I was playing with the open authentication in MVC5 and SignalR. I use a javascript client to call a simple server method on SignalR and receive a reply from Server. It works well, but if I add the [Authorize] tag, it does not even call the server method (did not get any response while debugging).

My assumption was the server will use the Authentication mechanism to challenge the client. Am I missing anything? Do I have to manually authenticate the user from the client side and if so how do I pass the authentication token?

Here's my hub:

    [HubName("authChatHub")]
    public class AuthChatHub : Hub
    {
        [Authorize]
        public void Ping()
        {
            Clients.Caller.Pong("Connection is FINE!!");

            Clients.Caller.Pong(Context.User == null 
              ? "Null user" 
              : Context.User.Identity.IsAuthenticated.ToString());
        }
    }

Here's my Startup.Auth.cs

    public void ConfigureAuth(IAppBuilder app)
        {
           app.UseGoogleAuthentication();
        }

Here's the Startup.cs, using the code to enable CORS.

public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureAuth(app); //added this after a suggestion here, not sure if this is the right place. 

            app.Map("/signalr", map =>
            {
                map.UseCors(CorsOptions.AllowAll);
                var hubConfiguration = new HubConfiguration
                {
                    // EnableJSONP = true //empty for now
                };

                map.RunSignalR(hubConfiguration);
            });
        }
    }

And finally this client side code calls the hub method and listens to the server RPC.

this.sendMessage = () => {
            this.authChat.server.ping();
        };
this.authChat.client.pong = (message) => { console.log(message); };

You have to use Forms or windows authentication as you would use is any other asp.net application. Once you are authenticated your calls would work in the same way as they did before you putting [Authorize]attribute on the hub.

SignalR does not itself deal with authentication.

You will have to authenticate first then send the token to server, I think this link can help you achieve what you want to do.

you can add your authentication token into the querystring which will be passed into server when java script client initial the connection to signalr server.

client side: connection.qs = { 'Token' : 'your token string'};

server side: var Token = IRequest.QueryString["Token"];

You can use Bearer Token to authenticate and then track the authenticated user using a Cookie. Then, your SignalR requests will contain the cookie and SignalR stack will recognize the user and handle all your [Authorize] configurations

There is a sample here

The Authorize attribute specified in the hub method will make it available only to authenticated users.

When you apply the Authorize attribute to a hub class, the specified authorization requirement is applied to all of the methods in the hub

http://www.asp.net/signalr/overview/signalr-20/security/hub-authorization