ITCamp 2012 - Ovidiu Stan - Social media platform with Telligent Community, WCF RESTful and Sitecore
Upcoming SlideShare
Loading in...5
×
 

ITCamp 2012 - Ovidiu Stan - Social media platform with Telligent Community, WCF RESTful and Sitecore

on

  • 535 views

 

Statistics

Views

Total Views
535
Views on SlideShare
535
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

ITCamp 2012 - Ovidiu Stan - Social media platform with Telligent Community, WCF RESTful and Sitecore ITCamp 2012 - Ovidiu Stan - Social media platform with Telligent Community, WCF RESTful and Sitecore Presentation Transcript

  • Social media platform with Telligent Community, WCF RESTful and Sitecore Ovidiu Stan, Software Architect@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • ITCamp 2012 sponsors Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Agenda Mobile & Development• SvS – The Business (Requirements)• SvS – The Solution (Architecture)• Telligent Community – Short Intro• WCF RESTfull API• Akamai CDN• Sitecore CMS – Short Intro@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • The Business Mobile & Development• The client: Cadbury – Biggest UK chocolate manufaturer, World’s second – Official Trait Provider for London 2012 Olympics • The campaign: “Spots vs Stripes” (SvS) – “Biggest funest game ever” – “Cadbury is inviting the nation to divide into two teams, Spots v Stripes and play all sorts of games in the run up to the Olympic and Paralympic Games in 2012”@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Spots v Stripes Campaign Mobile & Development• Much more than just software:• Real world events & games• TV ads, TV Show participation (e.g. NBC’s Minutes To Win It)• Rich presence on social networks: YouTube channels, Facebook, Twitter• Prizes: Olympics tickets, sweets, cash@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • System Requirements Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Spots v Stripe – Games Mobile & DevelopmentFlash Games Real World Games Points@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • SvS Architecture – High Level Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • API Platform - Architecture Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • API Platform - Architecture Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • SvS Architecture - Infrastructure Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development www.telligent.com• Ready-to-use Social Network/Community portal with features like: • Profiles • Groups • Friends/Connections • Blogs, Wikis, Forums • Search • RSS Feeds • Administration: user management, content management • Moderation• Extensible platform allowing customization at two levels: • UI: new pages, custom widgets, cutom themes • API: RESTful API exposing most of the platform functionality: – 3rd party integration – New UI functionality@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & DevelopmentCreating Custom Widgets@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development1. Derive from ExternallyImplementedConfigurableContentFragmentBase@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development 2. Implement PollsWidget.ascx and access property values 3. Compile the web app and deploy it  All widgets implement IContentFragment interface.  The available base classes (including ExternallyImplementedContentFragmentBase) implements it too.  When Telligent loads, it finds all the classes from /bin folder that implement this interface  Widget base classes:  ContentFragmentBase – no config values and no external ascx file.  ConfigurableContentFragmentBase – has config values bu no external ascx file.  ExternallyImplementedContentFragmentBase – external ascx file, no config values  ExternallyImplementedConfigurableContentFragmentBase – external ascx file and config vlues For the first two, controls are added by overriding: AddContentControls(System.Web.UI.Control control)@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development• Telligent Community Platform API - Example@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development• Platform API categories:  Users  Add user: POST api.ashx/v2/users.xml (or .json)  Delete user: POST (Header: DELETE)api.ashx/v2/users/{username}.xml (or .json)  Validate user password  etc…  Activity messages  Followers  Groups  Blog posts and comments  Forum  Wiki  Content Search  etc…@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Telligent Community – Short Intro Mobile & Development• SvS.CommunityClient (façade): wraps some of the Telligent’s API@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • API Platform – RESTful Services Mobile & Development• RESTful web services - key concepts o Statelessness:  By design, RESTful services are stateless  No storage on server between requests  All information needed is in the request o Resources:  The services act upon resources  Each resource must have in ID resulting in a URI  Example: Users, groups, status messages o Representation of data:  The same resource can have multiple representations  Example: user detail and follower detail o By design work over HTTP. o Use standart HTTP verbs for the operations: • GET, POST, PUT, DELETE • POST can be used to do any updates, including additions and deletions@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • API Platform – WCF RESTful Mobile & Development• WS-* vs RESTful • WCF: WSHttpBinding vs WebHttpBinding • Arguments for RESTful in this project: • Callers are mostly client side elements: flash games, javascript (Ajax with JQuery) • Light messages • Both XML and JSON message format are required • Easier to be used by clients (SOAP is hard to use without proxy generation) • WS-* advanced features were not necessary: transaction, federation, etc.• Alternatives to WebHttpBinding: • ASP.NET Web API – part of ASP.NET MVC 4 Beta@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • API Platform – WCF RESTful Mobile & Development• WS-* vs RESTful • WCF: WSHttpBinding vs WebHttpBinding • Arguments for RESTful in this project: • Callers are mostly client side elements: flash games, javascript (Ajax with JQuery) • Light messages • Both XML and JSON message format are required • Easier to be used by clients (SOAP is hard to use without proxy generation) • WS-* advanced features were not necessary: transaction, federation, etc.• Alternatives to WebHttpBinding: • ASP.NET Web API – part of ASP.NET MVC 4 Beta@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • API Platform – Examples Mobile & Development• GET searchUser/{searchText} Response:• POST user/supporting/add Request:• POST submitmultiplayergame/ Request: Response:@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • API Platform – Security Mobile & DevelopmentAPI Security - Requirements• Client applications authentication & authorization: o Protected API methods can be accessed only by authorized client apps. o The client apps will be identified based on a application name and a private key.• Message integrity o The data from the request cannot be modified by 3rd parties o For example the Score parameter for the SubmitGame method• End User authentication o Some API methods require to be executed in the context of an end user o For these methods, both the caller app and the user it’s impersonating must be authenticated• Avoid replay attacks o repeating valid requests either by the originator or by a third who intercepts the request@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • API Platform – Security Mobile & DevelopmentAPI Security - Implementation Client Apps Table Keep the client apps in a DB table • AppName – unique for each client AppName ApiKey ClientApp1 rjvm4Y8hrKkJwfM Generate and provide the client apps ClientApp2 NmD9BaDk6uS5OkS developers with a private key (ApiKey) ClientApp3 L6EYXMQAEMKHcbh Require the callers to embed this info in the request: HTTP Header • ApplicationName – client app name • UserName – SvS user the caller is impersonating SvS-Authorization: • Nonce – timestamp, different for each request application=<ApplicationName>, • Signature = user=<UserName>, MD5(ApiKey, SessionId, Nonce) nonce=<Timestamp>, SessionId: provided by Login API method signature=<md5hash>@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • API Platform - Security Mobile & DevelopmentAPI Security - Implementation Cache: List of UserSession API Method: Login(userName, password) User SessionId Nonce • Authorize caller (client application) Name • Validate userName & password against SvS DB and Telligent User1 Brgsi4KR8f3BeVj 88258960234 • Generate a SessionId and stores it in the cache User2 D67NZwChfBT7Z08 88258960236 • Return the SessionId to the caller User3 kUGSpND68kVWlJ5 88258960238  Authorize() – internal method (called from each API Method) Expire: 15 mins • Look up the <ApplicationName> in ClientApps table • Look up <UserName> in Cache • Compare provided <Nonce> with session Nonce • Update session Nonce • Calculate signature in the same way as the client has done it: MD5(ApiKey, SessionId, Nonce) • Compare the signatures  Alternatives: SSL, OAuth@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • API Platform – Code Sample Mobile & Development  Register Service Routes: Hub.Services.Api.Web / Global.asax / Application_Start Service Contract Interface: Hub.Services.Api.Shared / IScoresService  Service Implementation: Hub.Services.Api / ScoresService@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Content Delivery Networks - Intro Mobile & Development• Content Delivery Network (CDN) o A large distributed system of servers deployed in multiple data centers in the Internet o The servers are optimized for file serving o When a user request a resource from CDN, the server that is geographically closer to the user serves the resource o Akamai, one of the biggest CDNs delivers 20 % if of the world’s traffic• Advantages using a CDN o Reduce the load on your servers o Support higher traffic o Reduce the load time to end users o Geolocation o May deffend against DDoS attacks www.spotsvstripes.com origin.spotsvstripes.com@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Content Delivery Networks - Intro Mobile & Development• Website development targeting CDNs: • No dynamic content rendered by the server • All “personalized” user content is updated client side • No session • Most of the page requests will not hit the origin server • Set HTTP caching headers: • Cache-control (ex: Cache-Control: public, max-age=600) – max-age (seconds), public, private, no-cache, no-store, must-revalidate • Last-Modified • Expires – like max-age but absolute date value • When both Cache-Control and Expires are present, Cache-Control takes precedence@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Akamai and SvS Website Mobile & Development• SvS: Configuring HTTP Cache headers in Sitecore@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Akamai and SvS Website Mobile & Development• Configuring HTTP Cache headers in Sitecore@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Akamai and SvS Website Mobile & Development• Customized content is updated client side • Ajax calls to SvS API@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Sitecore – Short Intro Mobile & Development@ itcampro # itcamp12 Premium conference on Microsoft technologies
  • Q&A@ itcampro # itcamp12 Premium conference on Microsoft technologies