itcamp 2012 - ovidiu stan - social media platform with telligent community, wcf restful and sitecore

itcampro @ itcamp12 # Premium conference on Microsoft technologies

Social media platform with Telligent Community, WCF

RESTful and Sitecore

Ovidiu Stan, Software Architect


Mobile &

Development ITCamp 2012 sponsors


Mobile &

Development

• SvS – The Business (Requirements)

• SvS – The Solution (Architecture)

• Telligent Community – Short Intro

• WCF RESTfull API

• Akamai CDN

• Sitecore CMS – Short Intro

Agenda


Mobile &

Development

• The client: Cadbury – Biggest UK chocolate manufaturer, World’s second

– Official Trait Provider for London 2012 Olympics

The Business

• The campaign: “Spots vs Stripes” (SvS) – “Biggest funest game ever”

– “Cadbury is inviting the nation to divide into two teams, Spots v Stripes and play all sorts of games in the run up to the Olympic and Paralympic Games in 2012”


Mobile &

Development

• Much more than just software:

• Real world events & games

• TV ads, TV Show participation (e.g. NBC’s Minutes To Win It)

• Rich presence on social networks: YouTube channels, Facebook, Twitter

• Prizes: Olympics tickets, sweets, cash

Spots v Stripes Campaign


Mobile &

Development System Requirements


Mobile &

Development Spots v Stripe – Games

Real World Games Flash Games

Points


Mobile &

Development SvS Architecture – High Level


Mobile &

Development API Platform - Architecture


Mobile &

Development SvS Architecture - Infrastructure


Mobile &

Development Telligent Community – Short Intro


Mobile &

Development

• Ready-to-use Social Network/Community portal with features like: • Profiles

• Groups

• Friends/Connections

• Blogs, Wikis, Forums

• Search

• RSS Feeds

• Administration: user management, content management

• Moderation

• Extensible platform allowing customization at two levels: • UI: new pages, custom widgets, cutom themes

• API: RESTful API exposing most of the platform functionality: – 3rd party integration

– New UI functionality

Telligent Community – Short Intro

www.telligent.com


Mobile &



Mobile &


Creating Custom Widgets


Mobile &

Development

1. Derive from ExternallyImplementedConfigurableContentFragmentBase



Mobile &

Development

2. Implement PollsWidget.ascx and access property values


3. Compile the web app and deploy it All widgets implement IContentFragment interface.

The available base classes (including ExternallyImplementedContentFragmentBase) implements it too.

When Telligent loads, it finds all the classes from /bin folder that implement this interface

Widget base classes:

ContentFragmentBase – no config values and no external ascx file.

ConfigurableContentFragmentBase – has config values bu no external ascx file.

ExternallyImplementedContentFragmentBase – external ascx file, no config values

ExternallyImplementedConfigurableContentFragmentBase – external ascx file and config vlues

For the first two, controls are added by overriding:

AddContentControls(System.Web.UI.Control control)


Mobile &


• Telligent Community Platform API - Example


Mobile &

Development

• Platform API categories: Users

Add user: POST api.ashx/v2/users.xml (or .json)

Delete user: POST (Header: DELETE)api.ashx/v2/users/{username}.xml (or .json)

Validate user password

etc…

Activity messages

Followers

Groups

Blog posts and comments

Forum

Wiki

Content Search

etc…



Mobile &

Development

• SvS.CommunityClient (façade): wraps some of the Telligent’s API



Mobile &

Development

• RESTful web services - key concepts o Statelessness:

By design, RESTful services are stateless

No storage on server between requests

All information needed is in the request

o Resources: The services act upon resources

Each resource must have in ID resulting in a URI

Example: Users, groups, status messages

o Representation of data: The same resource can have multiple representations

Example: user detail and follower detail

o By design work over HTTP.

o Use standart HTTP verbs for the operations: • GET, POST, PUT, DELETE

• POST can be used to do any updates, including additions and deletions

API Platform – RESTful Services


Mobile &

Development

• WS-* vs RESTful

• WCF: WSHttpBinding vs WebHttpBinding

• Arguments for RESTful in this project:

• Callers are mostly client side elements: flash games, javascript (Ajax

with JQuery)

• Light messages

• Both XML and JSON message format are required

• Easier to be used by clients (SOAP is hard to use without proxy

generation)

• WS-* advanced features were not necessary: transaction, federation,

etc.

• Alternatives to WebHttpBinding:

• ASP.NET Web API – part of ASP.NET MVC 4 Beta

API Platform – WCF RESTful


Mobile &

Development API Platform – Examples

• POST user/supporting/add

Request:

• GET searchUser/{searchText}

Response:

Request: • POST submitmultiplayergame/

Response:


Mobile &

Development

• Client applications authentication & authorization: o Protected API methods can be accessed only by authorized client apps.

o The client apps will be identified based on a application name and a private key.

• Message integrity o The data from the request cannot be modified by 3rd parties

o For example the Score parameter for the SubmitGame method

• End User authentication o Some API methods require to be executed in the context of an end user

o For these methods, both the caller app and the user it’s impersonating must be authenticated

• Avoid replay attacks o repeating valid requests either by the originator or by a third who intercepts

the request

API Platform – Security

API Security - Requirements


Mobile &

Development

Require the callers to embed this info in the request:

API Platform – Security

API Security - Implementation

HTTP Header SvS-Authorization:

application=<ApplicationName>, user=<UserName>, nonce=<Timestamp>, signature=<md5hash>

AppName ApiKey

ClientApp1 rjvm4Y8hrKkJwfM

ClientApp2 NmD9BaDk6uS5OkS

ClientApp3 L6EYXMQAEMKHcbh

Keep the client apps in a DB table

• AppName – unique for each client

Generate and provide the client apps

developers with a private key (ApiKey)

• ApplicationName – client app name • UserName – SvS user the caller is impersonating • Nonce – timestamp, different for each request • Signature =

MD5(ApiKey, SessionId, Nonce) SessionId: provided by Login API method

Client Apps Table


Mobile &

Development

API Method: Login(userName, password) • Authorize caller (client application)

• Validate userName & password against SvS DB and Telligent

• Generate a SessionId and stores it in the cache

• Return the SessionId to the caller

API Platform - Security

API Security - Implementation

User Name

SessionId Nonce

User1 Brgsi4KR8f3BeVj 88258960234

User2 D67NZwChfBT7Z08 88258960236

User3 kUGSpND68kVWlJ5 88258960238

Cache: List of UserSession

Authorize() – internal method (called from each API Method)

• Look up the <ApplicationName> in ClientApps table

• Look up <UserName> in Cache

• Compare provided <Nonce> with session Nonce

• Update session Nonce

• Calculate signature in the same way as the client has done it:

MD5(ApiKey, SessionId, Nonce)

• Compare the signatures

Expire: 15 mins

Alternatives: SSL, OAuth


Mobile &

Development

Register Service Routes: Hub.Services.Api.Web / Global.asax / Application_Start

API Platform – Code Sample

Service Contract Interface: Hub.Services.Api.Shared / IScoresService

Service Implementation: Hub.Services.Api / ScoresService


Mobile &

Development

• Content Delivery Network (CDN) o A large distributed system of servers deployed in multiple data

centers in the Internet

o The servers are optimized for file serving

o When a user request a resource from CDN, the server that is geographically closer to the user serves the resource

o Akamai, one of the biggest CDNs delivers 20 % if of the world’s traffic

Content Delivery Networks - Intro

• Advantages using a CDN

o Reduce the load on your servers

o Support higher traffic

o Reduce the load time to end users

o Geolocation

o May deffend against DDoS attacks

www.spotsvstripes.com origin.spotsvstripes.com


Mobile &

Development

• Website development targeting CDNs:

• No dynamic content rendered by the server • All “personalized” user content is updated client side

• No session • Most of the page requests will not hit the origin server

• Set HTTP caching headers: • Cache-control (ex: Cache-Control: public, max-age=600)

– max-age (seconds), public, private, no-cache, no-store, must-revalidate

• Last-Modified

• Expires – like max-age but absolute date value

• When both Cache-Control and Expires are present, Cache-Control takes

precedence

Content Delivery Networks - Intro


Mobile &

Development

• SvS: Configuring HTTP Cache headers in Sitecore

Akamai and SvS Website


Mobile &

Development

• Configuring HTTP Cache headers in Sitecore



Mobile &

Development

• Customized content is updated client side • Ajax calls to SvS API



Mobile &

Development Sitecore – Short Intro


Q & A

itcamp 2012 - ovidiu stan - social media platform with telligent community, wcf restful and sitecore

Technology