SignalR
Slawomir Dorzak
@sdorzak
What I’ll be talking about
● Scaling out your SignalR application
● Securing your endpoints
● Cross domain calls
● Things ...
Scaling out your SignlaR app
● Why is it important?
○ Cloud deployments usually require more than 2
instances
○ You will n...
Built-in scale-out support
● SignalR backplane
○ Azure ServiceBus
■ No setup needed
■ Reliability provided by ServiceBus
○...
DIY Scale-out
○ One "beefy" server
■ you can tweak it for great performance
■ you need to think about failover
strategy
■ ...
When to use which?
● For most cases - start with built-in backplane
of choice
● If you're expecting high volumes of
messag...
Demo
Securing your endpoints
● SignalR doesn't provide any authentication
features
● Use your existing authentication eg. Forms...
Securing your endpoints
● Never blindly trust the client as it can be
hijacked or spoofed
● Don't assume client is always ...
Cross domain calls
● on the client SignalR automatically detects
cross domain URL
● it will use XHR by default with fallba...
Things to watch out for
● You need one of the supported OS-es
(>Windows Server 2008R2 or > Windows 7)
● You need .NET Fram...
SignalR alternatives
● Socket.IO + NodeJS
○ You can run it on Azure (yes it does run NodeJS :)
○ It's mature and widely us...
Resources
● Low level protocol introduction http://lucumr.pocoo.
org/2012/9/24/websockets-101/
● Excellent paper on websoc...
Upcoming SlideShare
Loading in...5
×

SignalR

1,083

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,083
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SignalR

  1. 1. SignalR Slawomir Dorzak @sdorzak
  2. 2. What I’ll be talking about ● Scaling out your SignalR application ● Securing your endpoints ● Cross domain calls ● Things to watch out for ● Alternatives to SignalR
  3. 3. Scaling out your SignlaR app ● Why is it important? ○ Cloud deployments usually require more than 2 instances ○ You will need to scale out some day, so better know your options ● Challenges ○ SignlaR needs to be aware of all connections, it needs some way of sharing data between multiple servers ○ All servers in the pool need to be notified when client sends a message, connects or disconnects ○ Message patterns may vary quite a lot between applications
  4. 4. Built-in scale-out support ● SignalR backplane ○ Azure ServiceBus ■ No setup needed ■ Reliability provided by ServiceBus ○ SQL Server ■ Database needs to be created upfront ■ Familiar to most developers ○ Redis ■ Install your own or use one of the "as a service" options ■ Fast - in-memory store ○ NServiceBus ■ 3rd party alternative to Azure ServiceBus
  5. 5. DIY Scale-out ○ One "beefy" server ■ you can tweak it for great performance ■ you need to think about failover strategy ■ need to be aware of the scale-up ceiling ○ Context specific ■ great performance ■ can distribute the load more evenly ■ distribution strategy needs to be thought through
  6. 6. When to use which? ● For most cases - start with built-in backplane of choice ● If you're expecting high volumes of messages eg. realtime gaming consider DIY approach ● See this great talk on the subject: ○ "Scaling the Real-time Web with ASP.NET SignalR" http://channel9.msdn.com/Events/Build/2013/3-502
  7. 7. Demo
  8. 8. Securing your endpoints ● SignalR doesn't provide any authentication features ● Use your existing authentication eg. Forms ● Use Authorize attribute to control access to the hub or hub methods ● Do not display connectionId to the clients as it is used in identity verification mechanism
  9. 9. Securing your endpoints ● Never blindly trust the client as it can be hijacked or spoofed ● Don't assume client is always the browser ● Communication over ws:// is unencrypted - use wss:// instead! ● validate origin of your clients ● encode input that you broadcast to other clients
  10. 10. Cross domain calls ● on the client SignalR automatically detects cross domain URL ● it will use XHR by default with fallback to jsonp ● on the server you need to explicitly allow cross domain connections RouteTable.Routes.MapHubs( new HubConfiguration(){ EnableCrossDomain = true });
  11. 11. Things to watch out for ● You need one of the supported OS-es (>Windows Server 2008R2 or > Windows 7) ● You need .NET Framework > 4.0 ● IIS7 or 7.5 needs URL Extensions module, IIS8 has builtin support ● On the client you need jQuery 1.6.4+ ● For websockets transport you need the latest browser ● Complicated stack ● DPI ● Don’t put blocking calls in your hub methods
  12. 12. SignalR alternatives ● Socket.IO + NodeJS ○ You can run it on Azure (yes it does run NodeJS :) ○ It's mature and widely used ○ It's not as integrated into .NET environment as SignalR ● SuperWebSocket ○ Multiple hosting options (windows service, console app, web app) ○ Supported on Mono ○ Lower level ● Since .NET 4.5 WCF supports Websockets as transport
  13. 13. Resources ● Low level protocol introduction http://lucumr.pocoo. org/2012/9/24/websockets-101/ ● Excellent paper on websockets security http://www. adambarth.com/papers/2011/huang-chen-barth-rescorla-jackson.pdf ● Free SignalR ebook http://eduardopires.net.br/Repositorio/SignalR_eBook.pdf ● SignalR Github account https://github.com/SignalR/Samples
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×