The online document editor uses a WebSocket connection to synchronize the document server-side. To initialize the editor, a connection is routed to the endpoint TXWebSocket that creates the WebSocketHandler. The WebSocketHandler is coordinating the traffic between the client and the backend service.
The WebSocket traffic itself uses the same security layer like the underlying HTTP (or HTTPS) protocol. The WebSocketHandler address is defined through the WebSocketURL property in the HtmlHelper. For example:
Like other requests to controller or api controller methods, these requests should be secured by adding an authentication filter to this endpoint.
This very simple ActionFilterAttribute filter compares an access token passed in the query string with a hardcoded token. In real-worlds applications, this access token would be a dynamic OAuth access token or any other token of identity protocols.
When adding the TX Text Control MVC NuGet package to an ASP.NET Web Application, the TXWebSocketController is added to the project. By adding the attribute [WebSocketAuth] to the controller, the filter is executed before the controller method.
In the HtmlHelper code, the access token is passed as a query string in the WebSocketURL property: