Authorizing requests on a Hub
In real-world applications, one of the most common concerns we have to deal with is recognizing our users and granting or denying rights to perform actions. The first part is normally called the Authentication process, and it has to do with the steps necessary to ensure the identity of a user. SignalR does not offer any feature for that because it delegates the task to the hosting environment, whether that is ASP.NET or a self-host application. The second component of our concern is the Authorization process, which assumes the user has already been authenticated and uses his/her identity to decide what the user can or cannot do. In this case, SignalR offers a couple of mechanisms to deal with it: one specific to Hubs and another one for persistent connections in general. We'll see both of these in this and the next recipe, in the context of ASP.NET web applications, while the following one will illustrate the necessary basic steps to enable the authentication...
