Question about SignalR
I am connecting to websocket server using url with query data of group name to which user want to connect to: https(:)//localhost:5001/hubs/groups?groupName=${groupName}. On connection I make sure that group exists in database and userhave access to this group. Is it save to assume valid data, so every time client invokes method, to skip the part of checking in database that group name is valid?
35 Replies
I think so. This parameter can only change when a new http request to initialize the websocket is send so it can't change while the connection is alive.
I thought so too but its better to ask, thank you @Suiram1
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
Well, I do xD
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
I mean in the newest version
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
It works fine but I am learning it but if it works, it works
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.MapHub<GroupHub>("hubs/groups");
app.Run();
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
No no, not inside there, I mean in other functions
That user can invoke when he is connected
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
Sqlite D:
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
Naming may be a little confusing, Group is my own Entity, Group can have Users - Members in it
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
I didnt intend to use SignalR to begin with, I went into it after I felt I feel confident enough to try it
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
Then I learned about groups in there
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
So i felt as well I am mixing it too much
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
All I was afraid for now was if someone could trick signalr somehow to for example log in into user who have access to "group" X, connect to websocket , then swap "group" name in query into name of a "group" he does not belong to. If not I would only check everything on connection otherwise on every method user invokes
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
Okay :sadge:
Thank you, you told me a lot
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
You will get angry but he has to in my case xD Its fault of my naming, group right now as it is named in my code in more of a Room, user can have access to many rooms, for example there are Rooms: "Gardening", "Cars", "Coding". User connecting to websocket can joint either of those and has to specify which one he wants to join, thats why there is query ?groupName in url
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
I am familiar
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View
Okay, I believe I will do better next time :sadge:
Thank you, really, for a lot of your time
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View