[SignalR]: AuthorizeHelper should no-op if endpoint routing has already executed auth

[pranavkm]

Similar to the solution in #8387, we need to avoid re-running auth in SignalR if the middleware previously ran.

[pranavkm]

cc @rynowak \ @davidfowl \ @BrennanConroy

[analogrelay]

The work items here are:

• Scoop up all attributes on the Hub and put them in the metadata (bonus: we get CorsAttribute for free!).
• Remove our custom connection-level auth and use endpoint auth now (if endpoint routing is in play).

[davidfowl]

We already did most of this work. The last piece is to skip if it already ran

[analogrelay]

• Scoop up all attributes on the Hub

We did this? @BrennanConroy wasn't so sure...

[davidfowl]

https://github.com/aspnet/AspNetCore/blob/3e056db750d562826473f476e4f9b02ad76ffdd3/src/SignalR/server/SignalR/src/HubEndpointRouteBuilderExtensions.cs#L49

[rynowak]

I would be really careful about making things skip and be smart - rather than making sure that the app is configured correctly. The change in #8387 broke stuff in MVC because the user would configure the AuthorizeFilter manually and it would now no-op.

We landed on making it an error to have [Authorize] and not have the authorize middleware when using endpoint routing. Consider whether you can configre this behaviour based on whether or not endpoint routing is in use.

[pranavkm]

@rynowak the way I thought of doing this was to not add auth metadata to HttpConnectionDispatcherOptions as part of the extension method @davidfowl pointed. It would be analogous to how MVC would not set up a filter if you're doing endpoint routing.

[rynowak]

OK DOpe

[analogrelay]

@pranavkm you assigned yourself to this, are you going to do it? If not, let me know and I'll find a victim person to fix it.

[pranavkm]

Sure, I'd be happy to review the change if somebody else does the PR.

[analogrelay]

Cool, just wanted to clarify the status of your assignment ;P. We'll take a look at this in preview 6

[BrennanConroy]

Acceptance checklist (check one item)

• We decided not to take this fix.
• The fix is tests-only.
• The fix contains product changes (check all items below).
  • Relevant XML documentation comments for new public APIs are present.
  • Narrative docs (docs.microsoft.com) are updated. (check one item below)
    • The change requires a new article. An issue with an outline has been filed here: [SignalR Endpoint Routing Article AspNetCore.Docs#11127]
    • The change requires a change to an existing article. A docs PR with these changes is linked here: [PR LINK]
    • The change requires no docs changes.
  • Verification has been completed. (check one item below)
    • The change is in the shared framework and was verified against the following versions
      • SDK installer: [3.0.100-preview6-012234]
      • ASP.NET Core Runtime: [3.0.0-preview6.19303.1]
      • .NET Core Runtime: [3.0.0-preview6-27730-01]
    • The change is in an OOB NuGet/NPM/JAR package and was verified against the following version of that package: [PACKAGE ID] [VERSION]