3

This question helped me fix a null Context.User value, but after fixing that, Context.User.Identity.Name is empty.

Here is what I see in the Immediate Window for Context.User.Identity:

{System.Security.Principal.WindowsIdentity}
    AccessToken: {Microsoft.Win32.SafeHandles.SafeAccessTokenHandle}
    Actor: null
    AuthenticationType: ""
    BootstrapContext: null
    Claims: {System.Security.Principal.WindowsIdentity.<get_Claims>d__95}
    CustomSerializationData: null
    DeviceClaims: Count = 0
    Groups: null
    ImpersonationLevel: Anonymous
    IsAnonymous: true
    IsAuthenticated: false
    IsGuest: false
    IsSystem: false
    Label: null
    Name: ""
    NameClaimType: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
    Owner: null
    RoleClaimType: "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid"
    Token: {0}
    User: null
    UserClaims: Count = 0

I am suspicious that IsAuthenticated: false has something to do with it, but my authentication is handled in a SalesForce wrapper, not via the typical FormsAuthentication.SetAuthCookie() code - I've searched my repo and we do not use SetAuthCookie anywhere. I am successfully authenticated based on what I see in my localhost web page.

What must be done to populate / get access to the Identity Name?

JacobIRR
  • 8,545
  • 8
  • 39
  • 68

1 Answers1

4

I think your suspicion is correct with regard to the IsAuthenticated property. If you are calling your hub (or web API) without any kind of token (OAuth/JWT), cookie, windows auth, etc, the Claims/Identity information will not be populated. Here's an overview of SignalR hub authentication/authorization. I've had success using the authorization filter (the one contained in Microsoft.AspNet.SignalR) on the Signalr hub, along with a Bearer token passed in on the call:

 var connection = new HubConnection("http://localhost:50042/signalr");
 connection.Headers.Add("Authorization", "Bearer " + token);

The authorization filter gets invoked very early on in the web api pipeline. The token will be decrypted and the Thread Principle/Identity will be set. However, this token was issued by my web api, so, it was able to be parsed.

I don't have any Salesforce experience, but, it sounds like your app setup is a bit different than what I recently did. I assume your application is authenticating against the SalesForce API. That token that comes back from Salesforce must then be used to authenticate/authorize calls against subsequent calls to the Salesforce API. However, you can't decrypt/parse that token to extract the claims (hopefully. otherwise that's not good).

Have you tried JWT with Salesforce (see here)? Or with Web API, utilizing external authentication (example here)? You can probably pass the JWT back and forth between your client and the .NET Web Api that I assume is hosting the signalr hub, and use a custom authorization filter to parse the JWT token to authorize the call to the hub/set the Identity (see this stackoverflow post for a start).

Hope this gets you rolling.

Philip Barile
  • 81
  • 2