From 1862b1214a4279edf639114a0f420550346ebabc Mon Sep 17 00:00:00 2001 From: Luke Latham Date: Tue, 10 Nov 2020 05:14:34 -0600 Subject: [PATCH] Blazor Azure Front Door clarification (#20454) --- aspnetcore/blazor/security/server/threat-mitigation.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/aspnetcore/blazor/security/server/threat-mitigation.md b/aspnetcore/blazor/security/server/threat-mitigation.md index 0ab80e8a7a..85e89c7328 100644 --- a/aspnetcore/blazor/security/server/threat-mitigation.md +++ b/aspnetcore/blazor/security/server/threat-mitigation.md @@ -5,7 +5,7 @@ description: Learn how to mitigate security threats to Blazor Server apps. monikerRange: '>= aspnetcore-3.1' ms.author: riande ms.custom: mvc -ms.date: 05/05/2020 +ms.date: 11/09/2020 no-loc: [appsettings.json, "ASP.NET Core Identity", cookie, Cookie, Blazor, "Blazor Server", "Blazor WebAssembly", "Identity", "Let's Encrypt", Razor, SignalR] uid: blazor/security/server/threat-mitigation --- @@ -84,7 +84,10 @@ By default, there's no limit on the number of connections per user for a Blazor * Require authentication to connect to the app and keep track of the active sessions per user. * Reject new sessions upon reaching a limit. * Proxy WebSocket connections to an app through the use of a proxy, such as the [Azure SignalR Service](/azure/azure-signalr/signalr-overview) that multiplexes connections from clients to an app. This provides an app with greater connection capacity than a single client can establish, preventing a client from exhausting the connections to the server. - * At the server level: Use a proxy/gateway in front of the app. For example, [Azure Front Door](/azure/frontdoor/front-door-overview) enables you to define, manage, and monitor the global routing of web traffic to an app. + * At the server level: Use a proxy/gateway in front of the app. For example, [Azure Front Door](/azure/frontdoor/front-door-overview) enables you to define, manage, and monitor the global routing of web traffic to an app and works when Blazor Server apps are configured to use Long Polling. + + > [!NOTE] + > Although Long Polling is supported for Blazor Server apps, [WebSockets is the recommended transport protocol](xref:blazor/host-and-deploy/server#azure-signalr-service). [Azure Front Door](/azure/frontdoor/front-door-overview) doesn't support WebSockets at this time, but support for WebSockets is under consideration for a future release of the service. ## Denial of service (DoS) attacks