passing userId in Hub of SignalR
Question
Greeting..!, I am making a asp.net chat webApplication using SignalR were I want to keep track of every user and store there actions is database. I use userId to keep track of them. My problem is that I don't want to pass confidential data(like userId) from client form to signalR hub.And I know SignalR hub class does not support sessions. so how can I do that.
I am new to signalR and I googled a lot about this problem but couldn't find any simple answer.
2 answers
solution1
2 2014-06-01 17:59:10
SignalR supports different ways to authenticate and authorize users:
- Cookie
- Windows authentication
- Certificate
- Connection header
You can find more information about SignalR and security here:
http://www.asp.net/signalr/overview/signalr-20/security/introduction-to-security
Keep in mind that even though some info might be transferred, there is often an abstraction that does not really let someone map a user to a token or vice versa on anything else than the server.
Authentication and authorization is only a small part of security which goes further by using SSL and to carefully think what you transmit as you already said., etc.
But on some point you need a link between relevant information on your server side application and the caller. This might be a session identified by the cookie after a classic forms based authentication, an hash based header or whatever you want to create. SignalR is flexible so you could think about something like authentication against a different system and pass only a delegation token.
solution2
0 2014-06-02 13:34:37
You have different ways to map your userId and the connectionId. Take a look at this tutorial on asp.net
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.