Using Single Sign-On for Securing Applications in ASP.NET Core/

...

/

Passing JWT from a SignalR Client

Passing JWT from a SignalR Client

Learn to secure SignalR hub with the JWT middleware.

We'll cover the following...

Unlike other communication technologies used by ASP.NET Core, SignalR can either use the OIDC authentication flow or a bearer token. The specific mechanism that SignalR will use will depend on the following factors:

  • It will use OIDC if the client is part of the UI that initiates the OIDC authentication flow and is hosted by the same web application as the SignalR hub.

  • It will use a bearer token if the client is hosted by a different application than the SignalR hub.

The following playground demonstrates how to configure security requirements for both authentication mechanisms:

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.SignalR;

namespace DemoApp;

[Authorize]
public class DemoHub : Hub
{
    public async Task BroadcastMessage(string message)
    {
        await Clients.All.SendAsync("ReceiveMessage", message);
    }
}
A seure SignalR hub with a JavaScript client

Note: Because we have to build two ASP.NET Core applications and populate the IdP database with the initial seed data, the build process is expected to take at least a few minutes.

If we launch the application, we will be taken to the IdP page ...