问题
Greeting..!, I am making a asp.net chat webApplication using SignalR were I want to keep track of every user and store there actions is database. I use userId to keep track of them. My problem is that I don't want to pass confidential data(like userId) from client form to signalR hub.And I know SignalR hub class does not support sessions. so how can I do that.
I am new to signalR and I googled a lot about this problem but couldn't find any simple answer.
回答1:
SignalR supports different ways to authenticate and authorize users:
- Cookie
- Windows authentication
- Certificate
- Connection header
You can find more information about SignalR and security here:
http://www.asp.net/signalr/overview/signalr-20/security/introduction-to-security
Keep in mind that even though some info might be transferred, there is often an abstraction that does not really let someone map a user to a token or vice versa on anything else than the server.
Authentication and authorization is only a small part of security which goes further by using SSL and to carefully think what you transmit as you already said., etc.
But on some point you need a link between relevant information on your server side application and the caller. This might be a session identified by the cookie after a classic forms based authentication, an hash based header or whatever you want to create. SignalR is flexible so you could think about something like authentication against a different system and pass only a delegation token.
回答2:
You have different ways to map your userId and the connectionId. Take a look at this tutorial on asp.net
来源:https://stackoverflow.com/questions/23981580/passing-userid-in-hub-of-signalr