation). I assume that updating the qs property will not make any difference after the connection (especially with web sockets).
I believe my question is, what is the best way to provide a security token, ticket, or any authorization information in SignalR? Preferred is a method that can be compatible with both my WebApi and SignalR, but I want to know how I should do it.
thanks
signalr signalr-hub
Barguast
source share