Professional Documents
Culture Documents
Net
Presented by Paul Turner
pturner@eds.com
Overview
What is a Web Service Web Service Design Principals Exploring the Faade pattern Creating a Web Service
Soap Headers and Extensions Consuming a Web Service Deploying Web Services
IAsyncResult Security
Cons
WebService Attribuites
Description Provides a nice description Name Used for Aliasing Namespace Effects the WSDL output
Defaults to http://tempuri.org/
You should change this when developing your WebService and DEFINITELY before deploying it
WebMethod Attribuites
Description Provides a nice description MessageName Used for Aliasing methods with
same name but different signatures BufferResponse Speeds up responses CacheDuration Less load on resources TransactionOption Enterprise transactions EnableSession Allow you to read the IIS Session object from the Web Service
WebMethod Attributes
DEMO
Basicws.asmx
Sidebar
Compatibility
using System.Web.Services.Protocols; [SoapRpcMethod()] [WebMethod()] public int DoSomething() { return 1; } Returns a different style of Xml
Constructors
Need to have constructor with NO parameters
Soap Headers
Allows you to pass extra information/class
to WebMethods using System.Web.Services.Protocols; Derive a class from SoapHeader Create a public object of the class you want to pass within the WebService
Soap Headers
Add the [SoapHeader(ClassInstance)]
attribute to the WebMethod Create an instance of the class Set the InstanceClassValue property of the WebService Call the WebMethod and get a handle on the SoapHeader
Soap Headers
DEMO
Headers.asmx
Soap Extensions
Allows you to inspect Soap and different stages You can modify the Soap
Encryption Compression Logging
Derive from SoapExtension Use ChainStream to get a writable stream Use SoapMessageStage in the ProcessMessage
method to process the message Implement the other required methods
Soap Extensions
ProcessMessage has several
SoapMessageStages:
BeforeSerialize intercept before serialized BeforeDeserialize intercept messages before they are deserialized * AfterSerialize intercept messages after they are serialized * AfterDeserialize intercept before processed
Soap Extension
DEMO
Using WSDL.exe
IAsyncResult parameter Call the Begin method and pass in any parameters, the AsyncCallback and the proxy
Async Calls
DEMO
Security
Often security is an afterthought It IS IMPORTANT !! Credentials are NOT passed to
WebServices even when you use impersonation Web.Config file is STILL important to WebServices You must Enable it
Security
Credentials (Point-To-Point)
Set the Credentials property You can also create credentials at run-time Based on Windows accounts
Tickets (Application)
Needs to be passed with every method call Custom, roll your own Soap Header based
Security
WS-Security (End-To-End)
Emerging standard Can use Custom, Binary, Kerberos Tokens X.509 digital certificates Soap Header based Need WS Enhancements V1.0 (V2.0 in preview)
Soap Extensions
Can provide some basic message level encryption
Security
Passing Credentials
Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
attach them to the request Watch out for WS-Security. things are changing
Security
DEMO
Deployment
When you Add a Web Reference the URL
property is HARD CODED WSDL contains the URL from the site it was generated To the rescue
the proxy has a URL property that you can set to point to the WebService You can implement Load Balancing
Deployment
DEMO
Summary
Beware of the HYPE!! Remember to design differently Use Attributes to customise your Xml
Think (consider) Async Be secure!! Use the deployment tools you have in the
box
As a minimum, set the Description and the Namespace
References
Patterns and Practices:
MSDN:
Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication Search for Web Services