search

Azure / azure-signalr

Azure SignalR Service SDK for .NET
https://aka.ms/signalr-service
MIT License
425 stars 100 forks source link

Azure SignalR Service is ignoring custom AuthorizeAttribute #419

Closed anilrp closed 5 years ago

anilrp commented 5 years ago

I am using .Net Framework 4.7.1 " and NOT .Net Core

public class AuthorizeClaimsAttribute : Microsoft.AspNet.SignalR.AuthorizeAttribute
{
        public override bool AuthorizeHubConnection(Microsoft.AspNet.SignalR.Hubs.HubDescriptor hubDescriptor, IRequest request)
        {
              ///some authorization code on bearer token provided by user
        }
}

Following is written in owin startup.cs file - 

            var hubConfiguration = new HubConfiguration();
            hubConfiguration.EnableDetailedErrors = true;
            hubConfiguration.EnableJavaScriptProxies = false;

            app.MapAzureSignalR(GetType().FullName, hubConfiguration);

MapAzureSignalR method is coming from Microsoft.Azure.SignalR.AspNet

And hub is having authorize attribute - 

    [AuthorizeClaimsAttribute]
    public class NotificationHub : Hub
    {
    }

.net Client code is here which trying connect to signalr hub - 

          _connection = new Microsoft.AspNet.SignalR.Client.HubConnection(url);
          _connection.Headers.Add("Authorization", string.Format("Bearer {0}", bearerToken));

Azure SignalR Service is ignoring AuthorizeClaimsAttribute on Hub and connecting client without authorizing it

vicancy commented 5 years ago

Reproed, should be a bug in https://github.com/Azure/azure-signalr/blob/dev/src/Microsoft.Azure.SignalR.AspNet/ServerConnections/ServiceConnection.cs#L135 that when Authorize fails, it throws and thus fails to close the client connection. image

@JialinXin Would you mind taking a look?

JialinXin commented 5 years ago

Sure. Will take this.