Well that's an interesting title but what does it mean? I assume you know about the .NET [System.Collections.Concurrent][1] namespace. It provides several thread-safe collection classes, one of which is [ConcurrentDictionary<TKey, TValue>][2]. The standard Dictionary class is not thread-safe and when a reader detects a simultaneous write it throws an InvalidOperation: Collection was modified; enumeration operation may not execute. A ConcurrentDictionary can be read from and written to simultaneously from multiple threads.

In [part 1][1] of this post I described how to solve the first part of the problem: making sure the JWT token we got from ADAL JS gets sent to the server (i.e. the SignalR hub). Part 2 describes how the server extracts the token, validates it and creates a principal out of it. In another post I already described how to configure an Owin middleware pipeline that does exactly this: via UseWindowsAzureActiveDirectoryBearerAuthentication (and if you Google this extension method you'll find a lot more information).

In a previous post I described how to use ADAL JS with Azure AD role-based authorization. This works fine when you're securing a Web API or MVC backend. However, what about SignalR hubs?

In October 2014, Vittorio Bertocci introduced ADAL JavaScript. This library makes it possible for single-page-apps to use Azure Active Directory authentication from within the browser. ADAL JS uses the OAuth2 Implicit Grant for this. The introductory blog post and an additional post when v1 was released explain in detail how to configure and use the library.