Your SlideShare is downloading. ×
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply



Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. SignalR Slawomir Dorzak @sdorzak
  • 2. What I’ll be talking about ● Scaling out your SignalR application ● Securing your endpoints ● Cross domain calls ● Things to watch out for ● Alternatives to SignalR
  • 3. Scaling out your SignlaR app ● Why is it important? ○ Cloud deployments usually require more than 2 instances ○ You will need to scale out some day, so better know your options ● Challenges ○ SignlaR needs to be aware of all connections, it needs some way of sharing data between multiple servers ○ All servers in the pool need to be notified when client sends a message, connects or disconnects ○ Message patterns may vary quite a lot between applications
  • 4. Built-in scale-out support ● SignalR backplane ○ Azure ServiceBus ■ No setup needed ■ Reliability provided by ServiceBus ○ SQL Server ■ Database needs to be created upfront ■ Familiar to most developers ○ Redis ■ Install your own or use one of the "as a service" options ■ Fast - in-memory store ○ NServiceBus ■ 3rd party alternative to Azure ServiceBus
  • 5. DIY Scale-out ○ One "beefy" server ■ you can tweak it for great performance ■ you need to think about failover strategy ■ need to be aware of the scale-up ceiling ○ Context specific ■ great performance ■ can distribute the load more evenly ■ distribution strategy needs to be thought through
  • 6. When to use which? ● For most cases - start with built-in backplane of choice ● If you're expecting high volumes of messages eg. realtime gaming consider DIY approach ● See this great talk on the subject: ○ "Scaling the Real-time Web with ASP.NET SignalR"
  • 7. Demo
  • 8. Securing your endpoints ● SignalR doesn't provide any authentication features ● Use your existing authentication eg. Forms ● Use Authorize attribute to control access to the hub or hub methods ● Do not display connectionId to the clients as it is used in identity verification mechanism
  • 9. Securing your endpoints ● Never blindly trust the client as it can be hijacked or spoofed ● Don't assume client is always the browser ● Communication over ws:// is unencrypted - use wss:// instead! ● validate origin of your clients ● encode input that you broadcast to other clients
  • 10. Cross domain calls ● on the client SignalR automatically detects cross domain URL ● it will use XHR by default with fallback to jsonp ● on the server you need to explicitly allow cross domain connections RouteTable.Routes.MapHubs( new HubConfiguration(){ EnableCrossDomain = true });
  • 11. Things to watch out for ● You need one of the supported OS-es (>Windows Server 2008R2 or > Windows 7) ● You need .NET Framework > 4.0 ● IIS7 or 7.5 needs URL Extensions module, IIS8 has builtin support ● On the client you need jQuery 1.6.4+ ● For websockets transport you need the latest browser ● Complicated stack ● DPI ● Don’t put blocking calls in your hub methods
  • 12. SignalR alternatives ● Socket.IO + NodeJS ○ You can run it on Azure (yes it does run NodeJS :) ○ It's mature and widely used ○ It's not as integrated into .NET environment as SignalR ● SuperWebSocket ○ Multiple hosting options (windows service, console app, web app) ○ Supported on Mono ○ Lower level ● Since .NET 4.5 WCF supports Websockets as transport
  • 13. Resources ● Low level protocol introduction http://lucumr.pocoo. org/2012/9/24/websockets-101/ ● Excellent paper on websockets security http://www. ● Free SignalR ebook ● SignalR Github account