itcamp 2012 - ovidiu stan - social media platform with telligent community, wcf restful and sitecore
TRANSCRIPT
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Social media platform with Telligent Community, WCF
RESTful and Sitecore
Ovidiu Stan, Software Architect
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development ITCamp 2012 sponsors
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• SvS – The Business (Requirements)
• SvS – The Solution (Architecture)
• Telligent Community – Short Intro
• WCF RESTfull API
• Akamai CDN
• Sitecore CMS – Short Intro
Agenda
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• The client: Cadbury – Biggest UK chocolate manufaturer, World’s second
– Official Trait Provider for London 2012 Olympics
The Business
• The campaign: “Spots vs Stripes” (SvS) – “Biggest funest game ever”
– “Cadbury is inviting the nation to divide into two teams, Spots v Stripes and play all sorts of games in the run up to the Olympic and Paralympic Games in 2012”
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• Much more than just software:
• Real world events & games
• TV ads, TV Show participation (e.g. NBC’s Minutes To Win It)
• Rich presence on social networks: YouTube channels, Facebook, Twitter
• Prizes: Olympics tickets, sweets, cash
Spots v Stripes Campaign
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development System Requirements
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development Spots v Stripe – Games
Real World Games Flash Games
Points
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development SvS Architecture – High Level
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development API Platform - Architecture
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development API Platform - Architecture
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development SvS Architecture - Infrastructure
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development Telligent Community – Short Intro
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development Telligent Community – Short Intro
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• Ready-to-use Social Network/Community portal with features like: • Profiles
• Groups
• Friends/Connections
• Blogs, Wikis, Forums
• Search
• RSS Feeds
• Administration: user management, content management
• Moderation
• Extensible platform allowing customization at two levels: • UI: new pages, custom widgets, cutom themes
• API: RESTful API exposing most of the platform functionality: – 3rd party integration
– New UI functionality
Telligent Community – Short Intro
www.telligent.com
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development Telligent Community – Short Intro
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development Telligent Community – Short Intro
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development Telligent Community – Short Intro
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development Telligent Community – Short Intro
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development Telligent Community – Short Intro
Creating Custom Widgets
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
1. Derive from ExternallyImplementedConfigurableContentFragmentBase
Telligent Community – Short Intro
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
2. Implement PollsWidget.ascx and access property values
Telligent Community – Short Intro
3. Compile the web app and deploy it All widgets implement IContentFragment interface.
The available base classes (including ExternallyImplementedContentFragmentBase) implements it too.
When Telligent loads, it finds all the classes from /bin folder that implement this interface
Widget base classes:
ContentFragmentBase – no config values and no external ascx file.
ConfigurableContentFragmentBase – has config values bu no external ascx file.
ExternallyImplementedContentFragmentBase – external ascx file, no config values
ExternallyImplementedConfigurableContentFragmentBase – external ascx file and config vlues
For the first two, controls are added by overriding:
AddContentControls(System.Web.UI.Control control)
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development Telligent Community – Short Intro
• Telligent Community Platform API - Example
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• Platform API categories: Users
Add user: POST api.ashx/v2/users.xml (or .json)
Delete user: POST (Header: DELETE)api.ashx/v2/users/{username}.xml (or .json)
Validate user password
etc…
Activity messages
Followers
Groups
Blog posts and comments
Forum
Wiki
Content Search
etc…
Telligent Community – Short Intro
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• SvS.CommunityClient (façade): wraps some of the Telligent’s API
Telligent Community – Short Intro
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• RESTful web services - key concepts o Statelessness:
By design, RESTful services are stateless
No storage on server between requests
All information needed is in the request
o Resources: The services act upon resources
Each resource must have in ID resulting in a URI
Example: Users, groups, status messages
o Representation of data: The same resource can have multiple representations
Example: user detail and follower detail
o By design work over HTTP.
o Use standart HTTP verbs for the operations: • GET, POST, PUT, DELETE
• POST can be used to do any updates, including additions and deletions
API Platform – RESTful Services
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• WS-* vs RESTful
• WCF: WSHttpBinding vs WebHttpBinding
• Arguments for RESTful in this project:
• Callers are mostly client side elements: flash games, javascript (Ajax
with JQuery)
• Light messages
• Both XML and JSON message format are required
• Easier to be used by clients (SOAP is hard to use without proxy
generation)
• WS-* advanced features were not necessary: transaction, federation,
etc.
• Alternatives to WebHttpBinding:
• ASP.NET Web API – part of ASP.NET MVC 4 Beta
API Platform – WCF RESTful
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• WS-* vs RESTful
• WCF: WSHttpBinding vs WebHttpBinding
• Arguments for RESTful in this project:
• Callers are mostly client side elements: flash games, javascript (Ajax
with JQuery)
• Light messages
• Both XML and JSON message format are required
• Easier to be used by clients (SOAP is hard to use without proxy
generation)
• WS-* advanced features were not necessary: transaction, federation,
etc.
• Alternatives to WebHttpBinding:
• ASP.NET Web API – part of ASP.NET MVC 4 Beta
API Platform – WCF RESTful
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development API Platform – Examples
• POST user/supporting/add
Request:
• GET searchUser/{searchText}
Response:
Request: • POST submitmultiplayergame/
Response:
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• Client applications authentication & authorization: o Protected API methods can be accessed only by authorized client apps.
o The client apps will be identified based on a application name and a private key.
• Message integrity o The data from the request cannot be modified by 3rd parties
o For example the Score parameter for the SubmitGame method
• End User authentication o Some API methods require to be executed in the context of an end user
o For these methods, both the caller app and the user it’s impersonating must be authenticated
• Avoid replay attacks o repeating valid requests either by the originator or by a third who intercepts
the request
API Platform – Security
API Security - Requirements
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
Require the callers to embed this info in the request:
API Platform – Security
API Security - Implementation
HTTP Header SvS-Authorization:
application=<ApplicationName>, user=<UserName>, nonce=<Timestamp>, signature=<md5hash>
AppName ApiKey
ClientApp1 rjvm4Y8hrKkJwfM
ClientApp2 NmD9BaDk6uS5OkS
ClientApp3 L6EYXMQAEMKHcbh
Keep the client apps in a DB table
• AppName – unique for each client
Generate and provide the client apps
developers with a private key (ApiKey)
• ApplicationName – client app name • UserName – SvS user the caller is impersonating • Nonce – timestamp, different for each request • Signature =
MD5(ApiKey, SessionId, Nonce) SessionId: provided by Login API method
Client Apps Table
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
API Method: Login(userName, password) • Authorize caller (client application)
• Validate userName & password against SvS DB and Telligent
• Generate a SessionId and stores it in the cache
• Return the SessionId to the caller
API Platform - Security
API Security - Implementation
User Name
SessionId Nonce
User1 Brgsi4KR8f3BeVj 88258960234
User2 D67NZwChfBT7Z08 88258960236
User3 kUGSpND68kVWlJ5 88258960238
Cache: List of UserSession
Authorize() – internal method (called from each API Method)
• Look up the <ApplicationName> in ClientApps table
• Look up <UserName> in Cache
• Compare provided <Nonce> with session Nonce
• Update session Nonce
• Calculate signature in the same way as the client has done it:
MD5(ApiKey, SessionId, Nonce)
• Compare the signatures
Expire: 15 mins
Alternatives: SSL, OAuth
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
Register Service Routes: Hub.Services.Api.Web / Global.asax / Application_Start
API Platform – Code Sample
Service Contract Interface: Hub.Services.Api.Shared / IScoresService
Service Implementation: Hub.Services.Api / ScoresService
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• Content Delivery Network (CDN) o A large distributed system of servers deployed in multiple data
centers in the Internet
o The servers are optimized for file serving
o When a user request a resource from CDN, the server that is geographically closer to the user serves the resource
o Akamai, one of the biggest CDNs delivers 20 % if of the world’s traffic
Content Delivery Networks - Intro
• Advantages using a CDN
o Reduce the load on your servers
o Support higher traffic
o Reduce the load time to end users
o Geolocation
o May deffend against DDoS attacks
www.spotsvstripes.com origin.spotsvstripes.com
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• Website development targeting CDNs:
• No dynamic content rendered by the server • All “personalized” user content is updated client side
• No session • Most of the page requests will not hit the origin server
• Set HTTP caching headers: • Cache-control (ex: Cache-Control: public, max-age=600)
– max-age (seconds), public, private, no-cache, no-store, must-revalidate
• Last-Modified
• Expires – like max-age but absolute date value
• When both Cache-Control and Expires are present, Cache-Control takes
precedence
Content Delivery Networks - Intro
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• SvS: Configuring HTTP Cache headers in Sitecore
Akamai and SvS Website
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• Configuring HTTP Cache headers in Sitecore
Akamai and SvS Website
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development
• Customized content is updated client side • Ajax calls to SvS API
Akamai and SvS Website
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Mobile &
Development Sitecore – Short Intro
itcampro @ itcamp12 # Premium conference on Microsoft technologies
Q & A