Use the ASP.NET Membership in a SignalR chat (with an ASP.NET MVC 4 Application)

Today, I had a look at a simple tutorial about SignalR which made me create a simple chat using SignalR.

The chat ask the user to give a pseudonym that will be used on the chat, then allows the user to enter messages and to receive other users messages.

After I completed the tutorial, I wished to use the already existing ASP.NET Membership from the Internet ASP.NET Application template which was used to create the chat in the tutorial.

I’ll explain the few steps I’ve done to achieve this.

First of all, follow this tutorial to get the basic chat :
Tutorial: Getting Started with SignalR and MVC 4 (C#)

Once it works, let’s add our changes to use the ASP.NET Membership instead of asking the user to choose his pseudonym.

I opened the HomeController to add a few membership annotations so that the user will still be able to access the basics actions methods without having to be identified, but the Chat action method will require him to be identified.

Add these annotations to the HomeController class :

[Authorize]
[InitializeSimpleMembership]

Then add this annotation to the Index, About and Contact action methods : [AllowAnonymous]

Your HomeController class should look like this :

When it is done, you could try to access the /Home/Chat Url in your browser, it will ask you to register or to login (except if you are already registered) but the Chat is still asking you for a pseudonym to use on it.

So let’s edit the Chat.cshtml view to use the name of the logged user instead of asking him to give one. We will then modify the value of the displayname hidden field like this :

<input id="displayname" type="hidden" value="@User.Identity.Name" />

Then in the JavaScript code below (in Chat.cshtml) we’ll comment the line where the user pseudonym was asked :

// We do not ask for a pseudonym as we are using the name of the user
//$('#displayname').val(prompt('Enter your name:', ''));

If you launch the application, the chat won’t ask you for a pseudonym and will correctly use the name of the logged user. That’s great but yet it is quite easy to edit the value of the displayname hidden field to use another pseudonym (e.g. to speak in the name of somebody else).

Don’t worry about it, we’ll fix it !

To achieve this, I’ve choosen to create some kind of token verification to forbid the user to change his name in the displayname hidden field.

To do this, I’ve created two new classes to help me work with tokens and md5 hashes. So let’s add a new Helpers folder in our projet and add these two classes in it :

So basically, the MD5Helper class will help us to hash a string or to verify if a string matches a given hash. And the TokenHelper class will help us to generate an hash for a user’s name and to verify if a given hash is correct for a given name.

Don’t forget to edit the GetToken method in TokenHelper.cs to use some kind of randomness of your own so that the malicious user won’t know what you are using to generate the hash (otherwise he will be able to generate a new hash for any user’s name that he wants to use.

Now that we can generate a hash for a user name, let’s add this hash to the dynamic variable ViewBag.Token in the Chat action method in HomeController.cs

And to allow JavaScript to give this hash to the server method Send, we’ll add a new hidden field with the id token and edit the JavaScript of the Chat.cshtml view to give this hash to the Send server method.

Add an hidden field which will contain the hash to the Chat.cshtml view (e.g. after the displayname hidden field) :

<input type="hidden" id="token" value="@ViewBag.Token" />

And edit the JavaScript code of the Chat.cshtml view to give a third parameter (the hash) to the Send server method :

Don’t forget to edit the ChatHub.cs Send method signature to accept this new hash parameter :

public void Send(string name, string message, string token)

Test if the chat is still working, if yes, there is one last step to do : verify if the received hash in the Send method of the ChatHub.cs matches the expected hash for the received the name.

Just add theses lines on the top of the Send method in ChatHub.cs :

Great, with this small code, if the received hashed token don’t match the expected hash for the received name, we will print an error message in the user’s chat (only the caller) and we won’t send his message to other users.

Test your chat, everything should be working fine, try to edit the displayname hidden field (hit F12 in Internet Explorer to edit the DOM) and you’ll see that you receive the error message when you try to send a message if you have modified the displayname hidden field.

Just in case, here is the full working Visual Studio 2012 solution :
SignalRChat using ASP.NET Membership user name – Visual Studio 2012 Solution

Update : There is a post on the MSDN Blogs that speak about User Identity and SignalR, follow the link SignalR and user identity (authentication and authorization)

Building an ASP.NET MVC remote web in a Sharepoint Cloud-hosted App

I know there is already a great article on iLove SharePoint about this, but since it is nearly one year old and because the process as been simplified a lot in the latest updates of Visual Studio 2012, I’ll retake this subject here.

For my article, I’ll use an Autohosted App but the process is nearly the same for a Provider-hosted App.

So let’s start by creating a new App for SharePoint 2013 project, I’m not sure wether the remote web is now supporting .NET Framework 4.5, but if you don’t plan to use .NET Framework 4.5 new features, you’d better select the .NET Framework 4 on the top of the new project window (or try with .NET Framework 4.5 and you’ll see if it works) !

2013-06-07-18_08_46-new-project2

Then you’ll be prompted to specify the name of your App, your SharePoint site, and that is an Autohosted App.

It may take a few seconds to create all that stuff but you should end with something like that (a SharePoint App project and the remote web project).

2013-06-07-18_13_52-gobbeapp-microsoft-visual-studio

Let’s add an ASP.NET MVC 4 Web Application by right clicking on the solution name (highlighted in blue in the screenshot just above), select the Add menu and hit the first entry :New Project…

2013-06-07-18_17_13-add-new-project

You’ll be asked to select a project template, to start with something easy but still clean I’ll select the Basic project template with the Razor View Engine (you may create a test project but it isn’t required).

Once the new ASP.NET MVC 4 Web Application project is created, in the Solution Explorer, click on the SharePoint App (cf. red frame in the screenshot below) and change the associated Web Project in the properties window (if you don’t see the properties window, it is the penultimate entry in the View menu) to select our newly created ASP.NET MVC 4 project.

2013-06-07-18_21_36-gobbeapp-microsoft-visual-studio

Visual Studio will prompt you with a dialog box, just answer yes because it will add all the SharePoint stuff we need to work with SharePoint in our ASP.NET MVC 4 remote web !

2013-06-07-18_21_13-microsoft-visual-studio

Now that the new remote web is selected, you may delete the old remote web project (in my case, GobbeAppWeb).

And it’s done ! You may now start by adding a Controller and a View to the ASP.NET MVC 4 remote web project to print something cool. But don’t forget to double click on theAppManifest.xml to edit the Start Page on your remote web (e.g. if you have a Controllernamed HomeController with an Action method Index(), you may just add /Home/ to the existing Start Page).

2013-06-07-18_35_05-gobbeapp-microsoft-visual-studio

If you need it, here is a basic HomeController sample and the associated Index view.

Final result :

2013-06-07-18_42_52-index

If you plan to have multiple controllers and/or action methods, I strongly advise you to use the small ContextHelper I’ve wrote in a previous post : ContextHelper post. It will help you to use the ClientContext through multiple pages without having to give the Standard Tokens to every link of every action method.

Finally, if you want to have the SharePoint look and feel (also called the SharePoint Chrome Control), just have a look at the second part (“Add SharePoint Look and Feel to the App”) of this article on the iLove SharePoint blog.

If you want to download the Visual Studio project I created (and tested) to write this post, just hit the link below. If you plan to deploy it, don’t forget to change the Web Project property in the properties window of the SharePoint App project to put your SharePoint site in (hit F4 while the SharePoint App project is selected and enter your SharePoint site URL in the Site URL property, like this : https://mysite.sharepoint.com/ ).
https://dl.dropboxusercontent.com/u/7354651/GobbeApp.zip