I've been working quite a lot with authentication and claims-based authorization the last two years. Requirements have shifted lately to include SignalR capabilities in some of my company's projects so I started looking into how to make our security patterns work in this context.
I do know my way around middleware and it seems it's working as intended - but only for when SignalR connections are being set up. Subsequent SignalR requests doesn't seem to trigger the middleware pipe at all, from what I have been able to discern.
So, I went on to read Microsoft's documentation (like here, here, or here) for how to implement authorization, based on the usual [Authorize] attribute, allowing different auth-policies for different hubs, or individual hub methods. In those documents I find nothing on how authentication and claims transformation/identity building works. I have seen that I can use hub filters, working almost like middleware, but I have found no information or examples explaining how to use it in this context.
I just find it strange how Microsoft basically explains how the normal ASP.NET Core auth mechanisms also work for SignalR, but doesn't also explain how to make the normal authentication, identity-building, and authorization steps happen. This leads me to suspect I have misunderstood something. Before I start writing a lot of bespoke auth code as hub filters, I'd just like some input from more knowledgeable brothers-in-coding out there, if possible.