Book Image

SignalR: Real-time Application Development - Second Edition

By : Einar Ingerbrigsten
Book Image

SignalR: Real-time Application Development - Second Edition

By: Einar Ingerbrigsten

Overview of this book

Table of Contents (19 chapters)
SignalR – Real-time Application Development Second Edition
Credits
About the Author
Acknowledgments
About the Reviewers
www.PacktPub.com
Preface
11
Hosting a Server Using Self-hosted OWIN
Index

Securing the hub


Since, by default, we have everything locked down, the hub is also protected. This means that going directly to the URL won't get you there. However, we will be explicitly securing the hub. SignalR comes with an attribute called Authorize, similar to the one you find in ASP.NET MVC and so on. There are other mechanisms for securing hubs, but we won't go into that in this book. To enforce that users need to be logged in, we can use the Authorize() attribute:

  • The Authorize() attribute can be used for both hubs and methods on a hub. It has a couple of options that can be passed to it, such as users and roles holding comma delimited required users and/or roles. However, it also has a property called RequireOutgoing that tells SignalR what direction it should be securing. By default, it is only incoming, but by setting it to true, it will become outgoing. We will set it to true, so that we secure both directions; by effectively making it impossible for anyone to consume messages...