Geek Answers Handbook

SignalR - how to create a custom authentication mechanism based on an HTTP header?

I leave the old version of the question below.

I would like to implement user authentication for SignalR clients. In my case, these are java clients (Android). Not web browsers. No forms authentication, no Windows authentication. These are simple client clients using the java library.

So, let the client pass the user header when connecting to the HUB. I need to somehow authenticate the user based on this header. The documentation here mentions that this is possible, but does not provide any details on how to implement it.

Here is my Android code:

hubConnection = new HubConnection("http://192.168.1.116/dbg", "", true, new NullLogger()); hubConnection.getHeaders().put("SRUserId", userId); hubConnection.getHeaders().put("Authorization", userId); final HubProxy hubProxy = hubConnection.createHubProxy("SignalRHub"); hubProxy.subscribe(this); // Work with long polling connections only. Don't deal with server sockets and we // don't have WebSockets installed SignalRFuture<Void> awaitConnection = hubConnection.start(new LongPollingTransport(new NullLogger())); try { awaitConnection.get(); Log.d(LOG_TAG, "------ CONNECTED to SignalR -- " + hubConnection.getConnectionId()); } catch (Exception e) { LogData.e(LOG_TAG, e, LogData.Priority.High); }

PS The initial question was my desire to "simplify" the question. Because I am accessing the headers in the OnConnected callback. I thought there was an easy way to reset the connection right there.

Using R signal with user authentication mechanism. I just check to see if the client has passed the connection with a specific header with a connection request.

Question: how can I DECLINE or NOT connect users who do not pass my check? The documentation here does not really explain such a scenario. The use of certificates / headers is mentioned here, but there are no examples of how to handle it on the server. I do not use form or window validation. My users are java Android devices.

Here is the code from my hub where I want to reject the connection.

 public class SignalRHub : Hub { private const string UserIdHeader = "SRUserId"; private readonly static SignalRInMemoryUserMapping Connections = new SignalRInMemoryUserMapping(); public override Task OnConnected() { if (string.IsNullOrEmpty(Context.Headers[UserIdHeader])) { // TODO: Somehow make sure SignalR DOES NOT connect this user! return Task.FromResult(0); } Connections.Add(Context.Headers[UserIdHeader], Context.ConnectionId); Debug.WriteLine("Client {0}-{1} - {2}", Context.Headers[UserIdHeader], Context.ConnectionId, "CONNECTED"); return base.OnConnected(); }
+8
c # signalr
source share
1 answer

So, I just created a custom authorization attribute and redefined the AuthorizeHubConnection method to access the request and implemented the logic you tried to do with the header and it seems to work.

 using Microsoft.AspNet.SignalR; using Microsoft.AspNet.SignalR.Hubs; namespace SignalR.Web.Authorization { public class HeadersAuthAttribute : AuthorizeAttribute { private const string UserIdHeader = "SRUserId"; public override bool AuthorizeHubConnection(HubDescriptor hubDescriptor, IRequest request) { if (string.IsNullOrEmpty(request.Headers[UserIdHeader])) { return false; } return true; } } }

Hub

  [HeadersAuth] [HubName("messagingHub")] public class MessagingHub : Hub { }

What this gives in the console (if the image is not displayed, it [Failed to load resource: the server responded with a status of 401 (Unauthorized)] ):

enter image description here

+4
source

More articles:


All Articles