Merge pull request #261063 from ShawnJackson/signalr-concept-client-negotiation

ktoliver · web-flow · commit b673778bb32e · 2023-12-14T13:08:35.000-07:00
[AQ] edit pass: signalr-concept-client-negotiation
diff --git a/articles/azure-signalr/signalr-concept-client-negotiation.md b/articles/azure-signalr/signalr-concept-client-negotiation.md
@@ -1,6 +1,6 @@
 ---
-title: Client negotiation in Azure SignalR service
-description: This article provides information about client negotiation in Azure SignalR service.
+title: Client negotiation in Azure SignalR Service
+description: This article provides information about client negotiation in Azure SignalR Service.
 author: JialinXin
 ms.author: jixin
 ms.service: signalr
@@ -10,104 +10,104 @@ ms.date: 12/08/2023
 
 # Client negotiation
 
-The first request between client and server is the negotiation request. When use self-host SignalR, the request is used to establish a connection between the client and the server. And when use Azure SignalR service, clients connect to the service instead of the application server. This article shares the concept about negotiation protocols and ways to customize negotiation endpoint.
+The first request between a client and a server is the negotiation request. When you use self-hosted SignalR, you use the request to establish a connection between the client and the server. And when you use Azure SignalR Service, clients connect to the service instead of the application server. This article shares concepts about negotiation protocols and ways to customize a negotiation endpoint.
 
 ## What is negotiation?
 
 The response to the `POST [endpoint-base]/negotiate` request contains one of three types of responses:
 
-* A response that contains the `connectionId`, which is used to identify the connection on the server and the list of the transports supported by the server.
+* A response that contains `connectionId`, which identifies the connection on the server and the list of transports that the server supports:
 
-   ```json
-   {
-     "connectionId":"807809a5-31bf-470d-9e23-afaee35d8a0d",
-     "negotiateVersion":0,
-     "availableTransports":[
-       {
-         "transport": "WebSockets",
-         "transferFormats": [ "Text", "Binary" ]
-       },
-       {
-         "transport": "ServerSentEvents",
-         "transferFormats": [ "Text" ]
-       },
-       {
-         "transport": "LongPolling",
-         "transferFormats": [ "Text", "Binary" ]
-       }
-     ]
-   }
-   ```
+  ```json
+  {
+    "connectionId":"807809a5-31bf-470d-9e23-afaee35d8a0d",
+    "negotiateVersion":0,
+    "availableTransports":[
+      {
+        "transport": "WebSockets",
+        "transferFormats": [ "Text", "Binary" ]
+      },
+      {
+        "transport": "ServerSentEvents",
+        "transferFormats": [ "Text" ]
+      },
+      {
+        "transport": "LongPolling",
+        "transferFormats": [ "Text", "Binary" ]
+      }
+    ]
+  }
+  ```
 
-   The payload returned from this endpoint provides the following data:
+  The payload that this endpoint returns provides the following data:
 
-   * The `connectionId` is **required** by the Long Polling and Server-Sent Events transports (in order to correlate sends and receives).
-   * The `negotiateVersion` is the negotiation protocol version being used between the server and client.
-   * The `availableTransports` list describes the transports the server supports. For each transport, the name of the transport (`transport`) is listed, as is a list of "transfer  formats" supported by the transport (`transferFormats`)
+  * The `connectionId` value is required by the `LongPolling` and `ServerSentEvents` transports to correlate sending and receiving.
+  * The `negotiateVersion` value is the negotiation protocol version that you use between the server and the client.
+  * The `availableTransports` list describes the transports that the server supports. For each transport, the payload lists the name of the transport (`transport`) and a list of transfer formats that the transport supports (`transferFormats`).
 
-   > [!NOTE]
-   > Now Azure SignalR service supports negotiate `Version 0` only. And client with the `negotiateVersion` greater than zero will get a response with `negotiateVersion=0` by design. Please check [TransportProtocols](https://github.com/dotnet/aspnetcore/blob/main/src/SignalR/docs/specs/TransportProtocols.md) for protocol details. 
+  > [!NOTE]
+  > Azure SignalR Service supports only `Version 0` for the negotiation protocol. A client that has a `negotiateVersion` value greater than zero will get a response with `negotiateVersion=0` by design. For protocol details, see [Transport Protocols](https://github.com/dotnet/aspnetcore/blob/main/src/SignalR/docs/specs/TransportProtocols.md).
 
-* A redirect response tells the client the URL and optionally access token to use as a result.
+* A redirect response that tells the client which URL and (optionally) access token to use as a result:
 
-   ```json
-   {
-     "url": "https://<Server endpoint>/<Hub name>",
-     "accessToken": "<accessToken>"
-   }
-   ```
+  ```json
+  {
+    "url": "https://<Server endpoint>/<Hub name>",
+    "accessToken": "<accessToken>"
+  }
+  ```
 
-   The payload returned from this endpoint provides the following data:
- 
-   * The `url` is the URL the client should connect to.
-   * The `accessToken` is an optional bearer token for accessing the specified url.
+  The payload that this endpoint returns provides the following data:
 
-* A response that contains an `error` that should stop the connection attempt.
+  * The `url` value is the URL that the client should connect to.
+  * The `accessToken` value is an optional bearer token for accessing the specified URL.
 
-   ```json
-   {
-     "error": "This connection is not allowed."
-   }
-   ```
+* A response that contains an `error` entry that should stop the connection attempt:
 
-   The payload returned from this endpoint provides the following data:
+  ```json
+  {
+    "error": "This connection is not allowed."
+  }
+  ```
 
-   * The `error` that gives details about why the negotiation failed.
+  The payload that this endpoint returns provides the following data:
 
-When you use the Azure SignalR service, clients connect to the service instead of the application server. There are three steps to establish persistent connections between the client and the SignalR Service.
+  * The `error` string gives details about why the negotiation failed.
 
-1. A client sends a negotiate request to the application server.
+When you use Azure SignalR Service, clients connect to the service instead of the app server. There are three steps to establish persistent connections between the client and Azure SignalR Service:
 
-1. The application server uses Azure SignalR Service SDK to return a redirect response containing the Azure SignalR service URL and access token.
+1. A client sends a negotiation request to the app server.
 
-    For ASP.NET Core SignalR, a typical redirect response looks like:
+1. The app server uses the Azure SignalR Service SDK to return a redirect response that contains the Azure SignalR Service URL and access token.
 
-    ```cs
-    {
-        "url":"https://<SignalR name>.service.signalr.net/client/?hub=<Hub name>&...",
-        "accessToken":"<accessToken>"
-    }
-    ```
+   For ASP.NET Core SignalR, a typical redirect response looks like this example:
 
-1. After the client receives the redirect response, it uses the URL and access token to connect to SignalR Service, then service routes client to app server.
+   ```cs
+   {
+       "url":"https://<SignalR name>.service.signalr.net/client/?hub=<Hub name>&...",
+       "accessToken":"<accessToken>"
+   }
+   ```
+
+1. After the client receives the redirect response, it uses the URL and access token to connect to SignalR Service. The service then routes the client to the app server.
 
 > [!IMPORTANT]
-> In self-host SignalR, some user would choose to skip client negotiation when clients only support WebSocket and save the roundtrip for negotiation. However, when working with Azure SignalR service, clients should always ask a trusted server or a trusted authntication center to build the access token. So __DO NOT__ set `SkipNegotiation` to `true` in client side. `SkipNegotiation` means clients need to build the accessToken themselves. This brings security risks that client could do anything to the service endpoint. 
+> In self-hosted SignalR, some users might choose to skip client negotiation when clients support only WebSocket and save the round trip for negotiation. However, when you're working with Azure SignalR Service, clients should always ask a trusted server or a trusted authentication center to build the access token. So _don't_ set `SkipNegotiation` to `true` on the client side. `SkipNegotiation` means clients need to build the access token themselves. This setting brings a security risk that the client could do anything to the service endpoint.
 
-## What can be done during negotiation?
+## What can you do during negotiation?
 
 ### Custom settings for client connections
 
-Customer can gate the client connection to customize settings for security or business needs. For example:
+You can gate the client connection to customize settings for security or business needs. For example:
 
-* Use a short `AccessTokenLifetime` for security
-* Only pass necessary info of client claims
-* Add custom claims for business needs
+* Use a short `AccessTokenLifetime` value for security.
+* Pass only necessary information from client claims.
+* Add custom claims for business needs.
 
 ```cs
 services.AddSignalR().AddAzureSignalR(options =>
     {
-        //  Only pass necessary info in negotiation step
+        //  Pass only necessary information in the negotiation step
         options.ClaimsProvider = context => new[]
         {
             new Claim(ClaimTypes.NameIdentifier, context.Request.Query["username"]),
@@ -119,7 +119,9 @@ services.AddSignalR().AddAzureSignalR(options =>
 
 ### Server stickiness
 
-When you have multiple app servers, by default there's no guarantee that two servers (the one who does negotiation and the one who gets the hub invocation) are the same one. In some cases, customers may want to have client state information maintained locally on the app server. For example, when using server-side Blazor, UI state is maintained at server side so you want all client requests go to the same server including the SignalR connection. Then you would need to enable server sticky mode to `Required` during negotiation.
+When you have multiple app servers, there's no guarantee (by default) that the server that does negotiation and the server that gets the hub invocation are the same. In some cases, you might want to have client state information maintained locally on the app server.
+
+For example, when you're using server-side Blazor, the UI state is maintained at the server side. So you want all client requests to go to the same server, including the SignalR connection. Then you need to enable server sticky mode to `Required` during negotiation:
 
 ```cs
 services.AddSignalR().AddAzureSignalR(options => {
@@ -129,15 +131,15 @@ services.AddSignalR().AddAzureSignalR(options => {
 
 ### Custom routing in multiple endpoints
 
-Another case customer would customize negotiation is in multiple endpoints cases. Since app server provides the service URL as the negotiation response, app server can determine which endpoint to return clients for load balancing and communication efficiency, that is let client connect to the nearest service endpoint to save traffic cost.
+Another way that you can customize negotiation is in multiple endpoints. Because the app server provides the service URL as the negotiation response, the app server can determine which endpoint to return to clients for load balancing and communication efficiency. That is, you can let the client connect to the nearest service endpoint to save traffic costs.
 
 ```cs
-// Sample of custom router
+// Sample of a custom router
 private class CustomRouter : EndpointRouterDecorator
 {    
     public override ServiceEndpoint GetNegotiateEndpoint(HttpContext context, IEnumerable<ServiceEndpoint> endpoints)
     {
-        // Override the negotiate behavior to get the endpoint from query string
+        // Override the negotiation behavior to get the endpoint from the query string
         var endpointName = context.Request.Query["endpoint"];
         if (endpointName.Count == 0)
         {
@@ -147,15 +149,16 @@ private class CustomRouter : EndpointRouterDecorator
             return null;
         }
 
-        return endpoints.FirstOrDefault(s => s.Name == endpointName && s.Online) // Get the endpoint with name matching the incoming request
-               ?? base.GetNegotiateEndpoint(context, endpoints); // Or fallback to the default behavior to randomly select one from primary endpoints, or fallback to secondary when no primary ones are online
+        return endpoints.FirstOrDefault(s => s.Name == endpointName && s.Online) // Get the endpoint with the name that matches the incoming request
+               ?? base.GetNegotiateEndpoint(context, endpoints); // Fall back to the default behavior to randomly select one from primary endpoints, or fall back to secondary when no primary ones are online
     }
 }
 ```
 
-Besides, also register the router to DI using:
+Also register the router to dependency injection:
+
 ```cs
-// Sample of configure multiple endpoints and DI CustomRouter.
+// Sample of configuring multiple endpoints and dependency injection
 services.AddSingleton(typeof(IEndpointRouter), typeof(CustomRouter));
 services.AddSignalR().AddAzureSignalR(
     options => 
@@ -170,34 +173,34 @@ services.AddSignalR().AddAzureSignalR(
 
 ```
 
-## How to add a client negotiation endpoint in `Serverless` mode?
+## How can you add a client negotiation endpoint in serverless mode?
 
-Under `Serverless` mode, there's is no server accepts SignalR clients. To protect your connection string, you need to redirect SignalR clients from the negotiation endpoint to Azure SignalR Service instead of giving your connection string to all the SignalR clients.
+In serverless (`Serverless`) mode, no server accepts SignalR clients. To help protect your connection string, you need to redirect SignalR clients from the negotiation endpoint to Azure SignalR Service instead of giving your connection string to all the SignalR clients.
 
-The best practice is to host a negotiation endpoint and then you can use SignalR clients to this endpoint and fetch service url and access token.
+The best practice is to host a negotiation endpoint. Then you can use SignalR clients to this endpoint and fetch the service URL and access token.
 
-### Azure SignalR service Management SDK
+### Azure SignalR Service Management SDK
 
-Negotiation can be approached by working with [Management SDK](https://github.com/Azure/azure-signalr/blob/dev/docs/management-sdk-guide.md).
+You can approach negotiation by working with the [Management SDK](https://github.com/Azure/azure-signalr/blob/dev/docs/management-sdk-guide.md).
 
-You can use the instance of `ServiceHubContext` to generate the endpoint url and corresponding access token for SignalR clients to connect to your Azure SignalR Service.
+You can use the instance of `ServiceHubContext` to generate the endpoint URL and corresponding access token for SignalR clients to connect to Azure SignalR Service:
 
 ```cs
 var negotiationResponse = await serviceHubContext.NegotiateAsync(new (){ UserId = "<Your User Id>" });
 ```
 
-Suppose your hub endpoint is `http://<Your Host Name>/<Your Hub Name>`, then your negotiation endpoint is `http://<Your Host Name>/<Your Hub Name>/negotiate`. Once you host the negotiation endpoint, you can use the SignalR clients to connect to your hub like this:
+Suppose your hub endpoint is `http://<Your Host Name>/<Your Hub Name>`. Then your negotiation endpoint is `http://<Your Host Name>/<Your Hub Name>/negotiate`. After you host the negotiation endpoint, you can use the SignalR clients to connect to your hub:
 
 ```cs
 var connection = new HubConnectionBuilder().WithUrl("http://<Your Host Name>/<Your Hub Name>").Build();
 await connection.StartAsync();
 ```
 
-A full sample on how to use Management SDK to redirect SignalR clients to Azure SignalR Service can be found [here](https://github.com/aspnet/AzureSignalR-samples/tree/main/samples/Management).
+You can find a full sample on how to use the Management SDK to redirect SignalR clients to Azure SignalR Service on [GitHub](https://github.com/aspnet/AzureSignalR-samples/tree/main/samples/Management).
 
-### Azure SignalR service functions extension
+### Azure SignalR Service function extension
 
-When you use Azure Function App, typically, you can work with the Function Extension. Here's a sample using `SignalRConnectionInfo` to help you build the negotiation response.
+When you use an Azure function app, you can work with the function extension. Here's a sample of using `SignalRConnectionInfo` to help you build the negotiation response:
 
 ```cs
 [FunctionName("negotiate")]
@@ -211,12 +214,11 @@ public SignalRConnectionInfo Negotiate([HttpTrigger(AuthorizationLevel.Anonymous
 }
 ```
 
-Then your clients can request to this function endpoint `https://<Your Function App Name>.azurewebsites.net/api/negotiate` to get the service url and accessToken. A full sample can be found [here](https://github.com/aspnet/AzureSignalR-samples/tree/main/samples/BidirectionChat).
+Then your clients can request the function endpoint `https://<Your Function App Name>.azurewebsites.net/api/negotiate` to get the service URL and access token. You can find a full sample on [GitHub](https://github.com/aspnet/AzureSignalR-samples/tree/main/samples/BidirectionChat).
 
 ## Next steps
 
-See the following articles to learn more about how to use Default and Serverless modes.
-
-- [Azure SignalR Service internals](signalr-concept-internals.md)
+To learn more about how to use default and serverless modes, see the following articles:
 
-- [Azure Functions development and configuration with Azure SignalR Service](signalr-concept-serverless-development-config.md)
+* [Azure SignalR Service internals](signalr-concept-internals.md)
+* [Azure Functions development and configuration with Azure SignalR Service](signalr-concept-serverless-development-config.md)
