Successfully reported this slideshow.
CSE 136 - Lecture 6   Service Layer   WCF   Business Layer    Security   Regular Expression
Overview
What is Service Layer
What is Service
Service Layer as services wrapper
Design Patterns in Service Layer   Remote Façade Pattern       A set of methods that modify the granularity existing ope...
WCF - windows communication foundation                                              A set of .NET libraries   An SDK for ...
WCF - Same vs cross machines
ABC of WCF   This was an interview question   A - Address       Every service is associated with a unique address.    ...
WCF ABC - Address   Every service is associated with a unique address. The    address provides two important elements    ...
WCF ABC - Binding   Basic Binding - expose a WCF service as a legacy    ASMX web service   TCP Binding - Offered by the ...
WCF ABC - Contract   The contract is a platform-neutral and standard    way of describing what the service does   Servic...
WCF ABC quick example
WCF Operation   Focus on the client side   (1) Request & Reply (for CSE 136)       Most common calls - If no response, ...
WCF Instance   Focus on the server side   Applications differ in their needs for scalability, performance,    throughput...
RESTful Services   CRUD : Create, Read, Update, and Delete   RESTFul : using http methods     Get - Read     Post - Cr...
WCF Security (authentication)   Verifying that the caller of a service is indeed    who the caller claims to be   Window...
Business Logic Layer Security   User-based Security     Authorization  deals with what the caller (user) is      allowed...
BLL Security : user-identity 1
BLL Security : user-identity 2
BBL Security : Code-identity-based 1   Authenticate code identity       Information about the origin of a piece of code ...
BBL Security : Code-identity-based 2   Authenticate code identity     Authenticates assemblies exe & dll     By collect...
.NET code-based Security : Evidence                        •   Publisher                        •   Site (url)            ...
.NET code-based Security : Policy       Similar to homeland security policy   Visitors with “Iraq                         ...
.NET code-based Security : Code Groupand membership
.NET code-based Security : Permissionset
.NET code-based Security : Example                           Ex: immigration                           document type      ...
Regular Expressions 1   What is regular expression     pattern describing a certain amount of text     a series of lett...
Regular Expressions 2
Regular Expression 3
Review question   Difference between macro and micro services?   What design patterns exist in the services layer?   Wh...
Your assignment   Due Next Thursday   Create a Service Layer project Just a wrapper project   Continue development of y...
Lab   Due: Grade your DAL with test cases
References   .NET : Architecting Applications for the    Enterprise   Learning WCF
Upcoming SlideShare
Loading in …5
×

Day6

230 views

Published on

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

Day6

  1. 1. CSE 136 - Lecture 6 Service Layer WCF Business Layer Security Regular Expression
  2. 2. Overview
  3. 3. What is Service Layer
  4. 4. What is Service
  5. 5. Service Layer as services wrapper
  6. 6. Design Patterns in Service Layer Remote Façade Pattern  A set of methods that modify the granularity existing operations already implemented elsewhere.  A service is already a remote façade over the business layer Data Transfer Object Pattern  Object that carries data across an application’s boundaries  ex: XML file as input format for ChangeGrade() Adapter Pattern  Converts the interface of one class into another interface that a client expects  ex: UCSD GPA system takes in % points also Proxy Pattern  Client will create a proxy, and proxy will communicate with the service
  7. 7. WCF - windows communication foundation A set of .NET libraries An SDK for developing and deploying services on Windows A WCF Service  is a unit of functionality exposed to the world  can be local or remote, developed by multiple parties using any technology A WCF Client  is merely the party consuming a services functionality  can be literally anything:  ASP.NET (MVC)  JAVA app  Mobile apps
  8. 8. WCF - Same vs cross machines
  9. 9. ABC of WCF This was an interview question A - Address  Every service is associated with a unique address.  Where are you? B - Binding SSL, call-backs, encryption-key  A binding is a consistent set of choices regarding the transport protocol, message encoding, communication pattern, reliability, security, transaction propagation, and interoperability  How should I talk with you? C - Contract  The contract is a platform-neutral and standard way of describing what the service does.  What am I giving/getting from you.
  10. 10. WCF ABC - Address Every service is associated with a unique address. The address provides two important elements  (1) the location of the service  IP address  URL  (2) transport protocol or transport schema used to communicate with the service  http  net.tcp Examples  net.tcp://localhost:8002/MyService  http://www.wcf.org:8001  net.pipe://localhost/MyPipe  net.msmq://localhost/MyService
  11. 11. WCF ABC - Binding Basic Binding - expose a WCF service as a legacy ASMX web service TCP Binding - Offered by the NetTcpBinding class, this uses TCP for cross-machine communication on the intranet. It supports a variety of features, including reliability, transactions, and security, and is optimized for WCF-to-WCF communication Web Service binding - Offered by the WSHttpBinding class, this uses HTTP or HTTPS for transport, and is designed to offer a variety of features such as reliability, transactions, and security over the Internet IPC Binding - Same-machine communication Others (skip) : MSMQ, Duplex WS, etc
  12. 12. WCF ABC - Contract The contract is a platform-neutral and standard way of describing what the service does Service contracts (method definition)  Describe which operations the client can perform on the service Data contracts (parameter types)  Define which data types are passed to and from the service.  WCF defines implicit contracts for built-in types such as int and string, but you can easily define explicit opt- in data contracts for custom types.
  13. 13. WCF ABC quick example
  14. 14. WCF Operation Focus on the client side (1) Request & Reply (for CSE 136)  Most common calls - If no response, client gives up  always put try/catch in the client code (2) One-way  Send and forget (3) Call-back (not for CSE 136)  The service is the client and the client becomes the service  HTTP cannot be used for callbacks  TCP and the IPC protocols support duplex communication  Observer Design Pattern
  15. 15. WCF Instance Focus on the server side Applications differ in their needs for scalability, performance, throughput, transactions, and queued calls (1) per-call  services allocate (and destroy) a new service instance per client request  This is the default behavior (2) session  allocate a service instance per client connection.  [ServiceContract(SessionMode = SessionMode.Required)] (3) Singleton  all clients share the same service instance across all connections and activations  [ServiceBehavior(InstanceContextMode=InstanceContextMode.Single)
  16. 16. RESTful Services CRUD : Create, Read, Update, and Delete RESTFul : using http methods  Get - Read  Post - Create  Put - Update  Delete - Delete  REST stands for “Representational State Transfer”  Skip for 136
  17. 17. WCF Security (authentication) Verifying that the caller of a service is indeed who the caller claims to be Windows authentication Username and password X509 certificate Custom mechanism & other 3rd parties No authentication (CSE 136)
  18. 18. Business Logic Layer Security User-based Security  Authorization deals with what the caller (user) is allowed to do.  Callers are mapped to logical roles. (Role ex: Faculty, Staff, or Student) Code-based Security  Authenticate the code source  Authorize code for access  Enforce the code access
  19. 19. BLL Security : user-identity 1
  20. 20. BLL Security : user-identity 2
  21. 21. BBL Security : Code-identity-based 1 Authenticate code identity  Information about the origin of a piece of code (such as the URL where it is run from) are collected and presented to the authorization layer  Ex: Tourist visa from China Authorize code, not users, to access resources  All trust decisions to access protected resources are made for particular pieces of code, based on security settings evolving around information about the origin of code  Ex: Tourism visa from China can visit, not work and study Enforce the authorization  The granularity of enforcement functions on the level of individual pieces of code (such as individual assemblies)  .NET CLR enforces the security  Ex: Employer checking for U.S. Visa
  22. 22. BBL Security : Code-identity-based 2 Authenticate code identity  Authenticates assemblies exe & dll  By collecting evidence about the assembly  Ex: assemblys URL or strong name Signed by Microsoft Authorize code, not users, to access resources  Authorizes assemblies  By granting assemblies a set of permissions to access protected resources (such as the file system or registry) Enforce the authorization  By checking that all assemblies calling to a protected resource have the appropriate permission to access that resource (.NET CLR)
  23. 23. .NET code-based Security : Evidence • Publisher • Site (url) • Zone (where on the computer) • Strong name (signed key)
  24. 24. .NET code-based Security : Policy Similar to homeland security policy Visitors with “Iraq visa” (membership) has limited access to certain “government buildings" (permission set)
  25. 25. .NET code-based Security : Code Groupand membership
  26. 26. .NET code-based Security : Permissionset
  27. 27. .NET code-based Security : Example Ex: immigration document type Visa, Diplomatic ID, birth-certificate Ex: Chinese Visa
  28. 28. Regular Expressions 1 What is regular expression  pattern describing a certain amount of text  a series of letters, digits, dots, underscores, signs and hyphens What are its common usages  Formatting  Validating  Parsing
  29. 29. Regular Expressions 2
  30. 30. Regular Expression 3
  31. 31. Review question Difference between macro and micro services? What design patterns exist in the services layer? What .NET libraries does 136 use to implement the service layer? What is the ABC of WCF? Difference between authenticate and authorize? What is security policy? (rules defined) What are the four levels of .NET policies? What is code group? (groups of code in a policy) What is membership? (identify a group of code) What is permission set? (set of permissions assigned to a group of code)
  32. 32. Your assignment Due Next Thursday Create a Service Layer project Just a wrapper project Continue development of your BLL Continue development of unit tests for your BLL
  33. 33. Lab Due: Grade your DAL with test cases
  34. 34. References .NET : Architecting Applications for the Enterprise Learning WCF

×