Search code examples
c#asp.net-coresignalridentityserver4

Authorize signalr core hub using identiyserver4

I am using visual studio 2019 preview Angular / .net core API backend template with individual authorization.

I believe within this template, identityserver4 is being used.

Within the API there is a signalr core hub which I am trying to authorize. I have the Authorize attribute on the hub. I am also specifying the token in the angular signalr client URL query string.

Despite the above, the authorize attribute has no effect, I am able to access the hub with or without the token.

JS / angular client

ngOnInit() {
console.log(this.authService.getAccessToken().toPromise())

this._hubConnection = new signalR.HubConnectionBuilder()
  //.withUrl('/handoverhub', {accessTokenFactory: () => this.token})
  .withUrl('/handoverhub', { accessTokenFactory: () => {
    return this.authService.getAccessToken().toPromise();
  } })
  .configureLogging(signalR.LogLevel.Information)
  .build();

ASPNETCore code Hub using Microsoft.AspNetCore.SignalR;

using System; 
using System.Collections.Generic; 
using System.Diagnostics;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using HomecareShared.Models;
using HomecareShared.Models.DTOs;
using HomecareShared.Models.Handover;
using HomecareShared.Models.Notify;
using HomecareShared.Models.SharedResources;
using HomecareHandover.Repo;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
using Microsoft.VisualBasic.ApplicationServices;

namespace HomecareHandover.Hubs {
[Authorize]
public class HandoverHub : Hub

Some snippets of startup

        app.UseAuthentication();
        app.UseAuthorization();

        app.UseRouting();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapHub<HandoverHub>("/handoverhub"); //For handover 
            endpoints.MapHub<TaskHub>("/taskhub"); //For task
        });
        app.UseIdentityServer();


   services.AddAuthentication()
            .AddIdentityServerJwt();

        services.AddSignalR();

No error messages. I am able to get straight into the hub no problem.

Solution

  • I have had a similar problem but with AzureSignalR. I overcome the issue by implementing the code below. You also should call UseIdentityServer before UseEndpoints;

    app.UseAuthentication();
app.UseAuthorization();
app.UseAzureSignalR(routes =>
{
    routes.MapHub<ChatHub>("/hubs/chat");
    routes.MapHub<NotificationHub>("/hubs/notifications");
});
app.UseEndpoints(endpoints =>
{
    endpoints.MapDefaultControllerRoute();
    endpoints.MapHealthChecks("/healthz", new HealthCheckOptions() { });
});

    By the way, another example about Hub authorization yet again in AzureSignalR and pure JWT but I put here so you may take a peek https://github.com/ilkerkaran/MySignalRPlayGround/blob/master/SignalRServer.API/Startup.cs