3

I'm trying to authorize via JWT to Signalr through WebSockets with JWT access token. But I get Unauthorize response.

This is my signalR configuration in Startup class:

app.Map("/signalr", map =>
{
    map.UseCors(CorsOptions.AllowAll);
    map.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
    {
        Provider = new QueryStringOAuthBearerProvider()
    });
    var hubConfiguration = new HubConfiguration
    {
        EnableDetailedErrors = true,
        EnableJSONP = true
    };
    map.RunSignalR(hubConfiguration);
});

// get your hub context
var hubContext = GlobalHost.ConnectionManager.GetHubContext<ChatHub>();

This is my Auth Configuration

app.CreatePerOwinContext<IdentityContext>(IdentityContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>((options, context) => ApplicationUserManager.Create(options, context.Get<IdentityContext>()));
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);

app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
    AuthenticationMode = AuthenticationMode.Active,
    TokenValidationParameters = new TokenValidationParameters()
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = ConfigManager.EnumDocolaEnvironment.ToString(),
        ValidAudience = ConfigManager.EnumDocolaEnvironment.ToString(),
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(ConfigurationManager.AppSettings["JWT:SecretKey"]))
    }
});

The auth configuration is before the signalr configuration.

Here is the SignalR auth provider to get the access token:

using Microsoft.Owin.Security.OAuth;
using System.Threading.Tasks;

public class QueryStringOAuthBearerProvider : OAuthBearerAuthenticationProvider
{
    public override Task RequestToken(OAuthRequestTokenContext context)
    {
        var value = context.Request.Query.Get("access_token");

        if (!string.IsNullOrEmpty(value))
        {
            context.Token = value;
        }

        return Task.FromResult<object>(null);
    }
}

In the ChatHub I have the Authorize decorator, I also tried with System.Web.Http.Authorize. In the second case I don't receive an Unauthorize response but in the Context.User I get null.

Thanks in advance.

Ondrej
  • 1,209
  • 1
  • 11
  • 21
Juan Acq
  • 31
  • 4

0 Answers0