You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are currently using SignalR in default mode, and have set up a proxy endpoint for SignalR in API Management by following the instructions in this link: https://learn.microsoft.com/en-us/azure/azure-signalr/signalr-howto-work-with-apim. Additionally, we have added an extra endpoint in API Management for ServerEndpoint Websocket connection, which has a custom policy to replace the current Authorization header with API Management managed identity access token. This means that you only need to add the API Management managed identity to the "SignalR App Server" role, and anyone can connect as a server using the API Management proxy. The server authentication is happening in the API Management policy only.
However, the issue we are facing now is that the SDK is calling https://{name}.service.signalr.net/api/v1/auth/accessKey directly, instead of using the ServerEndpoint or ClientEndpoint proxy. As a result, the solution is failing to negotiate client connection requests.
Additionally, create a websocket API with a URL path of /server
AspNet Core Server Code:
services.AddSignalR(configure =>
{
configure.EnableDetailedErrors = true;
})
.AddAzureSignalR(option =>
{
option.Endpoints = new ServiceEndpoint[]
{
new ServiceEndpoint(new Uri("https://{name}.service.signalr.net"), new DefaultAzureCredential())
{
ClientEndpoint = new Uri("..."),
ServerEndpoint = new Uri("..."),
}
};
});
....
app.UseEndpoints(endpoints =>
{
endpoints.MapHub<MessageHub>("/messageHub");
});
Client Code:
_connectionBuilder = new HubConnectionBuilder();
_connection = _connectionBuilder
.WithUrl("http://localhost:5000/messageHub")
.WithAutomaticReconnect()
.Build();
Run the server and client solutions and attempt to establish a connection.
We will close this issue if:
Proxy https://{name}.service.signalr.net/api/v1/auth/accessKey using API Management ServerEndpoint or ClientEndpoint URL.
/api/v1/auth/accessKey should append to full proxy URL not just base URL
find any other solution to fix this issue
Exceptions (if any)
info: Microsoft.Azure.SignalR.AadAccessKey[3]
Succeed in authorizing AccessKey for 'https://{name}.service.signalr.net/'
crit: Microsoft.Azure.SignalR.ServiceRouteHelper[1]
Client negotiate failed: The given AzureAD identity don't have the permission to generate access token.
info: Microsoft.Azure.SignalR.AadAccessKey[3]
Succeed in authorizing AccessKey for 'https://{name}.service.signalr.net/'
info: Microsoft.Azure.SignalR.AadAccessKey[3]
Succeed in authorizing AccessKey for 'https://{name}.service.signalr.net/'
The text was updated successfully, but these errors were encountered:
ranjithsnair
changed the title
https://{name}.service.signalr.net/api/v1/auth/accessKey not proxied with ServerEndpoint property
https://{name}.service.signalr.net/api/v1/auth/accessKey not proxied with ServerEndpoint or ClientEndpoint properties
Jun 28, 2023
Describe the bug
We are currently using SignalR in default mode, and have set up a proxy endpoint for SignalR in API Management by following the instructions in this link: https://learn.microsoft.com/en-us/azure/azure-signalr/signalr-howto-work-with-apim. Additionally, we have added an extra endpoint in API Management for ServerEndpoint Websocket connection, which has a custom policy to replace the current Authorization header with API Management managed identity access token. This means that you only need to add the API Management managed identity to the "SignalR App Server" role, and anyone can connect as a server using the API Management proxy. The server authentication is happening in the API Management policy only.
However, the issue we are facing now is that the SDK is calling https://{name}.service.signalr.net/api/v1/auth/accessKey directly, instead of using the ServerEndpoint or ClientEndpoint proxy. As a result, the solution is failing to negotiate client connection requests.
To Reproduce
Follow the instructions provided in this Microsoft Azure SignalR tutorial: https://learn.microsoft.com/en-us/azure/azure-signalr/signalr-howto-work-with-apim.
Additionally, create a websocket API with a URL path of /server
AspNet Core Server Code:
Client Code:
Run the server and client solutions and attempt to establish a connection.
We will close this issue if:
Exceptions (if any)
Further technical details
<PackageReference Include="Microsoft.Azure.SignalR" Version="1.21.3" />
<FrameworkReference Include="Microsoft.AspNetCore.App" />
<PackageReference Include="Azure.Identity" Version="1.9.0" />
<PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.7" />
The text was updated successfully, but these errors were encountered: