Geek Answers Handbook

Allow any user to access "signalr / hubs" without credentials using cors (the server starts Windows authentication)

I have two servers

  • SignalR Host (Windows Authentication, IIS)
  • The rest of the web page host (forms authentication, IIS)

I installed everything and it works with longpolling in Chrome. (1) asks for a username and password when using Firefox and switching to https://localhost:44301/signalr/hubs .

(1) uses Windows authentication. I tried to avoid authentication by doing the following in web.config :

 <location path="signalr"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location>

But SignalR is not the way to go, because it is generated automatically. I also tried to do this to expose the hubs, but to no avail:

 <location path="~/Hubs"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location>

Can someone help me find a way to remove authentication from https: // localhost: 12321 / signalr / *? (this includes all signals signalr / negotiate calls ++)

+7
c # web-config cors signalr
source share
2 answers

I solved this by changing the background of the problem.

Now the entire server is accessible anonymously, but the paths that require Windows authentication have been specified on their own.

An example of what controllers that need protection look like:

 <location path="#####.ashx"> <system.webServer> <security> <authentication> <anonymousAuthentication enabled="false"/> <windowsAuthentication enabled="true"/> </authentication> <authorization> <remove users="?" roles="" verbs="" /> <add accessType="Deny" users="?" /> </authorization> </security> </system.webServer> < /location>

And the general parameter for the server:

  <system.webServer> <security> <authentication> <anonymousAuthentication enabled="true"/> <windowsAuthentication enabled="true"/> </authentication> <authorization> <add accessType="Allow" users="?" /> </authorization> <requestFiltering> <!--Auction searches with 250 results generates slightly longer string than standard setting of 2048--> <requestLimits maxQueryString="3072" /> </requestFiltering> </security> </system.webServer>

This may not be a viable solution for everyone, but it worked for me ... :)

As a side note: while working with this, I also fought IIS Express and generally could set Windows authentication in web.config. This post really helped me -> IIS Express Windows Authentication

+2
source share

Try

 <allow users="?"/>

since it allows anonymously, using the asterisk "*" you allow "All Users".

+2
source share

More articles:


All Articles