I am experienced in Unity, but new to mutiplayer and web- programming. I am unsure how to start. The game will be a kind of role playing survival game for mobile and maybe desktop. The idea is to have weekly player tournaments. That means we need player authentication with saving player stats and all players starting a new game on the same day play automatically together for one week. Everything is asynchronous and not realtime.
After reading this
I tend to using playfab or darkrift. We also have an own server we could use.
Any suggestions for libraries and services welcome!
Sorry I only just saw this, sounds like DarkRift Networking would be quite good for you! Lets go through your requirements
Player authentication: DarkRift has a basic login plugin for you, but usually you’d use https to log the player in on your webserver and then store a token in the database for their login session. Then, when they connect to the DarkRift server, then send their authentication key and are allowed to play
Saving player stats: Back to databases! There’s builtin functionality to directly connect to your database with DarkRift Networking (currently only MySql supported but Darkrift 2 should support OleDb so you can connect to pretty much any). You can thus store whatever user data/world data etc in there
Asynchronous: I’m assuming by that you mean more turnbased? If so you should be able to handle quite a few matches from one server!
By the description I’m not sure but if you also need server side physics DarkRift servers can be ‘embedded’ into a Unity instance to allow you to use Unity’s physics (though it has a performance penalty unfortunately)
I hope that helps, I’d advise that you just get stuck in with the free version and have a play around!
What if a user reads the network traffic and types in these lines into a browser? The attacker could cheat himself in the leaderboard. How to detect I a packet comes from an app or from a browser? I read about cross-side-scripting but did not find a solution.
Not necessarily, if you use DarkRift the that can talk directly to the database to store, therefore there’s no public access to set highscores. That way the only way they could cheat would be with a hacked client/bot/etc which you could detect and stop during validation.
