We have a number of reservations about the use of HTML5 WebSockets. By allowing the server to initiate actions on the browser, WebSockets departs from the connectionless, request/response model that underpins the World Wide Web today. Security is another big risk with WebSockets. For example, the standard does not impose any cross-origin request policy. However, we do recognize that in certain monitoring or alerting applications, WebSockets can be very useful. If you need to build a .NET WebSockets server, SignalR conveniently implements much of the additional code you need for a robust production application. This includes some recommended security practices such as validating connection tokens and activating SSL when encryption is needed. Although ThoughtWorks teams have been very happy with SignalR, there are still fundamental issues with WebSockets that you should consider before diving in.
