从IIS托管的MVC应用程序调用时，Context.User在自托管SignalR集线器中为null

我有一个IIS托管的MVC 5应用程序，该应用程序使用Asp.Net Identity和OWIN通过.AspNet.ApplicationCookie进行身份验证。从其观点之一，我通过SignalR JS客户端调用自托管SignalR集线器（在同一服务器上运行）上长时间运行的方法。这些调用均按预期方式工作。现在，我想用[Authorize（Roles =“ Administrator”）]装饰集线器。事实证明这是有问题的。在集线器方法中设置断点将显示Context.User为空，即使.AspNet.ApplicationCookie显然位于Context.RequestCookies中。

这是集线器（在Windows服务中自行托管）的引导程序：

app.Map("/signalr", map =>
{
    map.UseCors(CorsOptions.AllowAll);
    map.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
    });

    var hubConfiguration = new HubConfiguration();
    map.RunSignalR(hubConfiguration);
});

这是Web应用程序（托管在IIS中）的身份验证配置：

// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(UserAccountContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(30),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});

问题1：在上述情况下是否可以使用[授权]？如果是这样，怎么办？

问题2：将自动托管的集线器合并到IIS托管的应用程序中会更好吗？如果是这样，则在IIS下长时间运行的集线器方法是否存在任何问题？

更新1我尝试TicketDataFormat = new TicketDataFormat(new MachineKeyDataProtector("ASP.NET Identity"))在集线器配置中添加到CookieAuthenticationOptions，但这没有帮助。当然，这似乎应该比现在容易。