Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

  • Be the first to comment


  1. 1. Web Services Enhancements for Microsoft .NET (WSE) Forum .NET ● October 4th, 2006
  2. 2. Agenda <ul><li>Introduction </li></ul><ul><li>WSE 3.0 overview </li></ul><ul><li>WCF in a nutshell </li></ul><ul><li>Questions </li></ul>
  3. 3. Introduction <ul><li>Web service definition – </li></ul><ul><li>“ A software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine-processable format.” - W3C </li></ul><ul><li>Simple Object Access Protocol (SOAP). </li></ul><ul><li>SoapExtension. </li></ul>
  4. 4. Introduction (cont.) <ul><li>SOA – Service Oriented Architecture. </li></ul><ul><li>An application architecture within which all functions are defined as independent services with well-defined invocable interfaces which can be called in defined sequences to form scientific processes. </li></ul><ul><li>Principles: </li></ul><ul><ul><li>Service reusability </li></ul></ul><ul><ul><li>Service contract </li></ul></ul><ul><ul><li>Service loose coupling </li></ul></ul><ul><ul><li>Service abstraction </li></ul></ul>
  5. 5. Introduction (cont.) <ul><li>Soap Message </li></ul><ul><li>definition – XML structure which holds a mandatory parent envelope, optional first child header and mandatory next child body. </li></ul><ul><li>An envelope to encapsulate data which defines formatting conventions for describing the message contents and routing directions: header and body. </li></ul>
  6. 6. Introduction (cont.) <ul><li>WS-* Specifications – </li></ul><ul><li>As the Web services market rapidly expanded, the need for advanced standards governing Web services security, reliability, and transactions arose. Microsoft and other vendors across the industry responded to this need by authoring a set of specifications referred to collectively as the WS-* architecture. The goal of these specifications is to provide a blueprint for advanced functionality while retaining the simplicity of basic Web services. </li></ul>
  7. 7. Introduction (cont.) <ul><li>WS-* Specifications – cont. </li></ul><ul><li>Means of standardizing various pieces of web services. </li></ul><ul><li>WSE 3.0 supports the following WS-* specifications. </li></ul><ul><ul><li>XML, SOAP, WSDL </li></ul></ul><ul><ul><li>WS-Security </li></ul></ul><ul><ul><li>WS-Trust </li></ul></ul><ul><ul><li>WS-SecureConversation </li></ul></ul><ul><ul><li>WS-Addressing </li></ul></ul><ul><ul><li>MTOM </li></ul></ul>
  8. 8. Introduction (cont.) <ul><li>Security Basics: Problems and Solutions </li></ul><ul><ul><li>Authentication: Who sent this message? </li></ul></ul><ul><ul><ul><li>Credentials, Login/Password, Digital Certificate </li></ul></ul></ul><ul><ul><li>Authorization: What can this person do? </li></ul></ul><ul><ul><ul><li>Use Roles to define privileges </li></ul></ul></ul><ul><ul><li>Confidentiality: Who can read this message? </li></ul></ul><ul><ul><ul><li>Encryption </li></ul></ul></ul><ul><ul><li>Integrity: Did anyone tamper with this message? </li></ul></ul><ul><ul><ul><li>Digital Signature used to compare sent & received message </li></ul></ul></ul>
  9. 9. WSE 3.0 Overview <ul><li>WSE Architecture </li></ul><ul><li>Policy Files </li></ul><ul><li>MTOM </li></ul><ul><li>Securing Applications That Use Web Services </li></ul><ul><li>Resources </li></ul>
  10. 10. WSE Architecture (1) <ul><li>Engine for applying advanced Web service protocols to SOAP messages </li></ul>
  11. 11. WSE Architecture (2) <ul><li>Message level security </li></ul><ul><ul><li>End-to-end message security independent of transport </li></ul></ul><ul><ul><li>Supports multiple protocols and multiple encryption technologies </li></ul></ul><ul><ul><li>Can encrypt parts of the message </li></ul></ul><ul><ul><li>Sender need only trust ultimate receiver </li></ul></ul><ul><ul><li>The signature is stored with the data </li></ul></ul><ul><li>Direct vs. Brokered authentication. </li></ul><ul><li>Sending and receiving SOAP Messages using TCP </li></ul><ul><li>Secure conversation - SCT </li></ul>
  12. 12. Policy files (1) <ul><ul><li>Describes requirements for incoming and outgoing messages as policy assertions </li></ul></ul><ul><ul><li>Groups of rules applied to messages </li></ul></ul><ul><ul><ul><li>Define rules applied to outgoing messages </li></ul></ul></ul><ul><ul><ul><li>Define demands for incoming messages </li></ul></ul></ul><ul><ul><li>Defined in code or in configuration </li></ul></ul><ul><ul><li>Custom Policies - inherit from the Policy class </li></ul></ul><ul><ul><li>Policy files are simplified </li></ul></ul><ul><ul><ul><li>Simplifies security through the turnkey security assertions </li></ul></ul></ul>
  13. 13. Policy files (2) Security Authentication TurnkeyAssertion Windows Domain Windows login/password Kerberos (Windows) Server’s X509 Certificate Client’s X509 Certificate MutualCertificate Server’s X509 Certificate Any user with server’s public key AnonymousOverCertificate SSL User login/password UsernameOverTransport Server’s X509 Certificate User login/password UsernameoverCertificate
  14. 14. MTOM <ul><li>Send and receive large amounts of data. </li></ul><ul><li>Improved Performance </li></ul><ul><li>Secured messaging. </li></ul>
  15. 15. Securing Applications That Use Web Services <ul><li>Security credentials </li></ul><ul><li>Encryption </li></ul><ul><li>Digital signing </li></ul><ul><li>Use policy for setting security requirements </li></ul><ul><li>Demo </li></ul>
  16. 16. WCF (1) <ul><li>Windows Communication Foundation - </li></ul><ul><li>WCF is Microsoft's unified programming model and runtime for building Web services applications with managed code. It extends the .NET Framework with functionality to build secure, reliable, and transacted Web services that interoperate across platforms. </li></ul><ul><li>WSE 3.0: The Road to Indigo </li></ul>
  17. 17. WCF (2)
  18. 18. WCF (3)
  19. 19. WCF (4)
  20. 20. WCF (5)
  21. 21. WCF (6)
  22. 22. WCF (7)
  23. 23. WCF (8)
  24. 24. WCF (9)
  25. 25. WCF (10) [ ServiceContract] public interface IMath { [ OperationContract] int Add(int x, int y); } // the service class implements the interface public class MathService : IMath { public int Add(int x, int y) { return x + y; } }
  26. 26. WCF (11) public class WCFServiceApp { public void DefineEndpointImperatively() { // create a service host for MathService ServiceHost sh = new ServiceHost(typeof(MathService)); // use the AddEndpoint helper method to // create the ServiceEndpoint and add it // to the ServiceDescription sh.AddServiceEndpoint( typeof(IMath), //contract type new WSHttpBinding(), //one of the built-in bindings &quot; http://localhost/MathService/Ep1&quot;); //the endpoint's address // create and open the service runtime sh.Open(); } public void DefineEndpointInConfig() { // create a service host for MathService ServiceHost sh = new ServiceHost (typeof(MathService)); // create and open the service runtime sh.Open(); } }
  27. 27. WCF (12) using System.ServiceModel; //this contract is generated by svcutil.exe //from the service's metadata public interface IMath { [OperationContract] public int Add(int x, int y) { return x + y; } } //this class is generated by svcutil.exe //from the service's metadata //generated config is not shown here public class MathProxy : IMath { ... }
  28. 28. WCF (13) public class WCFClientApp { public void SendMessageToEndpoint() { // this uses a proxy class that was // created by svcutil.exe from the service's metadata MathProxy proxy = new MathProxy(); int result = proxy.Add(35, 7); } public void SendMessageToEndpointUsingChannel() { // this uses ChannelFactory to create the channel // you must specify the address, the binding and // the contract type (IMath) ChannelFactory<IMath> factory=new ChannelFactory<IMath>( new WSHttpBinding(), new EndpointAddress(&quot;http://localhost/MathService/Ep1&quot;)); IMath channel=factory.CreateChannel(); int result=channel.Add(35,7); factory.Close(); } }
  29. 29. Resources <ul><li>WSE home page </li></ul><ul><li>Dasblonde </li></ul><ul><li>what's new </li></ul><ul><li>web services </li></ul>
  30. 30. Questions? <ul><li>Thanks! </li></ul>