Hi,
I m trying to understand how SignalR works with Authentication, so thanks for your work, it s helpful.
About this page:
https://github.com/damienbod/AspNetCoreAngularSignalRSecurity/blob/master/DirectMessagesAngular/angularApp/app/directmessages/directmessages.service.ts
I read that you can use this instead:
this._hubConnection = builder.withUrl(
environment.apiUrl + '/hubs/notification',
{ accessTokenFactory: () => `bearer ${myToken}` }
).build();
So the code in startup (https://github.com/damienbod/AspNetCoreAngularSignalRSecurity/blob/master/ApiServer/Startup.cs) will be updated to:
context.HttpContext.Request.Headers.TryGetValue("Authorization", out var accessToken)
instead of
context.Request.Query.TryGetValue("token", out StringValues token)
I read other thing too, about IUserIdProvider, in startup:
services.AddSignalR();
services.AddSingleton<IUserIdProvider, UserIdProvider>();
and UserIdProvider
public class UserIdProvider : IUserIdProvider
{
private readonly IUserManager _userManager;
public UserIdProvider(IUserManager userManager)
{
_userManager = userManager;
}
public string GetUserId(HubConnectionContext connection)
{
return string.Empty;
}
}
What I was expecting with the variable connection is to see information about the user. We have set [Authorize] to the Hub, means it uses the authentication process, so, in my mind, i m supposed to receive name and role:
Here is how the Token is generated:
var tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = authSettings.Issuer,
Audience = authSettings.Audience,
NotBefore = DateTime.UtcNow,
IssuedAt = DateTime.UtcNow,
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(Constants.ClaimTypes.Sid, user.Id.ToString()), //Currently there an issue with ClaimTypes.Sid which not generate 'sid' (https://github.com/dotnet/corefx/issues/28454)
new Claim(ClaimTypes.Name, user.Id.ToString()),
new Claim(ClaimTypes.Role, user.RoleName),
}),
Expires = token.ExpirationDate,
SigningCredentials = GenerateSigningCredentials(authSettings.SecretKey)
};
This post is not really an Issue, more a discussion, I hope you will be interested to talk about it :).
Hi,
I m trying to understand how SignalR works with Authentication, so thanks for your work, it s helpful.
About this page:
https://github.com/damienbod/AspNetCoreAngularSignalRSecurity/blob/master/DirectMessagesAngular/angularApp/app/directmessages/directmessages.service.ts
I read that you can use this instead:
So the code in startup (https://github.com/damienbod/AspNetCoreAngularSignalRSecurity/blob/master/ApiServer/Startup.cs) will be updated to:
context.HttpContext.Request.Headers.TryGetValue("Authorization", out var accessToken)instead of
context.Request.Query.TryGetValue("token", out StringValues token)I read other thing too, about IUserIdProvider, in startup:
and UserIdProvider
What I was expecting with the variable
connectionis to see information about the user. We have set [Authorize] to the Hub, means it uses the authentication process, so, in my mind, i m supposed to receive name and role:Here is how the Token is generated:
This post is not really an Issue, more a discussion, I hope you will be interested to talk about it :).