We have an application with Silverlight 5 and WCF RIA backend.
Our Client's environment has load balancing but has only 30 - 40 users.
We wanted to use SignalR for messaging, but instead of using a backplane, i am planning to
install a seperate MVC service as Hub which will sit outside the Loadbalancer, where all clients can connect to.
Is this approach okay for a small user base (30 - 40 users)? And since its going to be cross domain, do i need to copy clientaccesspolicy.xml to the root folders for silverlight to work ? Or do i need to configure SignalR to allow cross domain?
Thanks !
You need both.
Enabling cross domain on SignalR server allows requests to be processed on server side.
Adding clientaccesspolicy.xml allows Silverlight to establish the connection.
Related
Hey I'm trying to upgrade notifications service that uses task polling to see if there are new messages for a given interval.
My client is a WPF application and WCF in the server side.
I have 2 application servers with windows server 2008 r2 and load balancer between them.
I thought of implementing it with WCF Duplex binding and noticed it will be a problem to manage my users in 2 service instances (since I can subscribe user only to 1 service).
The trigger for sending messages is when data is manipulated by a user and is related to other specific users.
Another important point is that we plan to scrap our wpf application and revise our front end as web project (with angularjs probably..) and our backend from wcf to .net web api.
I read a bit about push techniques and came to this conclusion:
SignalR - the thing is, how will it work with web? (angular.js instead of asp.net)
Wamp - didnt find much about it but it looks promising
Websockets
.NET implementation (requires IIS 8 which means upgrading our servers)
socket.io - simple and great documentation and community. but I'm not familiar with nodejs.
What are your thoughts about how to implement it?
Thanks, Bar
Question: How can I communicate between two web sites using HTTPS within one Azure Cloud Service deployment?
Details:
I have architected an Azure Cloud Service deployment (one “subdomain.cloudapp.net”) in such a way as to run two separate web sites inside the deployment by using different ports.
Site 1 is what I’m calling a Service Site that is a standard ASP.NET site that hosts a bunch of WCF Services with no HTML or ASPX pages (except for a default.aspx page that redirects to site 2). Site 1 is running on port 80.
Site 2 is my main site and hosts a Silverlight application that uses the services from Site 1 to access the database and process results. It is only accessible by way of HTTPS and uses port 443.
Both of these sites are defined in a Visual Studio Azure solution with two endpoints, one for each port. Further, each endpoint is associated with the two web site project insides of the VS Solution by way of the ServiceDefinition.csdef configuration file in the Azure project.
I have purchased my security certificate and associated it with a domain name that I am using with Site 2 by way of domain name redirecting and CName mapping at my DNS.
Accessing site 2 using the mapped domain name and an encrypted connection works well via HTTPS. However, when I try to make a service call internally from Site 2 to Site 1, I am going from an HTTPS connection to an HTTP connection because I don’t have a SSL Certificate at Site 1. As a result, when site 2 makes a service call to Site 1, it tries to serve clientaccesspolicy.xml. This causes Internet Explorer to display the ‘Mixed Content’ message (Because of the HTTPS/HTTP mix). Bottom line is I need to get rid of this pop-up prompt. I know it can be disabled on the client end but with over a thousand users, I can’t depend on them being able to turn the message off. I need to make the message go away on the server side.
Back to the question, so is there a way to access site 1 using SSL from site 2 all within the one Azure Cloud Service? What it sounds like I need to do is assign an SSL Certificate to site 1. However, I’m hitting two roadblocks. First, I can’t assign an SSL Certificate to a wildcard.clouapp.net domain name. Second, I can’t assign a second domain name to the Azure Cloud Service since I can’t do domain name forwarding to a specific port (remember that Site 2 is already using domain forwarding anyway).
I could accomplish a solution by breaking out the two sites into their own cloud services but I would rather not because it would double my cost. Are there any suggestions on how to accomplish getting this “Mixed Content” message to go away, either by way of securing site 1 or some other method?
I have a WCF.
I have a silverlight application.
I do not want anyone to be able to call the WCF except the Silverlight application.
I do not want to install any certificates on the client.
I do not want to hit any databases.
What would typically be the best way to do something like this?
You can address this using a cross domain policy file. Silverlight cannot connect to WCF services hosted on secondary domains without the implementation of this policy file.
Here are two links to get you in the right direction
http://msdn.microsoft.com/en-us/library/cc197955%28v=vs.95%29.aspx
Tim Heuer has a good writeup on the implementation of this file as well.
http://timheuer.com/blog/archive/2008/04/06/silverlight-cross-domain-policy-file-snippet-intellisense.aspx
To prevent a WCF services from being accessed by other applications you will need to implement authentication of some sort Here is a related post
From what I've read Web Sockets holds more promise than the duplex polling that is currently available to Silverlight developers for receiving server notifications. However I'm not finding much written in the last 10 months, nor am I finding much at all from a Silverlight perspective.
Please don't answer, that Silverlight can open sockets. I know that --- howerver what I don't know is how silverlight can do that with its web server over port 80 in a firewall friendly way -- all of which is why I'm interested in Web Sockets.
The underlying Silverlight network stack won't allow port 80 to be connected to. The port restrictions are that the port must be between 4502-4534. See Network Security Access Restrictions in Silverlight.
Microsoft recently release a WebSockets prototype part of which includes a Silverlight WebSocket client. One additional restriction with the Microsoft Silverlight WebSocket prototype implementation is that a clientaccesspolicy.xml file must be served up from port 80 on the server that is being connected to.
The Super Websockets project also contains a Silverlight client somewhere. It will most probably have the same restrictions as the Microsoft implementation.
SL4 and 5 do not implement websockets. If browser used to host silverlight plugin supports websockets then you can use browser interop to call websockets api form the silverlight app.
Alternatively a trusted application can connect to any TCP port including port 80.
I am confused by when and how to use the clientaccesspolicy.xml file in Silverlight. What is it for? Right now, my deployed site (not localhost but the remote server) does NOT have it and I can still access the web site and query the database through a WCF web service. Why should I include it in my root directory?
You only need it if your Silverlight app will be accessing a service in another domain.
e.g (from the MS site)
"For example, a Silverlight control hosted at http://contoso.com/mycontrol.aspx can access only services on that same domain by default – for example http://contoso.com/service.svc, but not a service at http://fabrikam.com/service.svc."
When your silverlight application try to access the method of web service.
For the security silverlight first identify the service is valid one not the fake.
For that silverlight first request the "ClientAccessPolicy.xml" file, then requested web service will returns the xml file after that silverlight checks that application is allowed to accept call from current service..if yes then app can free to make a service call to verified service.