Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Azure App Service with Authentication/Authorization enabled failed because of redirect response
See original GitHub issueWe are using Azure SignalR and SignalR js library (1.0.0) in the client.
The backend is a ASP.Net Core Web APP deployed in a Azure App Service with Authentication/Authorization activated and configured to use the Azure AD for validation. We have deactivated CORS configuration in the AZURE portal as found here https://github.com/aspnet/SignalR/issues/2095. The negociation process is working when the Authentication/Authorization is deactivated. But is not working when it is activated.
The request being sent from localhost against the Web APP in Azure: OPTIONS https://app_host/hubName/negotiate HTTP/1.1 Host: app_host Connection: keep-alive Access-Control-Request-Method: POST Origin: http://localhost:5001 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Access-Control-Request-Headers: authorization,x-requested-with Accept: / Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
We get back a redirect: HTTP/1.1 302 Redirect Content-Length: 607 Content-Type: text/html; charset=UTF-8 Location: https://login.microsoftonline.com/redirect_uri Set-Cookie: Nonce=…; path=/; secure; HttpOnly X-Powered-By: ASP.NET Set-Cookie: ARRAffinity=…;Path=/;HttpOnly;Domain=app_host
When the Authentication/Authorization is deactivated we get the correct response and the further negotiation is working:
HTTP/1.1 204 No Content Vary: Origin Server: Kestrel Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: authorization,x-requested-with Access-Control-Allow-Origin: http://localhost:5001 Request-Context: appId=app_id X-Powered-By: ASP.NET Set-Cookie: ARRAffinity=…;Path=/;HttpOnly;Domain=app_host
This is how we use the JS client.
var connection = new signalR.HubConnectionBuilder() .withUrl('https://app_host/hub_name', { accessTokenFactory: () => validjwtToken}) .build();
The jwt token will be fetched by a separated request and is a valid Azure AD token.
Is there a way to fix the issue with the Authentication/Authorization sandbox? Or do we have to do the whole JWT validation logic in the backend application?
Issue Analytics
- State:
- Created 5 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I have implemented the Authorization according to the link you have send https://docs.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-2.1 with Azure SignalR and is working properly. The Azure Authentication/Authorization is disabled.
The browser still sends the OPTIONS before POST /negotiate and the backend does not respond with a redirect to OPTIONS but 204 No Content which is the expected behaviour.
So I guess it is an issue in the Azure Authentication/Authorization because it should just forward the OPTIONS request to the backend not handle it by itself.
There is another issue https://github.com/aspnet/SignalR/issues/2095 that recomends to disable the Azure CORS configuration in Azure Web App.
It’s a pity that Azure Web App settings are not compatible with the expectations of SignalR.
I am closing the issue as it is now work with Azure SignalR Service properly.