Azure SignalR Service Serverless with Frontdoor & ASP.NET negotiation

Azure Frontdoor is a great way to secure your application against the outside world. One downside though is the lack of websocket support meaning no SignalR communication can get through. This is where the SignalR Service’s serverless option comes in handy. It allows us to establish a connection with the service directly which acts as a proxy between clients and servers.

As illustrated below the client will request the SignalR credentials from the backend via a regular REST call. The Web App negotiates with the SignalR Service, retreives the credentials for the user and passes the result back to the client. With the credentials the user can directly connect to the SignalR Service via Websockets, bypassing the Azure Frontdoor.

For the negotiation we use the Microsoft.Azure.SignalR.Management NuGet package which allows us to communicate with the SignalR Service using Managed Identity.

To find out how to deploy Azure SignalR Service with Managed Identity and Bicep check out this post:

Azure SignalR Service Serverless with Managed Identity and Bicep

Originally published at https://medienstudio.net on January 9, 2024.