Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using Forms Authentication auth cookie will never timeout #2907

Closed
moity opened this issue Feb 25, 2014 · 6 comments

Comments

@moity
Copy link

@moity moity commented Feb 25, 2014

Using SignalR with Forms Authentication (ASP.NET MVC4, SignalR 2.0.2.0) is it possible to have Pings and Reconnects not reissue the Auth cookie (set it's timeout further into the future)?

Basically, I want the Auth cookie to timeout (which it was doing until having SignalR in the solution).

I can see the Auth Cookie in the Response Headers being reissued on Ping and Reconnects.

I've read the documentation and searched extensively but found nothing around this - can it be done via configuration or a HubPipelineModule?

Any help appreciated.

@halter73

This comment has been minimized.

Copy link
Member

@halter73 halter73 commented Mar 4, 2014

The purpose of the ping is to ensure auth cookies are reissued. If you want to disable pings, try starting your connection with the pingInterval configured to null (meaning disabled):

$.connection.hub.start({pingInterval: null}).done(function () { /* ... */ });

Unfortunately, chances are that if you are using a transport other than WebSockets, SignalR will issue requests periodically anyway.

@halter73 halter73 closed this Mar 4, 2014
@moity

This comment has been minimized.

Copy link
Author

@moity moity commented Mar 4, 2014

I tried setting the pingInterval to null and found that there are still requests being issued as you stated so that was not a solution.

In the end I added an HttpModule to my application that looked at the request path and if signalr it clears any FormsAuthentication Cookie from the response ensuring that the auth cookie is not reissued and expires after user inactivity as before.

@SherleyDev

This comment has been minimized.

Copy link

@SherleyDev SherleyDev commented May 15, 2014

@moity Can you please post your solution? I need this feature too.

@moity

This comment has been minimized.

Copy link
Author

@moity moity commented May 22, 2014

My implementation has evolved a little but this is basically it (remember to register the module in your config, or via code):

public class SignalRFormsAuthenticationCleanerModule : IHttpModule
{
   public void Init(HttpApplication application)
   {
      application.PreSendRequestHeaders += OnPreSendRequestHeaders;
   }

   private bool ShouldCleanResponse(string path)
   {
      path = path.ToLower();
      var urlsToClean = new string[] { "/signalr/", "<and any others you require>" };

      // Check for a Url match
      foreach (var url in urlsToClean)
      {
         var result = path.IndexOf(url, StringComparison.OrdinalIgnoreCase) > -1;
         if (result)
            return true;
      }

      return false;
   }

   protected void OnPreSendRequestHeaders(object sender, EventArgs e)
   {
      var httpContext = ((HttpApplication)sender).Context;

      if (ShouldCleanResponse(httpContext.Request.Path))
      {
         // Remove Auth Cookie from response
         httpContext.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
         return;
      }
   }
}
@RavilMahmutov

This comment has been minimized.

Copy link

@RavilMahmutov RavilMahmutov commented Oct 8, 2018

My implementation has evolved a little but this is basically it (remember to register the module in your config, or via code):

public class SignalRFormsAuthenticationCleanerModule : IHttpModule
{
   public void Init(HttpApplication application)
   {
      application.PreSendRequestHeaders += OnPreSendRequestHeaders;
   }

   private bool ShouldCleanResponse(string path)
   {
      path = path.ToLower();
      var urlsToClean = new string[] { "/signalr/", "<and any others you require>" };

      // Check for a Url match
      foreach (var url in urlsToClean)
      {
         var result = path.IndexOf(url, StringComparison.OrdinalIgnoreCase) > -1;
         if (result)
            return true;
      }

      return false;
   }

   protected void OnPreSendRequestHeaders(object sender, EventArgs e)
   {
      var httpContext = ((HttpApplication)sender).Context;

      if (ShouldCleanResponse(httpContext.Request.Path))
      {
         // Remove Auth Cookie from response
         httpContext.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
         return;
      }
   }
}

Hi, where should i add it? in Startup.cs?

@moity

This comment has been minimized.

Copy link
Author

@moity moity commented Oct 8, 2018

It's an HttpModule so you register it like any other, in your web.config or via code, startup.cs will work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.