Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Integrating SignalR with existing Authorization

Tags:

asp.net-mvc

authorization

signalr

I've been working on a way of integrating SignalR Authorization Attributes with a custom authorization provider (called MVCAuthorization) I went down a few rabbit holes of trying to recreate an Authorization provider for hubs specifically, but that turned out to be far too complicated. So I was wondering, how I can integrate my existing Controller and Action Authorization with my SignalR Hubs and methods?

like image 685
DrSammyD Avatar asked Jan 15 '13 17:01

DrSammyD

2 Answers

I figured out that you can retrieve an IAuthorization provider.

If you treat you hub as a controller, and your methods as your actions, all you have to do is create a SignalR Attribute that implements IAuthorizeHubConnection and IAuthorizeHubMethodInvocation

public class HubAuthorizeAttribute : Attribute, IAuthorizeHubConnection,IAuthorizeHubMethodInvocation
{
    public virtual bool AuthorizeHubConnection(HubDescriptor hubDescriptor, Microsoft.AspNet.SignalR.IRequest request)
    {
        IAuthorizationProvider authorizationProvider = DependencyResolver.Current.GetService<IAuthorizationProvider>();

        return authorizationProvider.IsAuthorizedController(hubDescriptor.Name);
    }

    public virtual bool AuthorizeHubMethodInvocation(IHubIncomingInvokerContext hubIncomingInvokerContext)
    {
        IAuthorizationProvider authorizationProvider = DependencyResolver.Current.GetService<IAuthorizationProvider>();

        return authorizationProvider.IsAuthorizedAction(hubIncomingInvokerContext.MethodDescriptor.Hub.Name, hubIncomingInvokerContext.MethodDescriptor.Name);
    }
}

Then all you have to do is put the attribute on your hub or any methods you want authorized

[HubAuthorize]
public class Message : Hub
{
    public void Send(string message)
    {
    }
}
like image 112
DrSammyD Avatar answered Oct 21 '22 22:10

DrSammyD

You should override the existing methods in the pipeline

Check authorize in SignalR attribute

http://www.asp.net/signalr/overview/signalr-20/security/hub-authorization

Overriding AuthorizeHubMethodInvocation will allow you to authorize the request while overriding UserAuthorized with allow you to authenticate (you can check the user's roles etc.

Have your HubAuthorizeAttribute inherit from AuthorizeAttribute and allow the constructor to take in a list of roles

Here's a simple example on how to handle roles http://www.jasonwatmore.com/post/2014/02/18/ASPNET-Web-API-2-Enum-Authorize-Attribute.aspx

like image 31
coder Avatar answered Oct 21 '22 22:10

coder
Sign in to Comment

Related questions

ASP.Net MVC 3.0 Attribute [OutputCache] - Is this global, or by session?
MVC: Which method should be overridden to cache action result
ASP.Net MVC Cookies not persisting
MVC3 Unobtrusive Date Validation on a custom formatted date
ASP.NET MVC solution for OpenID + OAuth + trivial authentication
Layout/design templates for MVC application? [closed]
How do I make ELMAH log to MySQL?
ASP.net MVC: why is AreaRegistration.RegisterAllAreas() so slow?
Multitenancy with Fluent nHibernate and Ninject. One Database per Tenant
Download jQuery script to localize datepicker
Tell, Don't Ask Principle and Password Expiration
MVC Razor - How to submit form to itself
Potentially dangerous Request.Form value was detected from the client
Programmatically "hello world" default SERVER-side printer in ASP.NET MVC
Javascript executing MVC code in If statement incorrectly
SignalR broadcasting from outside a hub doesn't work
Passing a model into RedirectToAction()
How to make entry field to allow numbers only using EF and Data Annotations?
How to persist the data in memory in MVC controller?
"'Could not load file or assembly 'Elmah' or one of its dependencies. The system cannot find the file specified'' after using Elmah.MVC in NuGet

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!