1

Hi all: I'm programming a C# based SignalR client that interacts with a SignalR server behind a IIS server requiring Forms authentication. Based on the user credentials, the server returns both a persistent and not persistent ticket with a expiration time of, say, 30 minutes (no sliding expiration is used by security matters).

In the client side I get the ticket and I can see that, when using the right user, it is marked as persistent though it comes with a expiration date 30 minutes older than the creation date. I assign the cookie to the HubConnection (using CookieContainer.Add method) and everything works right until the ticket expires.

Even being persistent, when the ticket expires it becomes removed from the HubConnection CookieContainer and I'm not able to connect again to the server until I create a brand new connection with a fresh ticket.

UPDATE

After carefully debugging the problem, it seems that the persistent tickets are not properly handled by IIS7 and IIS8 servers: Though they are generated as persistent (the property FormsAuthenticationTicket.IsPersistent is true) they come with expiration date (the property FormsAuthenticationTicket.Expiration contains the result of adding the ticket timeout to the FormsAuthenticationTicket.IssueDate property) and in fact they expire after the ticket timeout, so every SignalR hub method invocation returns an Unathorized (HTTP code 401) error. This is the web.config configuration being used:

<system.web>
    <authentication mode="Forms">
        <forms loginUrl="Auth/Ticket.aspx" defaultUrl="/" slidingExpiration="false" timeout="30"/>
    </authentication>
</system.web>

I've tried some solutions explained here and here with no luck.

Community
  • 1
  • 1
Vicente Gavara
  • 11
  • 2
  • I am not sure if this is going to work but have you tried re-authenticate in `OnReconnecting` and update the cookie accordingly? – Pawel May 20 '15 at 19:03
  • Well, not exactly. What I'm doing to bypass the problem is a process similar to that applied to hubs not using persistent cookies: Since the connection process is long in terms of time, instead of waiting until the connection becomes broken I renew the ticket before it expires and I add the renewed ticket to the hub. This process works right but what is dissapointing to me in some way is that the persistent nature of tickets was not taken into consideration by the hub. Thanks Pawel. – Vicente Gavara May 21 '15 at 07:40
  • Hello @VicenteGavara, I´m expecting the same behaviour as you described. When you said that 'renews the ticket and add it to the hub', does it means that you are closing the old connection and creating a new one to that hub? Thanks! – regisxp Jul 19 '15 at 15:06
  • Hi regisxp: It's not necessary to create a new connection when the ticket is renewed, just replace the old by the new one in the connection object by invoking its CookieContainer.Add() method.I don't know the exact name of the method in the Java libraries (in the case you were using them) but the dynamics is the same there: no need of creating a new connection, just update the cookie in the current one. – Vicente Gavara Jul 21 '15 at 06:36

0 Answers0