Introduction

Securing the applications is very important, especially if they are accessible via a network we don’t have control over, such as the public internet. Without security, anyone can connect to our application, including someone up to no good. This may result in a catastrophic failure that our business might not then be able to recover from.

This chapter will look at how to protect our SignalR endpoints. We will start by looking at restricting our application to only being accessible by clients from specific domains. Then, we'll set up a single sign-on system, allowing us to apply user authentication and authorization on SignalR endpoints. The chapter will explain the difference between authentication and authorization, and we'll learn how to integrate them with SignalR.

The chapter consists of the following topics:

• What is CORS and why it’s important?

• Setting up a single sign-on provider.

• Applying authentication in SignalR.

• Applying authorization in SignalR.

• Client authentication.

• Client authorization.

By the end of this chapter, we'll have learned how to secure our SignalR endpoints by preventing unauthorized clients from accessing them. We'll also learn how to secure individual hub endpoints and the entire SignalR Hub.