Day6

CSE 136 - Lecture 6
 Service Layer
 WCF
 Business Layer
Security
 Regular Expression

Service Layer as services wrapper

Design Patterns in Service Layer
 Remote Façade Pattern
 A set of methods that modify the granularity existing operations
already implemented elsewhere.
 A service is already a remote façade over the business layer
 Data Transfer Object Pattern
 Object that carries data across an application’s boundaries
 ex: XML file as input format for ChangeGrade()
 Adapter Pattern
 Converts the interface of one class into another interface that a
client expects
 ex: UCSD GPA system takes in % points also
 Proxy Pattern
 Client will create a proxy, and proxy will communicate with the
service

WCF - windows communication foundation
A set of .NET libraries

 An SDK for developing and deploying services on
Windows
 A WCF Service
 is a unit of functionality exposed to the world
 can be local or remote, developed by multiple parties
using any technology
 A WCF Client
 is merely the party consuming a service's functionality
 can be literally anything:
 ASP.NET (MVC)
 JAVA app
 Mobile apps

ABC of WCF
 This was an interview question
 A - Address
 Every service is associated with a unique address.
 Where are you?
 B - Binding SSL, call-backs, encryption-key

 A binding is a consistent set of choices regarding the transport
protocol, message encoding, communication pattern, reliability,
security, transaction propagation, and interoperability
 How should I talk with you?
 C - Contract
 The contract is a platform-neutral and standard way of describing
what the service does.
 What am I giving/getting from you.

WCF ABC - Address
 Every service is associated with a unique address. The
address provides two important elements
 (1) the location of the service
 IP address
 URL
 (2) transport protocol or transport schema used to communicate
with the service
 http
 net.tcp
 Examples
 net.tcp://localhost:8002/MyService
 http://www.wcf.org:8001
 net.pipe://localhost/MyPipe
 net.msmq://localhost/MyService

WCF ABC - Binding
 Basic Binding - expose a WCF service as a legacy
ASMX web service
 TCP Binding - Offered by the NetTcpBinding class,
this uses TCP for cross-machine communication on
the intranet. It supports a variety of features, including
reliability, transactions, and security, and is optimized
for WCF-to-WCF communication
 Web Service binding - Offered by the WSHttpBinding
class, this uses HTTP or HTTPS for transport, and is
designed to offer a variety of features such as
reliability, transactions, and security over the Internet
 IPC Binding - Same-machine communication
 Others (skip) : MSMQ, Duplex WS, etc

WCF ABC - Contract
 The contract is a platform-neutral and standard
way of describing what the service does
 Service contracts (method definition)
 Describe which operations the client can perform on
the service
 Data contracts (parameter types)
 Define which data types are passed to and from the
service.
 WCF defines implicit contracts for built-in types such
as int and string, but you can easily define explicit opt-
in data contracts for custom types.

WCF Operation
 Focus on the client side
 (1) Request & Reply (for CSE 136)
 Most common calls - If no response, client gives up
 always put try/catch in the client code
 (2) One-way
 Send and forget
 (3) Call-back (not for CSE 136)
 The service is the client and the client becomes the service
 HTTP cannot be used for callbacks
 TCP and the IPC protocols support duplex communication
 Observer Design Pattern

WCF Instance
 Focus on the server side
 Applications differ in their needs for scalability, performance,
throughput, transactions, and queued calls
 (1) per-call
 services allocate (and destroy) a new service instance per client request
 This is the default behavior
 (2) session
 allocate a service instance per client connection.
 [ServiceContract(SessionMode = SessionMode.Required)]
 (3) Singleton
 all clients share the same service instance across all connections and
activations
 [ServiceBehavior(InstanceContextMode=InstanceContextMode.Single)

RESTful Services
 CRUD : Create, Read, Update, and Delete
 RESTFul : using http methods
 Get - Read
 Post - Create

 Put - Update

 Delete - Delete

 REST stands for “Representational State
Transfer”
 Skip for 136

WCF Security (authentication)
 Verifying that the caller of a service is indeed
who the caller claims to be
 Windows authentication
 Username and password
 X509 certificate
 Custom mechanism & other 3rd parties
 No authentication (CSE 136)

Business Logic Layer Security
 User-based Security
 Authorization deals with what the caller (user) is
allowed to do.
 Callers are mapped to logical roles. (Role ex:
Faculty, Staff, or Student)
 Code-based Security
 Authenticate the code source
 Authorize code for access

 Enforce the code access

BLL Security : user-identity 1

BLL Security : user-identity 2

BBL Security : Code-identity-based 1

 Authenticate code identity
 Information about the origin of a piece of code (such as the
URL where it is run from) are collected and presented to
the authorization layer
 Ex: Tourist visa from China
 Authorize code, not users, to access resources
 All trust decisions to access protected resources are made
for particular pieces of code, based on security settings
evolving around information about the origin of code
 Ex: Tourism visa from China can visit, not work and study
 Enforce the authorization
 The granularity of enforcement functions on the level of
individual pieces of code (such as individual assemblies)
 .NET CLR enforces the security
 Ex: Employer checking for U.S. Visa

BBL Security : Code-identity-based 2

 Authenticate code identity
 Authenticates assemblies exe & dll
 By collecting evidence about the assembly
 Ex: assembly's URL or strong name Signed by Microsoft

 Authorize code, not users, to access resources
 Authorizes assemblies
 By granting assemblies a set of permissions to access
protected resources (such as the file system or
registry)
 Enforce the authorization
 By checking that all assemblies calling to a protected
resource have the appropriate permission to access
that resource (.NET CLR)

.NET code-based Security : Evidence

• Publisher
• Site (url)
• Zone (where on the
computer)
• Strong name (signed key)

.NET code-based Security : Policy
Similar to homeland security policy Visitors with “Iraq
visa” (membership)
has limited access to
certain “government
buildings"
(permission set)

.NET code-based Security : Code Group
and membership

.NET code-based Security : Permission
set

.NET code-based Security : Example

Ex: immigration
document type
Visa, Diplomatic ID,
birth-certificate

Ex: Chinese Visa

Regular Expressions 1
 What is regular expression
 pattern describing a certain amount of text
 a series of letters, digits, dots, underscores, signs
and hyphens
 What are its common usages
 Formatting

 Validating

 Parsing

Review question
 Difference between macro and micro services?
 What design patterns exist in the services layer?
 What .NET libraries does 136 use to implement the service
layer?
 What is the ABC of WCF?
 Difference between authenticate and authorize?
 What is security policy? (rules defined)
 What are the four levels of .NET policies?
 What is code group? (groups of code in a policy)
 What is membership? (identify a group of code)
 What is permission set? (set of permissions assigned to a
group of code)

Your assignment
 Due Next Thursday
 Create a Service Layer project Just a wrapper project
 Continue development of your BLL
 Continue development of unit tests for your
BLL

Lab
 Due: Grade your DAL with test cases

References
 .NET : Architecting Applications for the
Enterprise
 Learning WCF

Day6

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Day6

Similar to Day6 (20)

Recently uploaded

Recently uploaded (20)

Day6