WebSockets in ASP.NET 4.5

home
asp.net
view story

3 Kicks

WebSockets in ASP.NET 4.5 (www.techbubbles.com)

submitted by kalyanms1(1789) 7 months, 22 days ago

This post discuss about using WebSockets in ASP.NET 4.5. You can read this post to get an understanding about WebSockets. This post shows piece of code which uses WebSockets in ASP.NET 4.5 and the code is related to simple chat application.

5 comments |category: ASP.NET |Views: 182
Tweet

tags: ASP.NET another

Everyones tags:

Your Tags:

Please login or signup.

Add a live kick counter to your blog >> liveImage

You can even customize the image by choosing your own colors, and then clicking the button below to update the preview and the html code:

"Kick It" text
"Kick It" background
kick count text
kick count background
border

Simply copy and paste this HTML into your blog post.

Users who kicked this story:

vijayst(1311) -

dpeterson(4397) -

kalyanms1(1789)

Comments:

posted by dpeterson(4397) 7 months, 22 days ago 0

I think WebSockets are the thing I am most excited about when it comes to HTML5. The level of interactivity available in web applications is going to get a big boost as soon as browser support is ubiquitous, or at least close enough to it.

posted by vijayst(1311) 7 months, 20 days ago 0

This is a good article that walks through the steps to create a chat application using HTML5 WebSocket and ASP.NET 4.5 support for WebSocket request. Will using WebSocket create security vulnerabilities? - Any browser can open a WebSocket request with the server.

posted by dpeterson(4397) replied to vijayst(1311), 7 months, 20 days ago 0

Changing the url from ws:// to wss:// will enable ssl encryption. It's up to you to implement authentication at the application level, as well as deciding how to handle malformed messages. But at the very least, with ssl, you can be relatively sure that data is not being sniffed and no man-in-the-middle attacks are going on.

posted by vijayst(1311) replied to dpeterson(4397), 7 months, 20 days ago 0

Even with wss://, since the URL and code is exposed directly in javascript, it is easier to send legitimate messages to the server. Also, the web server could be flooded with WebSocket requests. I will be curious to know the request lifecycle works with WebSocket requests.

posted by dpeterson(4397) replied to vijayst(1311), 7 months, 20 days ago 0

Well, the url would always be exposed, whether we're talking websockets or not ;-)
If someone sends message to the server, the server must first check for an active authentication. If there is none, it doesn't matter what types of message are sent as the application should drop them. SSL protects the authentication process as well as the messages sent so that authentication tokens cannot be intercepted. Enabling SSL really is the cornerstone of implementing any real security in a web application, whether websockets or normal https protocols are used for transport.

Most Active Users

What's this?