SignalR MVC 5 Websocket no valid Credentials

Question

i try to use SignalR in MVC Application. It works well but i get the following Error in the Chrome console

 WebSocket connection to 'ws://localhost:18245/signalr/connect?transport=webSockets&clientProtocol=1.4&connectionToken=bNDGLnbSQThqY%2FSjo1bt
8%2FL45Xs22BDs2VcY8O7HIkJdDaUJ4ftIc54av%2BELjr27ekHUiTYWgFMfG6o7RaZwhf
fpXavzWQ1jvkaxGm5rI%2BWtK7j0g1eQC2aOYP366WmRQLXCiYJfsm4EbwX6T8n2Aw
%3D%3D&connectionData=%5B%7B%22name%22%3A%22importerhub%
22%7D%5D&tid=9' failed: HTTP Authentication failed; no valid credentials available 

The funny thing is that the jquery method i call from the Controller over the Hub works fine.

jQuery:

 $(function () {
            // Initialize the connection to the server
            var importerHub = $.connection.importerHub;

            // Preparing a client side function
            // called sendMessage that will be called from the server side
            importerHub.client.sendMessage = function (message) {
                showOrUpdateSuccessMessage(message);
            };
            $.connection.hub.start();
        });

Controller:

var hubContext = GlobalHost.ConnectionManager.GetHubContext<ImporterHub>();
            hubContext.Clients.All.sendMessage("All operations complete");

I use .Net v4.5.1, SignalR v2.1.2.0 and IIS 8.5 with Windows Authentication.

How can I fix this error?

Answer 1

It looks like you are running into a Chrome issue. The problem is that Chrome doesn't properly handle Windows Authentication for WebSockets.

Below is the initial issue submitted a couple years ago reporting that Chrome did not support any form of HTTP authentication:

https://code.google.com/p/chromium/issues/detail?id=123862

That issue has been resolved for Basic and Digest authentication, but not for Windows (NTLM/Negotiate) authentication. There was an issue created less than a month ago to track progress on Chrome support for Windows authentication with WebSockets:

https://code.google.com/p/chromium/issues/detail?id=423609

Apparently, the issue with Windows authentication is partially fixed in the Chrome dev channel, but only if the client has already authenticated with the server prior to establishing a WebSocket.

The reason you can still call sendMessage from your Controller is because SignalR automatically falls back to using a transport other than WebSockets (i.e. server-sent events or long-polling), when the WebSocket connection fails. Chrome will properly handle Windows authentication with SignalR's other transports.

I suggest not changing anything. It looks like Chrome will eventually support Windows authentication for WebSockets.

The only real problem, other than the error in your chrome console, is that it might take slightly longer to establish a SignalR connection in Chrome. If that's a big issue, you can always specify what transports the client should attempt using. So on Chrome, you could only try serverSentEvents and longPolling, but then when Chrome does fix the issue, you won't be using the best possible transport until you change your code.