There's lots of info on how to do Forms authentication or Windows authentication with SignalR. I am interested in using my own authentication DB. I use a .NET client because the connecting agent is a service, not a web browser with a human behind it. I'd ideally like my client code use:
hubConnection.Credentials = new NetworkCredential(userName, password);
And my server code to use [Authorize] on the hubs and to have Context.User available to me. All comms are over https so I don't care about plain text.
I've read the asp.net basic authentication guide which shows how to override the authentication mechanism using an IHttpModule. However, the 'Authorization' header never seems to get set in the requests coming from the .NET SignalR client when I breakpoint the code in the HttpModule.
All I want to do is trivially pass a username and a password from the client and code up how authentication happens on the server. Is that so hard? No magic. No Active Directory. Just authentication by me.
My current, working, approach is to set custom headers which are interpreted at the SignalR level (using a custom AuthorizeAttribute), however apparently 'the right way to do it' is not to do authentication at the authorisation level and instead have the webserver do that before any SignalR stuff happens.
Can anyone please describe a good procedure for full, but dirt-simple, custom authentication?
Client
var connection = new Connection(url + "/echo");
connection.Credentials = new NetworkCredential("user", "password");
await connection.Start();
Server
app.Map("/basicauth", map =>
{
map.UseBasicAuthentication(new BasicAuthenticationProvider());
map.MapSignalR<AuthenticatedEchoConnection>("/echo");
map.MapSignalR();
});
NuGet Package required: Microsoft.Owin.Security.Basic
You can see a full sample here
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With