Securing the hub

Since, by default, we have everything locked down, the hub is also protected. This means that going directly to the URL won't get you there. However, we will be explicitly securing the hub. SignalR comes with an attribute called Authorize, similar to the one you find in ASP.NET MVC and so on. There are other mechanisms for securing hubs, but we won't go into that in this book. To enforce that users need to be logged in, we can use the Authorize() attribute:

  • The Authorize() attribute can be used for both hubs and methods on a hub. It has a couple of options that can be passed to it, such as users and roles holding comma delimited required users and/or roles. However, it also has a property called RequireOutgoing that tells SignalR ...

Get SignalR - Real-time Application Development - Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.