Browser/Javascript SignalR Authorization

SignalR AuthorizationI recently started working with ASP.NET Core SignalR 1.0 and immediately ran into roadblock with authorization.  If you need to add SignalR authorization via header such as the Authorization header, you’re going to also run into this roadblock.  Specifically this is only an issue when running in the browser/javascript as it’s not supported.

Headers

I was unaware that browsers do not support additional headers such as Authorization.  This was problematic for me as the authorization header sending a bearer token is the method of authorization used in the application I was adding SignalR hub to.

So how are you supposed to send a token?

Query String

The immediate answer and for the most part, the only answer I found was too pass via the query string.  Meaning specifying the toke in the query string when defining your connection in the .withUrl()

I wasn’t in love with this solution but I was able to make it work.  I decide to tweet about it had David Fowler provide a really interesting GitHub issue that I’d recommend reading.

Alternatives

If you you are using SignalR/WebSockets client from the browser, how are you passing additional information such as Authorization data to the server?  Let me know in the comments or on Twitter.

Enjoy this post? Subscribe!

Subscribe to our weekly Newsletter and stay tuned.