How to securely send a message to a specific user

Question

I am using ASP.NET MVC 5 and SignalR. I want to send a message to a specific user. I have followed the method which is explained in this tutorial (also suggested by this ans

Answer 1

MS Documentation does not mention anything about security considerations when explaining IUserID provider, which, in my opinion makes the matter confusing...

I posted the same question on ASP.NET SignalR Forum, and they confirmed that using a fixed ClientId as connectionId is a less secure solution. If security is a concern, then the Permanent, external storage is your best bet, because connectionId is randomly generated and hard to guess.

In the case of my application, I continued using the IUserID provider approach (the less secure option). Though I did add some validation on the server side, before sending the message:

1. Obviously using: [Authorize]
2. I added a blocking mechanism, and will validate the Sender is not blocked by the Receiver before sending a message.
3. I have also added a mechanism, that a Sender can send max 10 un-replied messages to the Receiver.