Authenticating SignalR Hubs in a Blazor Server app

I’m trying to secure a SignalR hub in an Blazor Server app and can’t find any end to end examples of this.

I have configured the app in the startup with AddAuth0WebAppAuthentication and WithAccessToken.

A token is being picked up in the request to the SignalR hub from the component that builds the Hub connection and I’m setting the AccessTokenProvider with that access token from Auth0

Whenever the Hub connection tries to connect to the apps hubs, it throws a 401 Unauthorized.

The hubs work correctly when I remove the authorise attribute from them. Have tried this using the ASP.NET JWT setup too, but still get the same error.

Normal authorisation works fine

Hey Statto1974, were you ever able to figure out a solution for this? I am running into the exact same situation. When I remove the [Authorize] header from the hub, it will work, however it is in an unauthorized state in the hub so I have no ability to see the currently logged in user or their claims.

Your post is the only one (after days of googling around and asking chat gpt) that is identical to what I’m facing.

I am facing exactly the same issue although I have only AddAuth0WebAppAuthentication() call in the startup. After setting the log level to Debug in server, I notice the following info:

dbug: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[9]
      AuthenticationScheme: Cookies was not authenticated.
dbug: Microsoft.AspNetCore.Authorization.AuthorizationMiddleware[0]
      Policy authentication schemes  did not succeed

No idea how to fix this though. @andrea.chiarelli do you have any idea on this?

Hi @ozdmro,
I’m not familiar with SignalR Hubs, so bear with me if I make a trivial suggestion :slightly_smiling_face:

Did you handle the onMessageReceived event as suggested here?

No, I did not. But is it possible to combine AddAuth0WebAppAuthentication() with AddJwtBearer()? :thinking:

The auth setup for my case just looks like:

        services.AddAuth0WebAppAuthentication(options =>
            options.Domain = builder.Configuration["Auth0:Domain"];
            options.ClientId = builder.Configuration["Auth0:ClientId"];

The example shown in Microsoft documentation combines ASP.NET Core Identity with the JWT Bearer middleware, if I’m not wrong. So, I would try.
Again, I’m not familiar with SignalR Hubs so maybe this could not be the best way to do this.