Practical ASP.NET Core SignalR: Authorization

HubContext

In this section, I’m going to cover how to configure your clients to send access tokens to an ASP.NET Core SignalR Hub for Authorization.

This blog post is apart of a course that is a complete step-by-setup guide on how to build real-time web applications using ASP.NET Core SignalR. By the end of this course, you’ll be able to build real-world, scalable, production applications using the tools and techniques provided in this course.

If you haven’t already, check out the prior sections of this course.

  1. Course Overview
  2. ASP.NET Core SignalR Overview
  3. Basics
  4. Server Hubs
  5. HubContext

Authorization

For the most part, everything works as expected when using Authrozation behind ASP.NET Core. Meaning, you can use the [Authorize] attribute on Server Hubs just like you would on Controllers.

However, if you are using WebSockets as the transport and are using access tokens, then there is a bit of configuration required.

Client Configuration

In the signalR.HubconnectionBuilder().withUrl() allows us to specify an options object that has a property called accessTokenFactory which is a function needs to return the access token.

Where “MyTokenGoesHere” is a string, you would likely be using a means to return the access token you send with all of your other HTTP calls from the rest of your frontend application.

Query String

When the browser/client connects to the hub, it will add a query string parameter called “access_token“. The value will be what is returned from the accessTokenFactory.

ws://domain/messages?id=XXX&access_token=MyTokenGoesHere

Authorization Header

The reason for the SignalR client library for using the Query String to send the access token is that web sockets do not support the Authorization header. You can read more about this over at this GitHub issue.

Setting Token

Now that the access token is being sent via the query string, we need to configure out authentication in the Startup.cs to look for it in the query string and set it on the HttpContext.Token so that our authorization can use it as if it were coming from the Authorization header.

To do this with JWT, we can specify Events option and implement the OnMessageReceived property which is an Action<HttpContext>

We will implement this to look for the access_token in the query string, and if it exists, set it to the Httpcontext.Token

Get The Course!

You’ve got several options:

  1. Check out my Practical ASP.NET Core SignalR playlist on my CodeOpinion YouTube channel.
  2. Access the full course now by enrolling for free on Teachable.
  3. Follow along with the blog post series here on CodeOpinion.com
    1. Course Overview
    2. ASP.NET Core SignalR Overview
    3. Basics
    4. Server Hubs
    5. HubContext
    6. Authorization
    7. Scaling with Redis
    8. Scaling with Azure SignalR Service

Source Code

All of the source code for this blog post and this course is available the Practical.AspNetCore.SignalR repo on GitHub.

Roundup #34: Channels, ring buffers and logs | The Creeping IT Apocalypse | dotnet-format | Right Tool for the Job | Fixing Random | Microsoft Graph

Here are the things that caught my eye this week in .NET.  I’d love to hear what you found most interesting this week.  Let me know in the comments or on Twitter.

Channels, ring buffers and logs

If you’re developing applications in .NET, you probably heard about all the new shiny part of the framework, like Pipelines which enable you to process IO-related processing with more IO awareness, still leaving your code on quite high level. Another part of the framework that is mentioned recently are channels that are used to pass data between parties. In this post I discuss various approaches used for data passing.

Link: https://blog.scooletz.com/2019/01/28/channels-disruptors-and-logs/

Cloud Irregular: The Creeping IT Apocalypse

So apparently AWS is working on a clandestine low-code/no-code product codenamed “AWS for Everyone”. It’s useless to speculate on this without concrete info (though that didn’t stop Geekwire), but hopefully this isn’t just another half-baked attempt to simplify the process of application development past all recognition. An awful lot of smart people have been trying to make graphical interfaces to help non-programmers code since – what, pre-Visual Basic? – and those projects always seem to get bogged down by a) fundamental limitations of usefulness or b) horrifying snarls of technical debt, or c) both of the above.

Link: https://forrestbrazeal.com/2019/01/16/cloud-irregular-the-creeping-it-apocalypse/

dotnet-format

Link: https://github.com/dotnet/roslyn/blob/master/src/Tools/dotnet-format/README.md

The myth of the right tool for the job

The phrase “the right tool for the job” is one we’ve all heard in software development and we’ve all most likely said it at some point. However when you stop and think about what such a phrase actually means you begin to realise it’s actually quite a problematic one, it makes too many assumptions.

Link: http://josephwoodward.co.uk/2019/01/myth-of-right-tool-for-the-job

Fixing random, part 1

The C# design team tries hard to make the language a “pit of success”, where the natural way to write programs is also the correct, elegant and performant way. And then System.Random comes along; I cringe every time I see code on StackOverflow that uses it, because it is almost always wrong, and it is seldom easy to see how to make it right.

Link: https://ericlippert.com/2019/01/31/fixing-random-part-1/

Exploring the Microsoft Graph SDK

Microsoft Graph is a gateway to the data and intelligence in Microsoft 365. It provides a unified programming model that you can use to take advantage of the data in Office 365, Enterprise Mobility + Security, and Windows 10.

In this episode we’re joined by Darrel Miller (@darrel_miller), PM for Microsoft Graph developer tooling. Darrel gives us an overview of what Microsoft Graph is, and also shows us how to get started with the .NET SDK.

Link: https://www.youtube.com/watch?v=1ytDvWdOMpI

Enjoy this post? Subscribe!

Subscribe to our weekly Newsletter and stay tuned.

Practical ASP.NET Core SignalR: HubContext

HubContext

In this section, I’m going to cover how you can use SignalR outside of a Hub. In most asp.net core applications, you will likely want to communicate with the connect clients from within your application but outside of a Hub. You can accomplish this by using the HubContext.

For example, an ASP.NET Core MVC Controller or any other class that is instantiated by ASP.NET Core’s Dependency Injection.

This blog post is apart of a course that is a complete step-by-setup guide on how to build real-time web applications using ASP.NET Core SignalR. By the end of this course, you’ll be able to build real-world, scalable, production applications using the tools and techniques provided in this course.

If you haven’t already, check out the prior sections of this course.

  1. Course Overview
  2. ASP.NET Core SignalR Overview
  3. Basics
  4. Server Hubs

HubContext

The HubContext allows you to send messages to your connected clients. It has many of the same features to communicate with clients as when you are inside of a Hub.

In order to get an instance of the HubContext, you need to be using dependency injection by specifying you want an IHubContext<T> in the constructor. Where T is your Hub.

In the example below I’m creating an ASP.NET Core MVC Controller that is taking the IHubContext<MessageHub> injected via the constructor.

Once you have the IHubContext<T> in your controller or any class that was created by the DI container, you can access almost all of the similar methods that are on a Hub.

In this example, I’ve created a HttpPost route that will accept a string and then I’m using the Clients.All.SendAsync() to send a message to all connected clients.

Get The Course!

You’ve got several options:

  1. Check out my Practical ASP.NET Core SignalR playlist on my CodeOpinion YouTube channel.
  2. Access the full course now by enrolling for free on Teachable.
  3. Follow along with the blog post series here on CodeOpinion.com
    1. Course Overview
    2. ASP.NET Core SignalR Overview
    3. Basics
    4. Server Hubs
    5. HubContext
    6. Authorization
    7. Scaling with Redis
    8. Scaling with Azure SignalR Service

Source Code

All of the source code for this blog post and this course is available the Practical.AspNetCore.SignalR repo on GitHub.