What are the possible ways to authenticate user when websocket connection is used?

Example scenario: Web based multi-user chat application through encrypted websocket connection. How can I ensure (or guarantee) that each connection in this application belongs to certain authenticated user and "can't be" exploited by false user impersonation during the connection.

SSL/TLS can be used to authenticate both client and server using X.509 certificates. It depends on the web application platform you are using. In apache the SSL_CLIENT_CERT environment variable can be checked for validity against a list of known certificates to be valid. This would not require the use of a full PKI, and would not require you to purchase certificates for each client. Although I recommend using a CA to back your server's ssl certificate.

If you're already doing authentication for the non-websocket part of your app, just pass the session cookie along as the first message after connecting and check the cookie as you normally would.

WARNING: It's been pointed out that the following doesn't work when flashsockets are used:
If you're using socket.io, it's even easier—the cookies are passed through automatically on connection, and can be accessed like the following:

var io = require('socket.io');
var socket = io.listen(app); 
socket.on('connection', function(client){ 
    cookies = client.headers['cookie'];
});