Sie sind auf Seite 1von 43

Building Web Services with .

NET

Nigel Watson (nigelwat@microsoft.com)


Academic Developer Relations
Developer and Platform Strategy Group
Microsoft PTY, Melbourne
Agenda
• Building the Programmable Web
• Web Services in .NET
• Furthering standards: GXA
• Summary
.NET Vision
Bank Ski Lodge

Airline

Ski Hire Gear


Building the Programmable Web
So… What is a Web Service?

• A remote procedure call technology based on open standards


• A way to connect disparate applications on disparate platforms using open standards
• A way to automate application to application integration using open standards
• A way to expose application functionality using open standards

OPEN STANDARDS ARE KEY TO WEB SERVICES


Web applications today...

HTML
L
HT

T M
M

H
L

Presentation
tier
BusLogic
tier
OS/Data
tier
The Web Services protocol stack
Founded on industry standard protocols XML and HTTP

SOAP used to call methods on other systems


using XML over HTTP SOAP
Simple Object Access
Protocol
WSDL used to describe a Web Service’s interface
(i.e. methods available, parameters, return
values etc.) WSDL
Web Services
Description Language
UDDI is a directory that can be used to
programmatically search for a Web Service

UDDI
Universal Description,
Discovery and Integration
Next generation web applications…
Applications Become
Other Programmable Web Services Public Web
Services X Services
ML L
XM
Presentation
Presentation .NET
Smarter tier
tier
XML Services
Clients XML
BusLogic
tier Internal
Standard XML
HTML Services
Browsers OS/Data
tier
M L XM
Smarter X L Servers
DevicesIndustry Standard Protocols Data, Hosts
(HTTP, XML, SOAP, WSDL, UDDI)
Richer, More Applications Leverag
roductive User Globally-Available
Experience Federated Web Servic
Standards adherence is crucial
Web services will not reach their full potential without vendor interoperability…
W3C
• Committee overseeing the development and adoption of Internet standards
WS-I
• Industry initiative to promote vendor Web Services interoperability
• Over 150 participants, including Microsoft, IBM, Oracle, SAP, Sun…
• See www.ws-i.org for more information
OASIS
• Involved in WS-Security standardisation process
From standards to implementation
• .NET provides an implementation of the Web
Services technology stack.
• Other vendors have similar libraries
• IONA – Orbix E2A Web Services
• IBM – WSTK for WebSphere (Now the ETTK)
• BEA – Integrated into WebLogic 8.1 appserver
• Open source/Freeware
• AXIS (Apache)
• Glue
• Etc…
Agenda
• Building the Programmable Web
• .NET and Web Services
• Furthering standards: GXA
• Summary
.NET and Web Services
• ASP.NET Architecture
• Creating and consuming Web Services
• Watching SOAP Messages
• Adding meta-data to your Web Service
ASP.NET Web Services Architecture

SOAP Requests

ASP.NET Web Service


SOAP Responses
[WebMethod]
Client Code Public string blah()
{…}
ISAPI Ext ASP.NET Worker Process
Platform IIS Common Language Runtime
OS O/S (W2K, XP, WS2K3)
ASP.NET – Server Side
• To create a web service:
• Create a new project in VS.NET
• Add a Web Service class
• Add methods to the class, decorate with
[WebMethod] attribute
[WebService]
Public Class Foo
{
[WebMethod]
public string Hello( string strName)
{ … }

}
ASP.NET – Client Side
• To consume a web service:
• Add a web reference to the web service to your
project
• This adds a Web Service proxy class to your
project
• Instantiate an instance of the proxy class and
begin calling methods on it.

localhost.Foo ws = new localhost.Foo();
string result = ws.Hello();

Demo – Create and Consume a
simple Web Service

demo
Drilling into SOAP Messages
<s:Envelope xmlns:s=“http://www.w3.org/2001/09/soap-envelope”>
<s:Header>
<c:alertcontrol xmlns:c=“http://example.org/alctl”>
<c:priority>1</c:priority>
<c:expires>2001-10-25T14:00:00</c:expires>
</c:alertcontrol>
</s:Header>
<s:Body>
<m:alert xmlns:m=“http://example.org/alert”>
<m:msg>Pick up Mary at school at 2pm</m:msg>
</m:alert>
</s:Body>
</s:Envelope>
Demo – Use proxyTrace to watch
SOAP messages

demo
Adding meta-data to your service
• You can add useful information to your Web
Service’s browse page with attribute
parameters:
• This information also appears in the Web
Service’s WSDL description
[WebService(Description=“Foo Service”, NameSpace=“http…”)]
Public Class Foo
{
[WebMethod(Description=“Hello method”)]
public string Hello( string strName)
{ … }

}
Demo – Adding meta-data to your
Web Service

demo
Adding state to your Web Service
• By default, state is not supported in Web
Service methods.
• Can overide by setting the EnableSession
property of [WebMethod] to true
• Session[] will be available from the method
• Can use normal ASP.NET session features

[WebMethod(EnableSession=True)]
public string Hello( string strName)
{ …
Session[“blah”] = “blahblahblah”
}
Adding state to your Web Service
• ASP.NET uses cookies to keep track of
sessions
• Default client proxy does not know about
cookies – need to add a container for them.

// Form init code
ws = new localhost.Foo();
ws.CookieContainer = new System.Net.CookieContainer()


string result = ws.Hello();

Demo – Adding state to your Web
Service

demo
Using IIS to secure WS’s
• Web Services in ASP.NET can use IIS
authentication (as well as SSL)
• Simple, but:
• Ties you to IIS for authentication
• Not an open approach
• Quickest approach for securing Web
Services when you’ve got control over both
ends of the equation…
IIS Security

Client

SOAP HTTP Request

IIS

SOAP Message

ASP.NET WS

• Can use any of IIS’s authentication methods…


IIS Steps: Server
• Create a group for access control
• Use role-based security checks in your Web
Service code (checking that group)
• Use inetmgr to turn off anonymous access
to that Web Service
IIS Steps: Client
• Add Credentials to the Web Service Proxy
instance:
Using System.Net;

// Form init code
ws = new localhost.Foo();
ws.Credentials = CredentialCache.DefaultCredentials;

Demo – Securing a Web Service
using IIS/ASP.NET

demo
Agenda
• Building the Programmable Web
• Web Services in .NET
• Furthering standards: GXA
• Summary
There are still some gaps to fill…
End-to-end security including
authentication, authorization, Security
message integrity and encryption

Ability to dynamically configure message


routing paths for scalability and fault Routing
tolerance

End-to-end guarantee of message Reliable


delivery with semantics (at-least-
once, at-most-once, exactly-once) Messaging

Ability to transact across companies


and provide compensation Transactions
semantics
Global XML Web Services
Architecture - GXA
Transactions

Reliable Messaging …

Referral Security Directory

Routing License … Inspection

Description
GXA Design Principles
• General-purpose
• Agnostic to application domain
• Standards-based
• Multi-vendor interoperation critical
• Federated
• No central point of administration, control or
failure
• Modular
• Factored to stand alone or work together
General-Purpose
• Universal communications • Application category neutral
• Across machine • Enterprise application
• Across process integration
• Business-to-business
• Flexible communications • Business-to-consumer
• Extensible headers • Peer-to-peer
• Extensible body
• Extensible communication • Platform neutral
topology • Devices
• Transport protocol neutral • Desktops
• Clusters
• Datacenters
Standards-Based
• We are committed to…
• Publishing GXA specifications
• Working with partners to refine specifications
• Working with partners, customers, and
standards bodies for broad adoption
• WS-Security submitted to OASIS
• WS-I likely to profile security and other functionality
Federated
• Fully distributed
• Builds upon DNS and IP
• Strong affinity towards hierarchical URI
• Crosses organization and trust domains
• Can be inspected by firewalls
• Can interoperate with Kerberos and PKI
• Does not require centralized servers
or administration
Modular
• GXA framework layered on SOAP/WSDL
extensibility hooks
• GXA surfaced as composable headers for SOAP
messages
• GXA specifications are highly factored
• Often coalesced as they evolve
• GXA specifications are combined to provide end-
to-end capabilities
• GXA protocols augment problem domain-specific
protocols (e.g., banking)
Modular: Example
<?xml version="1.0" encoding="utf-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
SOAP xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Message <S:Header>
<m:path xmlns:m="http://schemas.xmlsoap.org/rp">
<m:action>http://tickers-r-us.org/getQuote</m:action>
<m:to>soap://tickers-r-us.org/stocks</m:to>
Routing <m:from>mailto:johnsmith@isps-r-us.com</m:from>
<m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>
</m:path>
<wssec:Security
xmlns:wssec="http://schemas.xmlsoap.org/ws/2002/04/secext">
<wssec:BinarySecurityToken
ValueType="wssec:X509v3"
Security EncodingType=“wssec:Base64Binary">
dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD
</wssec:BinarySecurityToken>
</wssec:Security>
</S:Header>
<S:Body>
<app:TrafficStatus
xmlns:app="http://highwaymon.org/payloads">
<road>520W</road><speed>3MPH</speed>
</app:TrafficStatus>
</S:Body>
</S:Envelope>
WS-Security 1.0
• A specification for proposed SOAP
extensions to be used when building secure
Web services.
• Supercedes the following specifications
• SOAP-SEC
• Microsoft’s WS-Security, WS-License
• IBM’s security token and encryption
• Dependent upon XML DIGSIG, XML
Encryption, XML Schema, SOAP…
• Defined schema
WS-Security 1.0
• Protection
• Integrity = XML Signature + Security Tokens
• Confidentiality = XML Encryption + Security
Tokens
Non-Goals of WS-Security
• Establishing a security context that requires
multiple exchanges
• Key exchange and derived keys
• How trust is established
• Policy Enforcement
• Provisioning of certificates
• XKMS
WS-Security 1.0

• We have some more work to do…

WS-Secure
Conversation
WS-Federation WS-Authorization

WS-Policy WS-Trust WS-Privacy

Today WS-Security

SOAP

Refer to Security Roadmap – http://msdn.microsoft.com/webservices


Summary
• Reviewed Web Services protocol stack
• Looked at how you can leverage Web
Services from .Net
• Looked briefly at how web services will
evolve over time
Further information
• http://msdn.microsoft.com
• http://gotdotnet.com
• Developmentor mailing list
• MSDN Updates (monthly)
• http://msdn.microsoft.com/flash
• Melbourne .NET User’s Group
(http://www.mdnug.org)
• Australian Developers.NETwork
(http://www.ausdev.net)
© 2001 Microsoft Corporation. All rights reserved.