Handling JWT Claims with Azure SignalR Service

Sequeria Fu 20 Reputation points
2024-11-20T15:51:25.42+00:00

There appears to be limited engagement on the GitHub issues page: https://github.com/azure/azure-signalr/issues.

A project is utilizing the SignalR service with the following setup:

using ClientResultSample; 
using Microsoft.AspNetCore.SignalR; 

var builder = WebApplication.CreateBuilder(args); 

// Add services to the container. 
builder.Services.AddRazorPages(); 
builder.Services.AddSignalR(o => { 
    o.MaximumParallelInvocationsPerClient = 2; 
}).AddAzureSignalR("<connection-string>"); 

var app = builder.Build(); 

// Configure the HTTP request pipeline. 
if (!app.Environment.IsDevelopment()) { 
    app.UseExceptionHandler("/Error"); 
    // The default HSTS value is 30 days. 
    // The default might need to change for production scenarios: 
    // https://aka.ms/aspnetcore-hsts 
    app.UseHsts(); 
} 

app.UseHttpsRedirection(); 
app.UseStaticFiles(); 
app.UseRouting(); 
app.UseAuthorization(); 

app.MapHub<ClientResultHub>("/chat"); 
app.MapRazorPages(); 
app.MapGet("/get/{id}", async (string id, IHubContext<ClientResultHub> hubContext) => { 
    return await hubContext.Clients.Client(id).InvokeAsync<string>("GetMessage", default); 
}); 

app.Run();

There is a concern regarding the propagation of claims from an incoming JWT token to an access token for SignalR, which seems to be a limitation.

Additionally, for the Standard pricing plan, there is a limit of 1k. What are the options available to increase this limit without upgrading to the premium level?

Azure SignalR Service
Azure SignalR Service
An Azure service that is used for adding real-time communications to web applications.
153 questions
{count} votes

Accepted answer
  1. ajkuma 27,871 Reputation points Microsoft Employee
    2024-11-27T18:29:32.01+00:00

    Sequeria Fu, Adding to Bruce's suggestions.

    Currently, the default value of JWT token's lifetime is 1 hour.

    For security concerns, extend TTL isn't encouraged. The approach that you could follow - adding reconnect logic from the client to restart the connection when occurs. When the client restarts the connection, it negotiates with app server to get the JWT token again and get a renewed token.

    As outlined in the doc, by default, claims from context.User.Claims are included when generating a JWT access token for Azure SignalR Service (ASRS). This ensures that the claims are preserved and can be passed from ASRS to the Hub when the client connects.

    However, in some cases, context.User.Claims may contain a lot of information intended for the app server, much of which is not needed by the Hubs but is used by other components.

    As Bruce suggested, you need to scale out for additional connections, checkout the steps outlined in the doc: How to scale an Azure SignalR Service instance?


1 additional answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 69,121 Reputation points
    2024-11-20T16:07:29.7133333+00:00

    See docs for mapping claims

    https://learn.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-9.0

    1K is the max connections for any tier. if you need more, you will need a scale out solution (using more than one signal/r service).

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.