Add warning if user changes during Stateful Reconnect (#50059)

Author: BrennanConroy

src/SignalR/clients/csharp/Client/test/FunctionalTests/HubConnectionTests.cs

@@ -2666,6 +2666,78 @@ public async Task CanReconnectAndSendMessageOnceConnected()
         }
     }
 
+    [Fact]
+    public async Task ChangingUserNameDuringReconnectLogsWarning()
+    {
+        var protocol = HubProtocols["json"];
+        await using (var server = await StartServer<Startup>())
+        {
+            var websocket = new ClientWebSocket();
+            var tcs = new TaskCompletionSource(TaskCreationOptions.RunContinuationsAsynchronously);
+
+            var userName = "test1";
+            var connectionBuilder = new HubConnectionBuilder()
+                .WithLoggerFactory(LoggerFactory)
+                .WithUrl(server.Url + "/default", HttpTransportType.WebSockets, o =>
+                {
+                    o.WebSocketFactory = async (context, token) =>
+                    {
+                        var httpResponse = await new HttpClient().GetAsync(server.Url + $"/generateJwtToken/{userName}");
+                        httpResponse.EnsureSuccessStatusCode();
+                        var authHeader = await httpResponse.Content.ReadAsStringAsync();
+                        websocket.Options.SetRequestHeader("Authorization", $"Bearer {authHeader}");
+
+                        await websocket.ConnectAsync(context.Uri, token);
+                        tcs.SetResult();
+                        return websocket;
+                    };
+                    o.UseAcks = true;
+                })
+                .WithAutomaticReconnect();
+            connectionBuilder.Services.AddSingleton(protocol);
+            var connection = connectionBuilder.Build();
+
+            var reconnectCalled = false;
+            connection.Reconnecting += ex =>
+            {
+                reconnectCalled = true;
+                return Task.CompletedTask;
+            };
+
+            try
+            {
+                await connection.StartAsync().DefaultTimeout();
+                userName = "test2";
+                await tcs.Task;
+                tcs = new TaskCompletionSource(TaskCreationOptions.RunContinuationsAsynchronously);
+
+                var originalConnectionId = connection.ConnectionId;
+
+                var originalWebsocket = websocket;
+                websocket = new ClientWebSocket();
+
+                originalWebsocket.Dispose();
+
+                await tcs.Task.DefaultTimeout();
+
+                Assert.Equal(originalConnectionId, connection.ConnectionId);
+                Assert.False(reconnectCalled);
+
+                var changeLog = Assert.Single(TestSink.Writes.Where(w => w.EventId.Name == "UserNameChanged"));
+                Assert.EndsWith("The name of the user changed from 'test1' to 'test2'.", changeLog.Message);
+            }
+            catch (Exception ex)
+            {
+                LoggerFactory.CreateLogger<HubConnectionTests>().LogError(ex, "{ExceptionType} from test", ex.GetType().FullName);
+                throw;
+            }
+            finally
+            {
+                await connection.DisposeAsync().DefaultTimeout();
+            }
+        }
+    }
+
     [Fact]
     public async Task ServerAbortsConnectionWithAckingEnabledNoReconnectAttempted()
     {

src/SignalR/clients/csharp/Client/test/FunctionalTests/Startup.cs

@@ -47,6 +47,7 @@ public void ConfigureServices(IServiceCollection services)
             });
         });
 
+        services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                 .AddJwtBearer(options =>
                 {
@@ -60,7 +61,6 @@ public void ConfigureServices(IServiceCollection services)
                             IssuerSigningKey = SecurityKey
                         };
                 });
-        services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
 
         // Since tests run in parallel, it's possible multiple servers will startup,
         // we use an ephemeral key provider and repository to avoid filesystem contention issues
@@ -114,9 +114,9 @@ public void Configure(IApplicationBuilder app)
                 options.MinimumProtocolVersion = -1;
             });
 
-            endpoints.MapGet("/generateJwtToken", context =>
+            endpoints.MapGet("/generateJwtToken/{name?}", (HttpContext context, string name) =>
             {
-                return context.Response.WriteAsync(GenerateJwtToken());
+                return context.Response.WriteAsync(GenerateJwtToken(name ?? "testuser"));
             });
 
             endpoints.Map("/redirect/{*anything}", context =>
@@ -130,9 +130,9 @@ public void Configure(IApplicationBuilder app)
         });
     }
 
-    private string GenerateJwtToken()
+    private string GenerateJwtToken(string name = "testuser")
     {
-        var claims = new[] { new Claim(ClaimTypes.NameIdentifier, "testuser") };
+        var claims = new[] { new Claim(ClaimTypes.NameIdentifier, name) };
         var credentials = new SigningCredentials(SecurityKey, SecurityAlgorithms.HmacSha256);
         var token = new JwtSecurityToken("SignalRTestServer", "SignalRTests", claims, expires: DateTime.Now.AddSeconds(5), signingCredentials: credentials);
         return JwtTokenHandler.WriteToken(token);

src/SignalR/common/Http.Connections/src/Internal/HttpConnectionDispatcher.Log.cs

@@ -56,5 +56,13 @@ internal static partial class Log
 
         [LoggerMessage(16, LogLevel.Debug, "The client requested an invalid protocol version '{queryStringVersionValue}'", EventName = "InvalidNegotiateProtocolVersion")]
         public static partial void InvalidNegotiateProtocolVersion(ILogger logger, string queryStringVersionValue);
+
+        [LoggerMessage(17, LogLevel.Warning, "The name of the user changed from '{PreviousUserName}' to '{CurrentUserName}'.", EventName = "UserNameChanged")]
+        private static partial void UserNameChangedInternal(ILogger logger, string previousUserName, string currentUserName);
+
+        public static void UserNameChanged(ILogger logger, string? previousUserName, string? currentUserName)
+        {
+            UserNameChangedInternal(logger, previousUserName ?? "(null)", currentUserName ?? "(null)");
+        }
     }
 }

src/SignalR/common/Http.Connections/src/Internal/HttpConnectionDispatcher.cs

@@ -606,6 +606,17 @@ private async Task<bool> EnsureConnectionStateAsync(HttpConnectionContext connec
             connection.HttpContext = context;
         }
 
+        if (connection.User is not null)
+        {
+            var originalName = connection.User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
+            var newName = connection.HttpContext?.User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
+            if (originalName != newName)
+            {
+                // Log warning, different user
+                Log.UserNameChanged(_logger, originalName, newName);
+            }
+        }
+
         // Setup the connection state from the http context
         connection.User = connection.HttpContext?.User;