Web Services with .

Net
Presented by Paul Turner
pturner@eds.com

Overview

What is a Web Service Web Service Design Principals Exploring the Faade pattern Creating a Web Service

Soap Headers and Extensions Consuming a Web Service Deploying Web Services
IAsyncResult Security

Attributes Returning simple and complex objects

What is a Web Service

Hype, mainly generated by marketing people

What is a Web Service Really!!

The execution of code on a remote
machine The idea has been around for a long time!!!
Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) Enterprise Java Bean (EJB) WinSock (create your own protocol)

What is a Web Service cont

XML is the primary means of
communication, called SOAP Usually over port 80 (HTTP), but can use any TCP port Serializes all method calls into SOAP Returns serialized objects in a SOAP format

What is a Web Service cont

Pros
Portable across platforms IBM, Microsoft, BEA, Sun and the WC3 support it Slower than most traditional RPC methods because SOAP is VERY longwinded Still immature and undergoing change (BE WARNED)

Cons

Web Service Design Principals

Different to most popular RPC Everything is SingleCall Not Object Orientated (OO)
Stateless No properties (you can butdont) Limited OO, the more OO the slower it will be

One common pattern is the Faade

Exploring the Faade pattern

Think of an a Car steering wheel Hides complexity behind a well defined
interface Ideal for Web Services

Creating a Web Service

Create a new ASP.Net Web Service project You get an .asmx and an .asmx.cs using System.Web.Services; Derive your class from WebService Add methods to your class and mark them
with [WebMethod()]

Creating a Web Service

DEMO
basicws.asmx

WebService Attribuites
Description Provides a nice description Name Used for Aliasing Namespace Effects the WSDL output
Defaults to http://tempuri.org/
You should change this when developing your WebService and DEFINITELY before deploying it

WebMethod Attribuites
Description Provides a nice description MessageName Used for Aliasing methods with
same name but different signatures BufferResponse Speeds up responses CacheDuration Less load on resources TransactionOption Enterprise transactions EnableSession Allow you to read the IIS Session object from the Web Service

WebMethod Attributes
DEMO
Basicws.asmx

Returning Simple Types

Simple to return simple types
[WebMethod()] public int DoSomething() { return 1; } Returns a simple Xml response
<?xml version="1.0" encoding="utf-8" ?> <int xmlns="http://tempuri.org/">1</int>

Sidebar
Compatibility
using System.Web.Services.Protocols; [SoapRpcMethod()] [WebMethod()] public int DoSomething() { return 1; } Returns a different style of Xml

Simple Types and SoapRpcMethod

DEMO
Basicws.asmx

Returning Simple Objects

Same as simple types Properties
Need to be read/write

Constructors
Need to have constructor with NO parameters

Methods cannot be serialized

Returning Complex Objects

using System.Web.Services.Protocols; To return a proxy of a custom type:
[XmlIncude(type)]

To customise the Body:

[XmlAttribute()] [XmlElement(elementname)]

Returning Simple and Complex objects

DEMO
Complex.asmx

Soap Headers
Allows you to pass extra information/class
to WebMethods using System.Web.Services.Protocols; Derive a class from SoapHeader Create a public object of the class you want to pass within the WebService

Soap Headers
Add the [SoapHeader(ClassInstance)]
attribute to the WebMethod Create an instance of the class Set the InstanceClassValue property of the WebService Call the WebMethod and get a handle on the SoapHeader

Soap Headers
DEMO
Headers.asmx

Soap Extensions
Allows you to inspect Soap and different stages You can modify the Soap
Encryption Compression Logging

Derive from SoapExtension Use ChainStream to get a writable stream Use SoapMessageStage in the ProcessMessage
method to process the message Implement the other required methods

Soap Extensions
ProcessMessage has several
SoapMessageStages:
BeforeSerialize intercept before serialized BeforeDeserialize intercept messages before they are deserialized * AfterSerialize intercept messages after they are serialized * AfterDeserialize intercept before processed

Soap Extension
DEMO

Consuming Web Services

Add Web Reference to your project
ASP.Net, Windows Forms, Console, Windows Service, COM+ Any .NET project Wsdl /out:proxyclassfilename.cs mywsdlfile.wsdl Add generated proxy file to project then call methods

Using WSDL.exe

Creating Proxy objects

Consuming Web Services

Call WebMethods just like ordinary
methods Update Web References when you add new stuff Regenerate proxy with WSDL.exe when you add new stuff, re-add the proxy class file

Consuming and WSDL

DEMO

IAsyncResult (Callback method)

Create an AsyncCallback Create a method that takes an

IAsyncResult parameter Call the Begin method and pass in any parameters, the AsyncCallback and the proxy

IAsyncResult (WaitOne method)

Call the Begin method and pass in any
parameters, null as the Callback and null as the proxy Call WaitOne until IsCompleted is true

Async Calls
DEMO

Security
Often security is an afterthought It IS IMPORTANT !! Credentials are NOT passed to

WebServices even when you use impersonation Web.Config file is STILL important to WebServices You must Enable it

Security
Credentials (Point-To-Point)
Set the Credentials property You can also create credentials at run-time Based on Windows accounts

Tickets (Application)
Needs to be passed with every method call Custom, roll your own Soap Header based

Security
WS-Security (End-To-End)
Emerging standard Can use Custom, Binary, Kerberos Tokens X.509 digital certificates Soap Header based Need WS Enhancements V1.0 (V2.0 in preview)

Soap Extensions
Can provide some basic message level encryption

Security
Passing Credentials
Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;

You can also create your own credentials and

attach them to the request Watch out for WS-Security. things are changing

Security
DEMO

Deployment
When you Add a Web Reference the URL

property is HARD CODED WSDL contains the URL from the site it was generated To the rescue
the proxy has a URL property that you can set to point to the WebService You can implement Load Balancing

Remember the MSI

Create Web Setup projects to deploy your WebService

Deployment
DEMO

Summary
Beware of the HYPE!! Remember to design differently Use Attributes to customise your Xml
Think (consider) Async Be secure!! Use the deployment tools you have in the
box
As a minimum, set the Description and the Namespace

References
Patterns and Practices:
MSDN:
Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication Search for Web Services

MCAD/MCSD Self Paced Training:

Developing XML Web Services and Server Components with Visual Basic.NET and Visual C#.NET, Microsoft Press