Webservices

Building Web Services with .NET

Nigel Watson ([email protected]) Academic Developer Relations Developer and Platform Strategy Group Microsoft PTY, Melbourne

Agenda • Building the Programmable Web • Web Services in .NET • Furthering standards: GXA • Summary

.NET Vision Bank

Ski Lodge

Airline

Ski Hire Gear

Building the Programmable Web So… What is a Web Service? • • • •

A remote procedure call technology based on open standards A way to connect disparate applications on disparate platforms using open standards A way to automate application to application integration using open standards A way to expose application functionality using open standards OPEN STANDARDS ARE KEY TO WEB SERVICES

Web applications today...

HTML

L M HT

Presentation tier BusLogic tier OS/Data tier

L M T H

The Web Services protocol stack Founded on industry standard protocols SOAP used to call methods on other systems using XML over HTTP WSDL used to describe a Web Service’s interface (i.e. methods available, parameters, return values etc.) UDDI is a directory that can be used to programmatically search for a Web Service

XML and HTTP SOAP

Simple Object Access Protocol

WSDL

Web Services Description Language

UDDI

Universal Description, Discovery and Integration

Next generation web applications…

Applications Become Other Programmable Web Services Public Web

Services X ML Smarter Clients

XML

Standard ML T H Browsers

Presentation Presentation tier tier BusLogic tier OS/Data tier

L XM XML

XML

Services

.NET Services Internal Services

XM L M Smarter L Servers X DevicesIndustry Standard Protocols Data, Hosts (HTTP, XML, SOAP, WSDL, UDDI) Richer, More Applications Leverag roductive User Globally-Available Experience Federated Web Servic

Standards adherence is crucial Web services will not reach their full potential without vendor interoperability…

W3C •

Committee overseeing the development and adoption of Internet standards

WS-I • Industry initiative to promote vendor Web Services interoperability • Over 150 participants, including Microsoft, IBM, Oracle, SAP, Sun… • See www.ws-i.org for more information OASIS •

Involved in WS-Security standardisation process

From standards to implementation • .NET provides an implementation of the Web

Services technology stack. • Other vendors have similar libraries • • • •

IONA – Orbix E2A Web Services IBM – WSTK for WebSphere (Now the ETTK) BEA – Integrated into WebLogic 8.1 appserver Open source/Freeware • AXIS (Apache) • Glue • Etc…

Agenda • Building the Programmable Web • .NET and Web Services • Furthering standards: GXA • Summary

.NET and Web Services • ASP.NET Architecture • Creating and consuming Web Services • Watching SOAP Messages • Adding meta-data to your Web Service

ASP.NET Web Services Architecture SOAP Requests

SOAP Responses Client Code

ASP.NET Web Service [WebMethod] Public string blah() {…}

Platform OS

ISAPI Ext

ASP.NET Worker Process

IIS

Common Language Runtime O/S (W2K, XP, WS2K3)

ASP.NET – Server Side • To create a web service: • Create a new project in VS.NET • Add a Web Service class • Add methods to the class, decorate with [WebMethod] attribute [WebService] Public Class Foo { [WebMethod] public string Hello( string strName) { … } }

…

ASP.NET – Client Side • To consume a web service: • Add a web reference to the web service to your project • This adds a Web Service proxy class to your project • Instantiate an instance of the proxy class and begin calling methods on it. … localhost.Foo ws = new localhost.Foo(); string result = ws.Hello(); …

Demo – Create and Consume a simple Web Service

demo

Drilling into SOAP Messages <s:Envelope xmlns:s=“http://www.w3.org/2001/09/soap-envelope”> <s:Header> 1 2001-10-25T14:00:00 <s:Body> <m:alert xmlns:m=“http://example.org/alert”> <m:msg>Pick up Mary at school at 2pm

Demo – Use proxyTrace to watch SOAP messages

demo

Adding meta-data to your service • You can add useful information to your Web

Service’s browse page with attribute parameters: • This information also appears in the Web Service’s WSDL description [WebService(Description=“Foo Service”, NameSpace=“http…”)] Public Class Foo { [WebMethod(Description=“Hello method”)] public string Hello( string strName) { … } … }

Demo – Adding meta-data to your Web Service

demo

Adding state to your Web Service • By default, state is not supported in Web

Service methods. • Can overide by setting the EnableSession property of [WebMethod] to true • Session[] will be available from the method • Can use normal ASP.NET session features [WebMethod(EnableSession=True)] public string Hello( string strName) {

… Session[“blah”] = “blahblahblah”

}

Adding state to your Web Service • ASP.NET uses cookies to keep track of

sessions • Default client proxy does not know about cookies – need to add a container for them. … // Form init code ws = new localhost.Foo(); ws.CookieContainer = new System.Net.CookieContainer() … string result = ws.Hello(); …

Demo – Adding state to your Web Service

demo

Using IIS to secure WS’s • Web Services in ASP.NET can use IIS

authentication (as well as SSL) • Simple, but: • Ties you to IIS for authentication • Not an open approach

• Quickest approach for securing Web

Services when you’ve got control over both ends of the equation…

IIS Security Client SOAP HTTP Request

IIS SOAP Message

ASP.NET WS

• Can use any of IIS’s authentication methods…

IIS Steps: Server • Create a group for access control • Use role-based security checks in your Web

Service code (checking that group) • Use inetmgr to turn off anonymous access to that Web Service

IIS Steps: Client • Add Credentials to the Web Service Proxy

instance: Using System.Net; … // Form init code ws = new localhost.Foo(); ws.Credentials = CredentialCache.DefaultCredentials; …

Demo – Securing a Web Service using IIS/ASP.NET

demo

Agenda • Building the Programmable Web • Web Services in .NET • Furthering standards: GXA • Summary

There are still some gaps to fill… End-to-end security including authentication, authorization, message integrity and encryption

Security

Ability to dynamically configure message routing paths for scalability and fault tolerance

Routing

End-to-end guarantee of message delivery with semantics (at-leastonce, at-most-once, exactly-once) Ability to transact across companies and provide compensation semantics

Reliable Messaging

Transactions

Global XML Web Services Architecture - GXA Transactions Reliable Messaging

Referral

Security

Routing

License

…

Directory …

Inspection Description

GXA Design Principles •

General-purpose • Agnostic to application domain

•

Standards-based • Multi-vendor interoperation critical

•

Federated • No central point of administration, control or failure

•

Modular • Factored to stand alone or work together

General-Purpose •

Universal communications • •

•

•

•

Across machine Across process

• • •

Flexible communications • • • •

Extensible headers Extensible body Extensible communication topology Transport protocol neutral

Application category neutral

•

Enterprise application integration Business-to-business Business-to-consumer Peer-to-peer

Platform neutral • • • •

Devices Desktops Clusters Datacenters

Standards-Based •

We are committed to… • Publishing GXA specifications • Working with partners to refine specifications • Working with partners, customers, and standards bodies for broad adoption WS-Security submitted to OASIS • WS-I likely to profile security and other functionality •

Federated • • • •

Fully distributed Builds upon DNS and IP Strong affinity towards hierarchical URI Crosses organization and trust domains • Can be inspected by firewalls • Can interoperate with Kerberos and PKI

•

Does not require centralized servers or administration

Modular • • •

GXA framework layered on SOAP/WSDL extensibility hooks GXA surfaced as composable headers for SOAP messages GXA specifications are highly factored • Often coalesced as they evolve

• •

GXA specifications are combined to provide endto-end capabilities GXA protocols augment problem domain-specific protocols (e.g., banking)

Modular: Example SOAP Message Routing

Security

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <S:Header> <m:path xmlns:m="http://schemas.xmlsoap.org/rp"> <m:action>http://tickers-r-us.org/getQuote <m:to>soap://tickers-r-us.org/stocks <m:from>mailto:[email protected] <m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6 <wssec:Security xmlns:wssec="http://schemas.xmlsoap.org/ws/2002/04/secext"> <wssec:BinarySecurityToken ValueType="wssec:X509v3" EncodingType=“wssec:Base64Binary"> dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD <S:Body> 520W<speed>3MPH

WS-Security 1.0 •

A specification for proposed SOAP extensions to be used when building secure Web services. • Supercedes the following specifications SOAP-SEC • Microsoft’s WS-Security, WS-License • IBM’s security token and encryption •

• Dependent upon XML DIGSIG, XML Encryption, XML Schema, SOAP… • Defined schema

WS-Security 1.0 •

Protection • Integrity = XML Signature + Security Tokens • Confidentiality = XML Encryption + Security Tokens

Non-Goals of WS-Security • • • • •

Establishing a security context that requires multiple exchanges Key exchange and derived keys How trust is established Policy Enforcement Provisioning of certificates • XKMS

WS-Security 1.0 •

We have some more work to do…

Today

WS-Secure Conversation

WS-Federation

WS-Authorization

WS-Policy

WS-Trust

WS-Privacy

WS-Security SOAP

Refer to Security Roadmap – http://msdn.microsoft.com/webservices

Summary • Reviewed Web Services protocol stack • Looked at how you can leverage Web

Services from .Net • Looked briefly at how web services will evolve over time

Further information • • • •

http://msdn.microsoft.com http://gotdotnet.com Developmentor mailing list MSDN Updates (monthly) • http://msdn.microsoft.com/flash

• •

Melbourne .NET User’s Group (http://www.mdnug.org) Australian Developers.NETwork (http://www.ausdev.net)

© 2001 Microsoft Corporation. All rights reserved.