Skip to content

Browser/Javascript SignalR Authorization

Sponsor: Do you build complex software systems? See how NServiceBus makes it easier to design, build, and manage software systems that use message queues to achieve loose coupling. Get started for free.

Learn more about Software Architecture & Design.
Join thousands of developers getting weekly updates to increase your understanding of software architecture and design concepts.


SignalR AuthorizationI recently started working with ASP.NET Core SignalR 1.0 and immediately ran into roadblock with authorization.  If you need to add SignalR authorization via header such as the Authorization header, you’re going to also run into this roadblock.  Specifically this is only an issue when running in the browser/javascript as it’s not supported.

Headers

I was unaware that browsers do not support additional headers such as Authorization.  This was problematic for me as the authorization header sending a bearer token is the method of authorization used in the application I was adding SignalR hub to. So how are you supposed to send a token?

Query String

The immediate answer and for the most part, the only answer I found was too pass via the query string.  Meaning specifying the toke in the query string when defining your connection in the .withUrl()
I wasn’t in love with this solution but I was able to make it work.  I decide to tweet about it had David Fowler provide a really interesting GitHub issue that I’d recommend reading.

Alternatives

If you you are using SignalR/WebSockets client from the browser, how are you passing additional information such as Authorization data to the server?  Let me know in the comments or on Twitter.

Learn more about Software Architecture & Design.
Join thousands of developers getting weekly updates to increase your understanding of software architecture and design concepts.


Leave a Reply

Your email address will not be published. Required fields are marked *