07-23-2023, 08:59 AM
I am developing a prototype of an AngularJS, Web API, SignalR application as a potential starting point for a new project in VS 2013.
At this stage, I'm pretty much using the canned code that visual studio generates for Individual User Accounts.
There's a line in the StartUp.Auth.cs code that looks like this.
app.UseOAuthBearerTokens(OAuthOptions);
With this in place, I can add the [Authorize] attribute to controllers and it works fine.
Incidentally, with angular I was able to add a standard header containing the token in the JavaScript as follows.
$http.defaults.headers.common.Authorization = 'bearer ' + access_token;
Then I added SignalR to the project.
It supports it's own version of the [Authorize] attribute but there is no way to pass custom headers when using SignalR.
It's a limitation on the browser side.
The documentation said you could pass the token as part of the query string.
I added that code on the JavaScript side. My SignalR code now included this.
I passed the token as 'bearer_token'.
this.connection = $.hubConnection("/TestHub", { useDefaultPath: false, qs: "bearer_token=" + token });
So my issue was how to make OWIN recognize the token now it was no longer in the header.
After a number of searches, I ended up adding code that moved the token from the querystring into the header.
For my prototype, I just added a little code above the original line in StartUp.Auth.cs.
So, now it looked like this:
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new OAuthBearerAuthenticationProvider()
{
OnRequestToken = context =>
{
if (context.Request.Path.Value.StartsWith("/TestHub"))
{
string bearerToken = context.Request.Query.Get("bearer_token");
if (bearerToken != null)
{
string[] authorization = new string[] { "bearer " + bearerToken };
context.Request.Headers.Add("Authorization", authorization);
}
}
return Task.FromResult(context);
}
}
});
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
The code above is rough but this is a prototype so really I just wanted to see if it worked which it did.
**Finally getting to the question:**
Is this the right pattern for integrating bearer token authorization with SignalR and the OWIN pipeline.
I couldn't seem to find much good information on the right way to do this.
At this stage, I'm pretty much using the canned code that visual studio generates for Individual User Accounts.
There's a line in the StartUp.Auth.cs code that looks like this.
app.UseOAuthBearerTokens(OAuthOptions);
With this in place, I can add the [Authorize] attribute to controllers and it works fine.
Incidentally, with angular I was able to add a standard header containing the token in the JavaScript as follows.
$http.defaults.headers.common.Authorization = 'bearer ' + access_token;
Then I added SignalR to the project.
It supports it's own version of the [Authorize] attribute but there is no way to pass custom headers when using SignalR.
It's a limitation on the browser side.
The documentation said you could pass the token as part of the query string.
I added that code on the JavaScript side. My SignalR code now included this.
I passed the token as 'bearer_token'.
this.connection = $.hubConnection("/TestHub", { useDefaultPath: false, qs: "bearer_token=" + token });
So my issue was how to make OWIN recognize the token now it was no longer in the header.
After a number of searches, I ended up adding code that moved the token from the querystring into the header.
For my prototype, I just added a little code above the original line in StartUp.Auth.cs.
So, now it looked like this:
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new OAuthBearerAuthenticationProvider()
{
OnRequestToken = context =>
{
if (context.Request.Path.Value.StartsWith("/TestHub"))
{
string bearerToken = context.Request.Query.Get("bearer_token");
if (bearerToken != null)
{
string[] authorization = new string[] { "bearer " + bearerToken };
context.Request.Headers.Add("Authorization", authorization);
}
}
return Task.FromResult(context);
}
}
});
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
The code above is rough but this is a prototype so really I just wanted to see if it worked which it did.
**Finally getting to the question:**
Is this the right pattern for integrating bearer token authorization with SignalR and the OWIN pipeline.
I couldn't seem to find much good information on the right way to do this.