passing userId in Hub of SignalR

Question

Greeting..!, I am making a asp.net chat webApplication using SignalR were I want to keep track of every user and store there actions is database. I use userId to keep track of them. My problem is that I don't want to pass confidential data(like userId) from client form to signalR hub.And I know SignalR hub class does not support sessions. so how can I do that.

I am new to signalR and I googled a lot about this problem but couldn't find any simple answer.

Answer 1

You have different ways to map your userId and the connectionId. Take a look at this tutorial on asp.net

Answer 2

SignalR supports different ways to authenticate and authorize users:

• Cookie
• Windows authentication
• Certificate
• Connection header

You can find more information about SignalR and security here:

http://www.asp.net/signalr/overview/signalr-20/security/introduction-to-security

Keep in mind that even though some info might be transferred, there is often an abstraction that does not really let someone map a user to a token or vice versa on anything else than the server.

Authentication and authorization is only a small part of security which goes further by using SSL and to carefully think what you transmit as you already said., etc.

But on some point you need a link between relevant information on your server side application and the caller. This might be a session identified by the cookie after a classic forms based authentication, an hash based header or whatever you want to create. SignalR is flexible so you could think about something like authentication against a different system and pass only a delegation token.