locked
SignalR authentication with Bearer Token RRS feed

  • Question

  • User1950336107 posted

    Hi ,

    I have implemented Bearer token authentication in my signalr application. It is working fine except one problem, when authentication fails my application is unable to send custom message to client. SignalR always sends 400 - Unauthorized error when authentication fails which is hard to capture at client side.

    I want to send some custom JSON which client can parse and understand it is a bad token issue.

    Tuesday, November 24, 2015 1:00 AM

All replies

  • User61956409 posted

    Hi SantyM,

    It is working fine except one problem, when authentication fails my application is unable to send custom message to client. SignalR always sends 400

    It seems that you’d like to use the OAuth Bearer Token authentication with SignalR, this blog explained how to show different message to anonymous user and authenticated user, please refer to it.

    http://blog.marcinbudny.com/2014/05/authentication-with-signalr-and-oauth.html#.VlPD5f6wqM8

    Best Regards,

    Fei Han

    Tuesday, November 24, 2015 2:11 AM
  • User1950336107 posted

    Thanks for the reply. The solution provided above does not suit to my need. It is allowing the connection to client and then sends the message. Let me explain in detail. I have used AuthorizeAttribute and overritten UserAuthorized method which returns true if user is authorized else false.

    snippet :

    [myCustomAuthorizeAttribute]

    Public class myHub:Hub

    {

    // Hub methods goes here...

    }

    .....

    myCustomAuthorizeAttribute:AuthorizeAttribute

    {

    public bool UserAuthorized()

    {

    return true; // if authorized.

    return false; // if not authorized.

    }

    }

    My problem is SignalR is not allowing the connection if above method returns false. At client side in response to negotiate request it returns 400 Unathorized.

    When above method returns true it response the proper negotiate response i.e. with all the expected fields connectiontoken,connectionid etc.

    Tuesday, November 24, 2015 4:23 AM