How to securely send a message to a specific user

后端 未结 3 1765
渐次进展
渐次进展 2021-01-12 16:30

I am using ASP.NET MVC 5 and SignalR. I want to send a message to a specific user. I have followed the method which is explained in this tutorial (also suggested by this ans

3条回答
  •  伪装坚强ぢ
    2021-01-12 17:07

    You're pretty well on your way to the right solution. The only trick is that your security should be set up such that you can't spoof someone else's UserId.

    For instance, we have exactly the same scenario with SignalR, but we use the UserId claim from a JWT Token to tell who you are. So you would need to know the guy's login credentials if you wanted to receive his messages. You can't just change the UserId in the claims, because then the JWT signature would be invalid and you wouldn't be authenticated or authorized anymore.

    So TL;DR: use JWT authentication or something with a one-way signature that prevents tampering with the UserId.

提交回复
热议问题