Clever Geek Handbook

Establishing a SignalR Connection Using a Self-Signed Certificate

I have my own WebAPI web service using a self signed certificate. I can successfully communicate with web service controller actions from other applications using the url:

https://localhost:5150/...

Note that I have successfully bound a self-signed certificate to port 5150 and have reserved a port for all IP addresses for my application using the appropriate netsh commands.

I am trying to integrate SignalR hub into this web service. I'm setting up a CORS-enabled hub using the following in my startup code:

// Configure the SignalR hub that will talk to the browser
        appBuilder.Map("/signalr", map =>
        {
            map.UseCors(CorsOptions.AllowAll);

            HubConfiguration hubConfig = new HubConfiguration();
            hubConfig.EnableDetailedErrors = true;
            hubConfig.EnableJavaScriptProxies = false;

            map.RunSignalR(hubConfig);
        });

I am starting my HTTP listener, which was also used for web API:

_webApp = WebApp.Start<Startup>(baseUrl);

where baseUrl

https://+:5150/.

My SignalR initialization code in my Angular controller:

var initialize = function () {

    //Getting the connection object
    connection = $.hubConnection("/signalr", { useDefaultPath: false });

    // Url signalr scripts should hit back on the server
    connection.url = ENV.SIGNALR.protocol + '://' + ENV.SIGNALR.server + ':' + ENV.SIGNALR.port + '/' + ENV.SIGNALR.url;

    // Turn on client-side logging
    connection.logging = ENV.SIGNALR.logging;

    // Get proxy based on Hub name (must be camel-case)
    proxy = connection.createHubProxy('dashboardHub');

    // Setup event handlers for messages we get from the server.
    proxy.on('rxDiagnosticMessage', function (msg) {
        //console.log('Received rxDiagnosticMessage');
        $rootScope.$broadcast("rx-diagnostic-message", msg);
    });

    //Starting connection
    connection.start()
        .done(function () { console.log('SignalR connection started'); })
        .fail(function (err) { console.log('SignalR connection failed - ' + err); });

    // Display errors to console
    connection.error(function (err) {
        console.log('SignalR error - ' + err);
    });
};

I get the following error when trying to connect to a hub:

15:04:43 GMT-0400 (Eastern Daylight Time)] SignalR: Auto detected cross domain url. jquery.signalR-2.1.0.js:81
[15:04:43 GMT-0400 (Eastern Daylight Time)] SignalR: Client subscribed to hub 'dashboardhub'. jquery.signalR-2.1.0.js:81
[15:04:43 GMT-0400 (Eastern Daylight Time)] SignalR: Negotiating with 'https://localhost:5150/signalr/negotiate?clientProtocol=1.4&connectionData=%5B%7B%22name%22%3A%22dashboardhub%22%7D%5D'. jquery.signalR-2.1.0.js:81
GET https://localhost:5150/signalr/negotiate?clientProtocol=1.4&connectionData=%5B%7B%22name%22%3A%22dashboardhub%22%7D%5D&_=1407524683014 net::ERR_INSECURE_RESPONSE jquery-2.1.1.js:8623
SignalR error - Error: Error during negotiation request. AppSignalR.js:43
SignalR connection failed - Error: Error during negotiation request. AppSignalR.js:39
[15:04:43 GMT-0400 (Eastern Daylight Time)] SignalR: Stopping connection.

Pay attention to net :: ERR_INSECURE_RESPONSE during SignalR connection negotiation.

Strange thing ... if I run Fiddler2 the connection works! (Does Fiddler serve as a good certificate for my web app / SignalR?)

I suspect this is due to the fact that the certificate is self-signed (certificate in personal, certificate in trusted). In WCF and WebAPI clients, I always catch permission errors and work around the error:

ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);

Is there something like this that needs to be done in the SignalR client in my Angular app? Or should this work?

Please note that I saw this thread - SignalR with a self-signed SSL and Self-Host still does not work for me.

+3


source to share


1 answer


You cannot use localhost with SSL, you need the absolute hostname in the URL.

Take a look at the ISSUED BY and ISSUED field in the certificate you created. ISSUED should be part of the "Trusted Publishers" list on your computer (the machine that accesses a web page using a browser), and ISSUED to be part of your URL.ie certificate is issued to you and you alone. So if your WINS field is "HOSTNAME.DOMAINNAME" where HOSTNAMe is the hostName of the machine and DomainName is the Domain of the machine that hosts the website, then you need to access your SITE using the same name ie.



Hope it helps.

-2


source






More articles:


All Articles