Automatic login with the Remote User Authentication Provider

Submitted 5/29/2012 by Support

By default eStreamChat uses a sample user provider that logs users with random guest usernames. However for integration with your own site you probably want the chat to use the username of the user who is already logged in your site. There are different approaches to such integration with the most common being using the Remote User Authentication Provider. The provider is already included in eStreamChat and you can enable it by replacing the ChatUserProvider dependency in the web.config file.

You need to replace the default dependency:

   type="eStreamChat.Interfaces.IChatUserProvider, eStreamChat.Interfaces"
   mapTo="eStreamChat.SampleProviders.ChatUserProvider, eStreamChat.SampleProviders">
  <lifetime type="singleton" />

with the RemoteAuthUserProvider one:

   type="eStreamChat.Interfaces.IChatUserProvider, eStreamChat.Interfaces"
   mapTo="eStreamChat.Classes.RemoteAuthUserProvider, eStreamChat">
  <lifetime type="singleton" />


You can now redirect authenticated users to eStreamChat by adding their details as parameters ans signing the request with the pre-shared secret key. The remote authorization url looks like this:



Let's break this url to parts:

http://your-chat-url/ - this is the url where eStreamChat is installed

?id= - this parameter is the Id of the user. It could be a username or any other id. It will be used as display name if none is specified

&timestamp= -  the timestamp parameter is the current date and time in the following format "yyMMddhhmmss"; for example May 29th, 2012 08:10:00pm would be "120529201000"

&hash= - the id, timestamp and the pre-shared secret key concatenated in this order and then hashed with SHA1. You can configure the secret key from the web.config file


Additionally there are some optional parameters that you might want to include:

&name= - this parameter is used to specify the display name of the user if it does not match the id provided by the ?id parameter.

&thumbUrl= - used to specify the url of the user avatar. If no thumbnail url is specified then the system will use one from gravatar


Here is a sample code for ASP.NET in C#:

string secretKey = "secret-goes-here";
string id = "John"; // Set this to the currently logged user
string timestamp = DateTime.Now.ToString("yyMMddhhmmss");
SHA1Managed sha1 = new SHA1Managed();
byte[] paramBytes = Encoding.UTF8.GetBytes(id + timestamp + secretKey);
byte[] hashBytes = sha1.ComputeHash(paramBytes);
string hash = BitConverter.ToString(hashBytes).Replace("-", "").ToLower();

  id, timestamp, hash));