Signalr User never shows authenticated

Question

Added the latest SignalR (6.0.3) to my .net 6 API. Everything works there until I try to grab the user identity - it is always unauthorized. I'm really just trying to get a claim from the token, so maybe I'm looking in the wrong place.

• The entire setup is localhost API supplying localhost Vue3 SPA.
• Authorization works as intended for all API controller actions, following this tutorial.
• SignalR Hub communicates as intended with front-end otherwise - receiving and sending.
• The SignalR Hub app.MapHub<ChatHub>("/chat"); is the last line in Program.cs before app.Run();
• I tried updating the connection from front-end to include accessTokenFactory function, and I can confirm token is correctly supplied here. However, this should not be necessary with cookie authentication.

In my SignalR hub class is a simple method for getting a particular claim: (the code is rough, just trying to get it to work)

public int GetPlayerId()
{
    int id = 0;
    try
    {
        var identity = (ClaimsIdentity)Context.User.Identity;
        id = Int32.Parse(identity.FindFirst("playerId").ToString());
    } catch (Exception ex)
    {
        return 0;
    }
    return id;
}

Context.User looks like this regardless of what I do:

I'm not sure where to even begin to debug, as authorization is working as intended across the entirety of the application otherwise. That would seem to point to a SignalR issue, but the few posts I could find about this were mostly severely outdated and made no discernable impact. According to the documentation, this should "just work" with the application's existing authorization.

Any insight on what to check into or additional details to provide is deeply appreciated.

---

Edit: Additional information

Adding the [Authorize] decorator to my hub class itself does not appear to work. I am able to send and receive regardless. Authorization continues to work as intended elsewhere.

Answer 1

The JwtMiddleware from the affore-linked authentication scheme did not affect the Context object of the SignalR hub.

Instead of just the accountId, I took the validated JWT token and added an identity to the HttpContext User. This is probably not perfect but I hope it help someone in the future:

    var jwtToken = jwtUtils.ValidateJwtToken(token);
    if (jwtToken != null)
    {
        int? accountId = int.Parse(jwtToken.Claims.First(x => x.Type == "id").Value);
        if (accountId != null)
        {
            // attach account to context on successful jwt validation
            context.Items["Account"] = await dataContext.Accounts.FindAsync(accountId);
            context.User.AddIdentity(new ClaimsIdentity(jwtToken.Claims));
        }
    }