My MVC Website has a form authorization in web.config. Now all the page need to pass the authorization,so that they can be viewd.
But Now I have a console programe(C# console program).this programe need to send some message to SignalR Hub. But My signalR Hub is in my MVC Website,Now this C# console client can't send message to Signal Hub, Because My MVC Website has Form Authorization.
I want the console client doesn't need to be verified,but the pages in website need to be verified.
What Can I do with the website's web.config file???
<location path="signalr/send" >
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Home/pageone" >
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>-->
</system.web>
this way,I can only make the pageone not need verify,but it's not worked for signalR client program
there are my web.config file
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=301880
-->
<configuration>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<location path="Home/Index3" ><!--this way is working ,I can make the index3 page could be viewed with no authentication-->
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="signalr/send" > <!--this url is got by Request.Url.AbsoluteUrl in the hub class,but this way is not working-->
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="refreshhub/senditems" > <!--my hub is named as "RefreshHub" and the method the client revoked is "senditems", but this configuration is not working either-->
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<authentication mode="Forms"> <!--I give my website all page Form authentication-->
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<httpRuntime targetFramework="4.5" />
</system.web>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-5.2.0.0" newVersion="5.2.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.webServer>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
</configuration>
You are denying anonymous users, (allowing only authenticated users), and then allowing every one. Once an anonymous user is denied access, it will not see the next line of allow user. allow rule should come first.
Edited: I assume that your signalR hub , refreshhub, is in root. Then expression would be:
If the hub is in some folder say myfolder, then expression would be :
Location path is a resource such as page, image, folder etc. and not method (as far as I know).
For using authorization with specific methods in hub please see http://www.asp.net/signalr/overview/security/hub-authorization