Chris Gomez

Development topics for the indie programmer

Hands On with SignalR - Philly.NET

Thanks to everyone who came to see Nick Berardi and I introduce SignalR development to you.

A reminder that the link to the materials for tonight are here: Hands-On Materials

I have placed the "extended" Word document in the zip, but left the project in it's original state.  

How many people would like to see the architecture fleshed out?  I mentioned in the talk that I held off separating the StockTicker and the HubContext because I thought it would detract from learning about SignalR, but I firmly believe you can keep your current systems decoupled as long as they have a way to subscribe or notify others of pertinent changes.  I might work on that just to have a solid reference for how you use this technology in the real business world.  Too many people start thinking SignalR couples too tightly to your logic, but it doesn't have to be this way!

OWIN–What? Where? Why? – Philly.NET

“15 Minutes of Fame” nights at user groups are fun.  It’s challenging to provide value to your fellow developers in 15 minutes.  Thanks to everyone who saw my little piece of a series of great talks.

Lately, I’ve been working with SignalR and WebAPI, but self-hosted in my own application (not deployed to IIS).  The application is a thick client that other clients communicate with using standard web protocols (thanks to the self-hosting!).  This makes it awfully easy to deploy your app and NOT have to worry about whether your customers’ firewalls will allow the traffic or if they set up your server correctly.  The client IS the server!

What’s OWIN good for?  In short, you can use it to make your application portable between servers (at this time, this is likely saying “portable between IIS and self-hosted in your own app”). 

You can also use it to only take the frameworks or pipelines you want.  If you are using ASP.NET Web API, do you REALLY need the whole IIS pipeline and ASP.NET page cycle?  You might not.  Do you hate that to get simple membership you have to take all of System.Web?  As more frameworks and middleware support the OWIN specification, you’ll pick just what you want.  As Scott Hanselman would say: “The Lego pieces are the right size.”

Resources for you to learn more about OWIN:

This is still in prerelease, but you can learn a lot about the idea of separating frameworks from hosts and servers so that your applications are more portable and flexible.  Why be limited to IIS or even Windows for that matter?

The Katana Project - OWIN for ASP.NET – Video

An Overview of Project Katana – An overview of the need for OWIN and walks you through some simple examples.

How I am using OWIN – Damian Hickey shows you how his web applications are testable because OWIN eliminated the dependency on a network/http stack just to test.

OWIN, Katana, and getting started – Another short explanation, with some great visuals.  Also a simple getting started sample.

The Realtime Web – Central Penn .NET User Group

Thanks to everyone who attended my presentation on the Realtime, Stateful, Programmable Web.  In it, I discussed technologies like SignalR, OWIN, and Javascript Engines.  They enable you to create applications that have server push technologies to enable real time like scenarios, self-hosted applications that act as mini web-servers, and embedding a JavaScript engine to provide a real programming API for your users.

We talked about a lot of things in this session, so a link dump seemed in order to many of the resources you’ll want to visit:

SignalR Samples

Tutorial - Getting Started with SignalR – The chat application

Tutorial - Server broadcast with SignalR – The stock ticker sample


The Web Is Ready For Games: ASP.NET Edition

Part 1 – Introduction

I have longed for the web to be ready for high performance games, including multiplayer games.  I believe we are at the point where the technologies you need to build high performance, real time games are here.  The exciting thing is we have a lot of choices now.

I believe we can use Microsoft tools and technologies to deliver the games I am speaking of.  I am going to show you how ASP.NET and many of its pieces such as SignalR can be a foundation, but what will be more exciting is when we explore the options afforded us by OWIN and scaling technologies like the Windows Azure Service Bus.

Getting started is going to involve learning how to develop with ASP.NET SignalR.  You  may be hearing a lot about SignalR lately.  It certainly can be labeled the new hotness.  People are excited about the prospect of real-time applications on the web and breaking the stateless request/response paradigm.

How is that even possible, you may ask?  Well, the fact of the matter is there is no magic going on here… no cheating… it’s still the web.  It’s just that some very clever techniques developed over the years, plus newer features like WebSockets are coming together to enable this.


Music and Sound Assets for your Games

Every so often I go looking for some old tweet where I list these places to go find inexpensive or free music and sounds you can use in your projects.  So, to avoid losing them yet again, here they are: – Lots of sounds here.  Maybe you want a cheap/free sound effect.  Give it a look. – Royalty free music. – Lots of royalty free music here.  Most/all seem to be 99 cents. – One of the earliest sites I remember.  It’s beginning to look aged compared to the polished stuff coming out now, but if you find the music you want, who cares?

SingleCoil Studios – Offering royalty free audio that ranged from a few dollars to about $20.  They use soundcloud to let you listen.  There are some great tracks here.

Lucky Lion Studios – Offering royalty free music.  Most (or all?) appeared to be $5.

McFarland BEATS by Matthew McFarland – Royalty free music with what I believe looked like a generous license for use or remix.  Looked free to me, but check the licensing yourself.

Visionary Sound – Letting the site speak for itself: “A collection of  99 Foley sound effects, including paper pages, books, liquids, clothing, keyboards and more.”

Something different – This is a listening/streaming site. Polished looking site that incorporates social media throughout.  It was delightful to see user comments pop up during play.  I’ll have to explore this more.  There is a developer API, so I wonder if you might stream from it during gameplay.  Not recommending that… there is some exploring to do.

Philly.Net Code Camp 2013.1

Thanks to everyone who attended “The Real-Time Web with ASP.NET, SignalR, and JavaScript”.  I‘m happy to promote the idea of a stateful, realtime, and programmable web.

The Code and Slides are available for download.



The Code demonstrates ASP.NET SignalR on a client and server.  The Client uses ASP.NET MVC 4 but it’s primary purpose is to serve client code, not use MVC-ness.  The Server is a console app that embeds a Javascript engine (Noesis Javascript) and creates and hosts the SignalR Hub.

This code download DOES include the AntiXSS library because I didn’t fear the user input to the chat console in the presentation and you should always fear user input!

My next move is to get this on GitHub and continue to expand it into a better and more useful demonstration of SignalR and the new realtime web.

See this post for a brain dump of material I used to put this together, including links to the various JavaScript engines, the single page application layout I used, various HTML5 Canvas engines.\\

Windows 8 Camp - Harrisburg Area Community College

Thanks to everyone for attending the Windows 8 Camp at Harrisburg Community College.  I was happy to present on JavaScript development for Windows Store and also on How Windows Store Apps run.

I also want to extend a hearty thank you for bearing with us as we worked through the difficulties to get the camp started.

Instead of posting the code and slides like usual, I want to direct you to the Windows 8 "Camp In A Box" which is the same content.  The samples and slides were pulled from the presentations and labs in that series.  It is preferred that I direct you to the full package rather than give you what I culled to fit in fifty minute presentations.

Windows 8 "Camp In A Box"

The Windows 8 "Camp In A Box" is a download that gives you all the content that can jumpstart your learning (or speaking) about Windows 8 Store development.  You'll recognize my content from this package.  You can download it for C#/XAML development or JavaScript development for Windows 8.

You can find it here:
Windows 8 Camp In a Box


Philly.NET - The New Web: Stateful, Realtime, Programmable

Thanks to everyone who came to see my talk about the tools we have to make the web realtime, stateful, and programmable.

Slides download - The New Web Slides

Code download -

This download includes the NuGet packages (I didn't enable NuGet package restore).  You should be able to open the GameServer in VS2012 and start it before opening and starting the MapClient.

Remember that you'll want the latest Firefox or Chrome or Internet Explorer 9/10. 

And a live demonstration of the code is online at  Open two browsers and move tokens around right now!

CMAP Fall 2012 Code Camp - The Stateful, Realtime Web

Thanks to everyone who attended my talk about the Stateful and Realtime web.  It's a little bit more than "another SignalR" talk, as I am focusing on building a game state server that your web client connects to so players can see updates in real time.

Code and Slides

Presentation Slides (PowerPoint 911KB)

Code (2.0MB)

Notes on the code download: My goal was that you could download this, run the GameStateServer and let it start, then run the MapClient and you would be up and running.  The solutions are VS 2012 solutions with my source control bindings removed.  The NuGet packages are not in here so NuGet Package Restore should pick them up for you on your build attempt.  IISExpress should launch for MapClient.


Here are links to many things we discussed in the talk:

Single Page Application Layout

Steve Sanderson's Blog - I liked how this looked and worked and for someone new to hardcore CSS, I understood what it was doing to divide and subdivide "rows" and "columns"

HTML5 canvas "engines" or "toolkits"

EaselJS - part of CreateJS. Designed to implement a "game loop" and ease your using a raw canvas

KineticJS - HTML5 Canvas framework

ImpactJS - Focused on game development using canvas. They support iOS and Win8 JS too.

Realtime Web Frameworks

SignalR - Of interest to the ASP.NET developer because it is about to be officially part of ASP.NET. Open source and supported.

node.js - Javascript runtime with massive community support (via Node Package Manager). Should be able to use and nowjs packages to do what SignalR does.

Javascript Engines

Noesis Javascript.NET - Exposes the Google V8 engine via .NET. Does require MS VC++ runtime. Fast and thorough. Simple to use.

Jurassic - A .NET implementation of ECMAScript. Not as fast. Also not as simple to use, but isn't wrapping a C++ implementation, either.

Jint - Javascript Interpreter for .NET.  I got this implemented, but it would not run the basic script you see in my "immediate window". I gave up trying to figure out why.  YMMV.

Hosting languages in .NET

Dynamic Languages 101 - Ted Neward discusses hosting several dynamic languages like Lua, Scheme, Prolog.

Hosting C# using Roslyn - Compiler as a service is coming.  Maybe you'd like to just keep writing C# or VB?

Store passwords the right way in ASP.NET

Code Download: Hash Winforms project (10 kb)

The web attacks against sites like Gawker, the Sony Playstation Network, various Sony sites, and even the FBI-affiliated Infragard made some big headlines.  Just this month, Anonymous has released passwords of BART officers online.

My frustration with these attacks was how quickly the attackers were able to post credentials online of the users.  This should have taken much longer and quite possibly been impossible to accomplish, even with stolen data.

Your users, whether they should be or not, might be using the same user name and password on several key sites like Facebook, Twitter, their bank (checking or credit card), or a government site.  Maybe your state’s DMV is creating user accounts now and someone could request a new ID card using the name and password reused on a simple blog.

Defense In Depth

This post and the follow-ups do not claim to be the end-all last word on web site security.  It is merely the beginning.  I am going to take a small piece of this larger world and explore it with you.  Do not think this is the end of the story.  You should be defending your servers, your databases, and your code using all means appropriate for your needs.

Today’s Example and Assumptions

So for purposes of today’s story, we are going to assume the database with all of your user’s login credentials (username and password) has been copied and stolen.  I’m going to use this as an assumption because, just in the last year, we’re seeing passwords recovered again and again so the raw data is being stolen.

The thief is now staring at your database in, let’s say, SQL Server Management Studio.  Do you want the thief to see this?

plaintext database