I am developing a prototype of an AngularJS, Web API, SignalR application as a potential starting point for a new project in VS 2013.
At this stage, I\'m pretty much usi
I'll post this for the the people that will have this issue in the future:
There are multiple approaches to this in order to just make it work, but depending on the purpose of the application.
The first that I've seen makes SignalR
work with headers, which would seem very easy to implement:
$.signalR.ajaxDefaults.headers = { Authorization: "Bearer " + token };
The huge downside of this is that it forces SignalR
to use longPolling
, which you most definitely don't want, since you are using SignalR.
access token
that the client receives when logging in as a query string
, right before connecting. Then, make a custom Attribute
that inherits the AuthorizeAttribute
(follow this repo - not great in my opinion, but it makes a point).Another approach with passing the token as query string
is to follow this SO answer which creates an OAuth Provider
and
retrieves all other values from the token early in the pipeline
Again, this method is not the optimal one since query strings
are pretty vulnerable:
query strings tend to be stored in web server logs (or exposed in other ways even when using SSL). There is a risk of someone intercepting the tokens. You need to select an approach that fits your scenario best.
OAuth Bearer Token authentication
with SignalR
by passing the token over a cookie into SignalR
pipeline.I believe this is the solution with the fewest compromises, but I will come back with more information once my implementation is complete.
Hope this helps. Best of luck!
UPDATE I managed to get WebApi token authentication to work with SignalR by storing the token in a cookie, then retrieve it in a provider.
You cah take a look at this GitHub repo , but I mostly followed the article from above. Explicitly, here's what I did:
I created an OAuthBearerTokenAuthenticationProvider
class that inherits from OAuthBearerAuthenticationProvider
and overridden the RequestToken
method.
Now it looks for the cookie where the BearerToken
is stored and retrieves its value. Then, it sets the context.Token
to the value of the cookie.
Then, on the JavaScript part, you have to get the token (by authenticating using the user name and password) and store the token in a cookie.
public class OAuthBearerTokenAuthenticationProvider : OAuthBearerAuthenticationProvider
{
public override Task RequestToken(OAuthRequestTokenContext context)
{
var tokenCookie = context.OwinContext.Request.Cookies["BearerToken"];
if (!String.IsNullOrEmpty(tokenCookie))
context.Token = tokenCookie;
return Task.FromResult
For a working sample, please take a look at the repo above.
Best of luck!