Clever Geek Handbook

How do I make the signalr client avoid authentication?

My MVC website has form authorization in web.config. All pages must now be authorized to be viewed.

But now I have a console program (C # console program). This program should send a message to the SignalR Contactor. But My signalR Hub is on my MVC website, now this C # console client cannot post to the signal hub, Since my MVC website has form authorization.

I want the console client to not need validation, but the pages on the website should be validated.

What can I do with the web.config website?

<location path="signalr/send" >
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Home/pageone" >
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="2880" />
    </authentication>
    <authorization>
      <deny users="?"/>
      <allow users="*"/>
    </authorization>-->
</system.web>

this way I can only make page validation unnecessary, but it didn't work for the signalR client program

there is my web.config file

<?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=301880
  -->
<configuration>


  <appSettings>

    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>

  <location path="Home/Index3" ><!--this way is working ,I can make the index3 page could be viewed with no authentication-->
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="signalr/send" >  <!--this url is got by Request.Url.AbsoluteUrl  in the hub class,but this way is not working-->
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
   <location path="refreshhub/senditems" >  <!--my hub is named as "RefreshHub" and the method the client revoked is "senditems",  but this configuration is not working either-->
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <authentication mode="Forms">  <!--I give my website all page Form authentication-->
      <forms loginUrl="~/Account/LogOn" timeout="2880" />
    </authentication>
    <authorization>
       <deny users="?"/>
      <allow users="*"/>
    </authorization>
    <httpRuntime targetFramework="4.5" />
  </system.web>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-5.2.0.0" newVersion="5.2.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <system.webServer>
    <handlers>
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
  </system.webServer>
</configuration>
+3


source to share


1 answer 


<deny users="?"/>
<allow users="*"/>

You disallow anonymous users (only allow authenticated users) and then allow them. Once the anonymous user is denied access, he will not see the next line allow user. allow rule must come first.

Edited: I am assuming your signalR hub, refreshhub, is at the root. Then the expression will be:

<location path="refreshhub.vb " > (or  <location path="refreshhub.cs">)


If the hub is in some folder, say myfolder, then the expression would look like this:

 <location path="myfolder/refreshhub.vb" >

The location path is a resource like page, image, folder, etc., not a method (as far as I know).

For using authorization with specific methods in a hub please see http://www.asp.net/signalr/overview/security/hub-authorization

+1


source






More articles:


All Articles