ASP.Net Core 3.0 SignalR WebSocket connection failure

[khteh]

If you believe you have an issue that affects the security of the platform please do NOT create an issue and instead email your issue details to secure@microsoft.com. Your report may be eligible for our bug bounty but ONLY if it is reported through email.

Describe the bug

A clear and concise description of what the bug is.
I follow the tutorial in https://docs.microsoft.com/en-us/aspnet/core/tutorials/signalr?view=aspnetcore-3.0&tabs=visual-studio-code and fails to establish WebSocket connections. My same application works very well when using ASP.Net Core 2.2.
In Startup.cs:
ConfigureServices:

            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(configureOptions =>
            {
                    OnMessageReceived = async (context) =>
                    {
                        if (context.Request.Path.StartsWithSegments("/chatHub"))
                        {
                            string accessToken = context.Request.Query["access_token"];
                            if (string.IsNullOrEmpty(accessToken) && context.Request.Headers.ContainsKey("Authorization"))
                            {
                                accessToken = context.Request.Headers["Authorization"];
                                accessToken = accessToken.Split(" ")[1];
                            }
                            if (!string.IsNullOrEmpty(accessToken))
                                context.Token = accessToken;
                        }
                    }
             };
         });

Configure():

app.UseWebSockets();

In chat.js:

var connection = new signalR.HubConnectionBuilder().withUrl(pathBase+"/chatHub", {
    skipNegotiation: true,
    transport: signalR.HttpTransportType.WebSockets,
    accessTokenFactory: () => token
}).configureLogging(signalR.LogLevel.Trace).build();

When I set the skipNegotiation to true, this is what I get:

and the OnMessageReceived event is NEVER triggered with the /chatHub path.

When I set the skipNegotiation to false, this is what I get:

and the OnMessageReceived event IS triggered with the /chatHub path.

When I leave out the skipNegotiation and transport options but only set the accessTokenFactory, this is what I get:

and the OnMessageReceived event IS triggered with the /chatHub path.

To Reproduce

Steps to reproduce the behavior:

1. Using this version of ASP.NET Core '...' 3.0
2. Run this code '....'
3. With these arguments '....'
4. See error

Expected behavior

A clear and concise description of what you expected to happen.
Is there anything change in 3.0 SignalR? The same application is running with 2.2.

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.
Include the output of dotnet --info

$ dn --info
.NET Core SDK (reflecting any global.json):
 Version:   3.0.100
 Commit:    04339c3a26

Runtime Environment:
 OS Name:     ubuntu
 OS Version:  19.04
 OS Platform: Linux
 RID:         ubuntu.19.04-x64
 Base Path:   /usr/share/dotnet-3.0.100/sdk/3.0.100/

Host (useful for support):
  Version: 3.0.0
  Commit:  7d57652f33

.NET Core SDKs installed:
  3.0.100 [/usr/share/dotnet-3.0.100/sdk]

.NET Core runtimes installed:
  Microsoft.AspNetCore.App 3.0.0 [/usr/share/dotnet-3.0.100/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 3.0.0 [/usr/share/dotnet-3.0.100/shared/Microsoft.NETCore.App]

To install additional .NET Core runtimes or SDKs:
  https://aka.ms/dotnet-download

[davidfowl]

Do you have server side logs?

[khteh]

@davidfowl here is the server log as seen from the bash console:

14:46:41 [Information] () Executing ContentResult with HTTP Response ContentType of "application/json"

14:46:41 [Information] () Executed action "Web.Api.Controllers.AuthController.Login (Web.Api)" in 3212.1232ms

14:46:41 [Information] () Executed endpoint '"Web.Api.Controllers.AuthController.Login (Web.Api)"'

14:46:41 [Information] () Request finished in 3285.77ms 200 application/json

14:46:41 [Information] () Request starting HTTP/2 POST https://localhost:5000/chatHub/negotiate text/plain;charset=UTF-8 0

14:46:41 [Information] () {"Method":"POST","Scheme":"https","PathBase":"","Path":"/chatHub/negotiate","LocalIP":null,"IP":"::1","Host":"localhost:5000","ContentLength":0,"ContentType":"text/plain;charset=UTF-8","QueryString":"","Protocol":"HTTP/2","X_Forwarded_For":null,"X_Forwarded_Proto":null,"X_Forwarded_Host":null,"X_Original_For":null,"X_Original_Proto":null,"X_Original_Host":null}

14:46:41 [Information] () Successfully validated the token.

14:46:41 [Information] () Authorization was successful.

14:46:41 [Information] () Executing endpoint '"/chatHub/negotiate"'

14:46:41 [Information] () Executed endpoint '"/chatHub/negotiate"'

14:46:41 [Information] () Request finished in 121.1175ms 200 application/json

14:46:41 [Error] () HTTP/2 over TLS was not negotiated on an HTTP/2-only endpoint.

[khteh]

I have found out the root cause. It's the Kestrel Protocols configuration. Adding Http1 works:

"Protocols": ["Http1", "Http2"]

So, what's wrong with Http2 only which is seen as an error in the server console log in my previous post?

[davidfowl]

There's no websockets over HTTP/2 as yet. That's not an ASP.NET Core thing, it's an HTTP/2 and browsers thing.

[khteh]

Ah...no, no no. It's due to syntax error in my configuration:
WRONG and resulted in the error and therefore this "bug" ticket:

"Protocols": "Http2"

This WORKS!

"Protocols": ["Http2"]