6

I've got an self-hosted SignalR instance, using OWIN. I'd like to implement authorization. My users will already have logged into an ASP.NET MVC application, using Forms Authentication.

Since the two applications will be available at the same URL, the cookies will be shared between the two. How do I accept a Forms Authentication cookie in a self-hosted SignalR application?

Clarification: I'm talking about a browser accessing a self-hosted SignalR hub using the same credentials that were used to log into a separate (but related, and installed on the same host) IIS application.

So, the question is: how do I hook into the SignalR server pipeline to capture the .ASPXAUTH cookie and use it to set the current principal before calling the hub?

If it helps, I can throw some Nancy into the mix.

Roger Lipscombe
  • 89,048
  • 55
  • 235
  • 380
  • Did you ever find a solution to your issue. I'm attempting the same (though my MVC app and my self-hosted SignalR service are on different ports). – Lance Held Mar 03 '15 at 00:41

1 Answers1

0

If your user is already authenticated and logged in, you can check the following within your SignalR hub:

Context.User.Identity.IsAuthenticated

Assure this property is set to true. You can place this check within the constructor of your hub to block/remove their connection. If false, you can redirect them to another page.

SeanPrice
  • 464
  • 2
  • 8
  • The authentication occurs in the MVC application, not in the service. The .ASPXAUTH cookie can be consumed in both, but how do I hook that into the SignalR or OWIN pipeline? – Roger Lipscombe Jul 02 '13 at 13:43
  • 1
    Roger, I see what you are looking for but have actually never tried to do that. For the connection class, there is a property called "CookieContainer". This is found within [Microsoft.AspNet.SignalR.Client.Connection](http://msdn.microsoft.com/en-us/library/microsoft.aspnet.signalr.client.connection.cookiecontainer(v=vs.111).aspx) where you can get/set it. Within this, you can utilize code from this [answer](http://stackoverflow.com/questions/13022415/signalr-net-client-fails-to-connect-upd-how-to-set-auth-cookie) to try and add it. – SeanPrice Jul 02 '13 at 14:45