SignalR and AzureAD authentication : loose websocket in favor of long polling
Our Asp.net core/React application used SignalR with good performance.
We added an authentication, made client side (React), with msal.
Since I added the AzureAD authentication, the negotiation of SignalR connection between client and server goes from WebSockets -> ServerSideEvents -> Long polling
With Long polling the performance degrades enormously.
In connection phase, there is a 401, despite the Jwt being passed both as query string and header
Here is the client code, passing the token:
let optimizerConnection = new HubConnectionBuilder()
.withUrl("/hubpath",
{
accessTokenFactory: () => getRawJwtToken() },
false, // skipNegotiation
HttpTransportType.WebSockets //transport
)
.withAutomaticReconnect()
.configureLogging(LogLevel.Trace)
.build()
Here is the the Hub with required authentication (the identity information, claims,...) goes to the server with the [Authorize] attribute. But authentication makes to use long polling, and is so slow:
[Authorize(AuthenticationSchemes=JwtBearerDefaults.AuthenticationScheme, Roles="Optimizer")]
public class SomeHub : Hub, ISomeHub { ...}
Here is the configuration of the identity server side:
var configuration = new ConfigurationBuilder()
.AddJsonFile("appsettings.json")
.Build();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(configuration);
I read all the posts I found about the subject, sometimes with Jwt authentication (not AzureAD). Some posts mention an OnMessageReceived method. I implemented OnMessageReceived, but it is not called:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(ConfigureJwtBearerOptions,
ConfigureMicrosoftIdentityOptions,
jwtBearerScheme: "Bearer",
subscribeToJwtBearerMiddlewareDiagnosticsEvents: true);
private static void ConfigureMicrosoftIdentityOptions(MicrosoftIdentityOptions options)
{
options.Authority = "https://login.microsoftonline.com";
options.ClientId = "myClientIdGuid";
options.Instance = "https://login.microsoftonline.com/myInstanceGuid";
}
private static void ConfigureJwtBearerOptions(JwtBearerOptions options)
{
options.Events = new JwtBearerEvents
{
OnChallenge = OnChallenge,
OnTokenValidated = OnTokenValidated,
OnAuthenticationFailed = OnAuthenticationFailed,
OnForbidden = OnForbidden,
OnMessageReceived = context =>
{
var accessToken = context.Request.Query["access_token"];
// If the request is for our hub...
var path = context.HttpContext.Request.Path;
if (!string.IsNullOrEmpty(accessToken) &&
(path.StartsWithSegments(SomeHub.Path)))
{
// Read the token out of the query string
context.Token = accessToken;
}
return Task.CompletedTask;
}
};
}
If anybody has a clue, thank you
I got it working ! Even if I didn't get the OnMessageReceived to be called.
A modification was adding a service - likely to be closely equivalent to AddAuthentication() + AddMicrosoftIdentityWeabApi()
services.AddMicrosoftIdentityWebApiAuthentication(configuration, "AzureAd");
And then add a custom middleware before UseAuthentication()
app.UseMiddleware<AccessTokenMiddleware>();
app.UseAuthentication();
The middleware puts the query string parameter in the headers
public class AccessTokenMiddleware
{
private readonly RequestDelegate next;
public AccessTokenMiddleware(RequestDelegate next)
{
this.next = next;
}
public async Task Invoke(HttpContext httpContext)
{
var request = httpContext.Request;
// Web sockets cannot pass headers so the access token must be taken from query param and
// added to the header before authentication middleware runs
if (request.Path.StartsWithSegments(SomeHub.Path, StringComparison.OrdinalIgnoreCase) &&
request.Query.TryGetValue("access_token", out var accessToken))
request.Headers.Add("Authorization", $"Bearer {accessToken}");
await next(httpContext);
}
}
- Is this declaration UB?
- return type defaults to 'int' [-Wimplicit-int]
- What is the scope of `fesetround()`?
- Which specific optimization flag causes libm functions to be treated as pure?
- How to render text in SDL2?
- Why would you use 'extern "C++"'?
- Strange Behavior Compiler Ignoring NULL Check Unless I Print Something in the if Statement
- Fast inverse square root using fixed point instead of floating point
- What is the const qualifier attached to in C: the memory area or the pointer?
- GCC options for strictest C code?
- How to do an explicit fall-through in C
- How do compilers treat CONST qualifier when the pointer points to a memory location obtained with malloc()?
- C: cmocka headers - how to unittest?
- Why in C when I print a double with a one decimal it round it to the next number
- Android C to Java SWIG unable to compile: incompatible types: byte cannot be converted to SWIGTYPE_p_uint8_t
- GNU Make in Ubuntu giving fatal error: rpc/types.h: No such file or directory
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- How change every struct in an array of pointers?
- Optimized 2x2 matrix multiplication: Slow assembly versus fast SIMD
- Simple frame by frame video decoder library
- GCC no longer implements <varargs.h>
- Contents of IO buffer unknown == unsafe?
- Avoiding strcpy overflow destination warning
- Sort program not working, not sure why
- Fast & accurate atan/arctan approximation algorithm
- What's the difference between strtok_r and strtok_s in C?
- How memory address for pointer to arrays is same as an element in 2D array?
- Which is the best way to suppress "unused variable" warning
- How to use ellipsis in c's case statement?
- Fast ceiling of an integer division in C / C++