Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SignalR exception "Unrecognized user identity. The user identity cannot change during an active SignalR connection."

Tags:

javascript

.net

asp.net-mvc-4

signalr

I have SignalR up and running on my MVC 4 application which uses Forms Authentication. I have the cookie timeout with sliding expiration set to 20 minutes.

I have a javascript function which runs on a timer so that after 20 mins and 1 second, it refreshes the page and the user is redirected to the Login page. It is important that I do this for security reasons and it works well.

My problem is that SignalR is throwing an InvalidOperation exception because the User identity has changed. I understand why it's doing this but am not sure how to avoid it.

I've tried calling $.connection.hub.stop(); before reloading the page but it does not work. I've tried calling it 5 seconds before the cookie expires but this only re-activates the session.

Any ideas would be appreciated!

Thanks John

like image 548
John Mc Avatar asked Nov 01 '22 10:11

John Mc

1 Answers

I was corresponding with David Fowler (the author of SignalR) on Github and he said there wasn't an easy way of resolving this.

To get around the problem, I implemented a Silent Logout controller action, which simply kills the users session.

    [HttpPost]
    [AjaxOnly]
    public ActionResult SilentLogOff()
    {
        _unitOfWork.WebSecurity.Logout();

        return Json(new
        {
            IsSuccess = true,
        });
    }

I then adjusted the JS timer to be 10 seconds short of the Forms authentication timeout. When it expires, it stops the SignalR hub connection, performs a POST to the SilentLogout action and then reloads the page.

SetLogoutTimer: function () {

    var formsTimeoutValue = $("#hdnRefreshTimeout").val();

    clearTimeout("formsTimeoutTimer");

    var formsTimeoutTimer = setTimeout(function () {
        $.connection.hub.stop();

        AppName.Authenticated.SilentLogoutUser();

    }, formsTimeoutValue);
}

SilentLogoutUser: function() {
    var url = $("#logout a").attr("data-bind-silent-url");
    $.ajax({
        type: "POST",
        url: url,
        success: function (response) {
            if (response.IsSuccess === true) {
                window.location.reload(true);
            }

        }
    });
}

This results in the correct behaviour in that there is no SignalR exception, and the user is redirected to the previous page they were on after re-authenticating.

like image 113
John Mc Avatar answered Nov 15 '22 04:11

John Mc
Sign in to Comment

Related questions

AngularJS / Karma unit testing with real XHR data / passThrough()
Alternative to Google calculator API
Flood fill algorithm selecting pixels with a minimum number of neighbors
Grunt, Livereload with maven and jetty server
Applying indent to each first line of paragraph of text area
$browser.notifyWhenNoOutstandingRequests doesn't take controller function into account
how to call external javascript file in html using node.js
onClick not called on child div
Backbone "remembering" values in properties
Dynamic tag with angularjs directive
How to mitigate against excess memory usage in browsers when asynchronously loading data?
How secure a method should be? [closed]
How to overlay a dynamically selected image over a dynamically populated div
Single Page Application Organization
Migration from simple Module pattern to RequireJS AMD
How do I overwrite a Javascript function added (dynamically) by Asp.Net UpdatePanel?
Reading files in js from local windows store folder
Path to matching key value pair in a nested object
Declaring string type with min/max length in typescript
Calculate new gradient positions after the polygon it fills changes dimensions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!