Get a token carrier from the header and / or query string in ASP.NET WebAPI 2

Reference Information:

I have an ASP.NET WebAPI project. I use media tokens to authenticate my users. Some of my actions with the controller are marked with a filter [Authorized]. On the client side, the client receives its token by calling http://foo.bar/Tokenand then adding this token as a header Authorizationto its requests.

There is no problem up to this point, and everything works with these settings in my class Startup.Auth.cs:

OAuthOptions = new OAuthAuthorizationServerOptions
{
    TokenEndpointPath = new PathString("/Token"),
    Provider = new ApplicationOAuthProvider(PublicClientId),
    AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
    AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
    // In production mode set AllowInsecureHttp = false
    AllowInsecureHttp = true                
};

// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);

Now I have added several SignalR hubs to my project, and I would also like to authenticate users in hubs. There are a few more questions that concern how clients can add a bearer token to the SignalR connection. Short description:

• : ajax, , API JS WebSocket .. "Long Polling". ( , )
• OAuth Provider . , . , Long Polling.

:

, , .

public class QueryStringOAuthBearerProvider : OAuthBearerAuthenticationProvider
{
    public override Task RequestToken(OAuthRequestTokenContext context)
    {
        var value = context.Request.Query.Get("access_token");

        if (!string.IsNullOrEmpty(value))
        {
            context.Token = value;
        }

        return Task.FromResult<object>(null);
    }
}

, :

var connection = $.hubConnection();
var hub = connection.createHubProxy('fooHub');
connection.qs = { 'access_token': myAccessToken};
// Init connection

, , QueryStringOAuthBearerProvider Startup.Auth.cs.

Startup.Auth.cs:

OAuthOptions = new OAuthAuthorizationServerOptions
{
    TokenEndpointPath = new PathString("/Token"),
    Provider = new ApplicationOAuthProvider(PublicClientId),
    AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
    AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
    // In production mode set AllowInsecureHttp = false
    AllowInsecureHttp = true                
};

// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);

// Enable the application to retrieve tokens from query string to authenticate users
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
    Provider = new QueryStringOAuthBearerProvider()
});

, :

• , WebAPI.
• , SignalR.

:

, , . WebAPI, System.InvalidOperationException, Sequence contains more than one element. , , -, OWIN .

:

-?

• ( ) WebApi
• QueryStringOAuthBearerProvider ( ) SignalR.

, WebApi, SignalR.