The document discusses REST as an architectural style for web services, emphasizing its independence from specific technologies and the importance of URIs for resource identification. It outlines HTTP methods used for CRUD operations (GET, PUT, DELETE, POST) and includes code examples for a bookmark service. Additionally, it highlights user authentication through hashed keys and WCF attributes for SOAP message structure.

1. Binu Bhasuran
Microsoft MVP Visual C#
Facebook http://facebook.com/codeno47
Blog http://proxdev.com/

2. • REST defines an architectural style based on a
set of constraints for building things the “Web”
way. REST is not tied to any particular
technology or platform – it’s simply a way to
design things to work like the Web.
• People often refer to services that follow this
philosophy as “RESTful services.”

3. On the Web, every resource is given a unique
identifier, also known as a universal resource
identifier (URI). The most common type of URI
used on the Web today is a uniform resource
locator (URL).
When you retrieve a resource using a Web
browser, you’re really retrieving a
representation of that resource.

4. The Web platform also comes with a standard communication
protocol – HTTP – for interacting with resources and their
representations.
The GET method allows you to retrieve a resource
representation
while PUT allows you to create or update a resource with the
supplied representation,
DELETE allows you to delete a resource.
In short, GET, PUT, and DELETE provide basic CRUD operations
(create, retrieve, update, and delete) for the Web.
HEAD and OPTIONS, on the other hand, provide the ability to
retrieve resource metadata, allowing you to discover out how
to interact with resources at run time.

5. Method Description Safe Idempotent
GET Requests a specific
representation of a
resource
Yes Yes
PUT Create or update a
resource with the
supplied representation
No Yes
DELETE Deletes the specified
resource
No Yes
POST Submits data to be
processed by the
identified resource
No No
HEAD Similar to GET but only
retrieves headers and not
the body
Yes Yes
OPTIONS Returns the methods
supported by the
identified resource
Yes Yes

6. Moving from Verbs to Nouns
Designing the URI Templates

7. [ServiceContract]
public partial class BookmarkService
{
...
[WebInvoke(Method = "POST", RequestFormat=WebMessageFormat.Json,
UriTemplate = "users/{username}/bookmarks?format=json")]
[OperationContract]
void PostBookmarkAsJson(string username, Bookmark newValue)
{
HandlePostBookmark(username, newValue);
}
[WebGet(ResponseFormat= WebMessageFormat.Json,
UriTemplate = "users/{username}/bookmarks/{id}?format=json")]
[OperationContract]
Bookmark GetBookmarkAsJson(string username, string id)
{
HandleGetBookmark(username, id);
}
...
}

8. private bool AuthenticateUser(string user)
{
WebOperationContext ctx = WebOperationContext.Current;
string requestUri =
ctx.IncomingRequest.UriTemplateMatch.RequestUri.ToString();
string authHeader =
ctx.IncomingRequest.Headers[HttpRequestHeader.Authorization];
// if supplied hash is valid, user is authenticated
if (IsValidUserKey(authHeader, requestUri))
return true;
return false;
}

9. public bool IsValidUserKey(string key, string uri)
{
string[] authParts = key.Split(':');
if (authParts.Length == 2)
{
string userid = authParts[0];
string hash = authParts[1];
if (ValidateHash(userid, uri, hash))
return true;
}
return false;
}

10. bool ValidateHash(string userid, string uri, string hash)
{
if (!UserKeys.ContainsKey(userid))
return false;
string userkey = UserKeys[userid];
byte[] secretBytes = ASCIIEncoding.ASCII.GetBytes(userkey);
HMACMD5 hmac = new HMACMD5(secretBytes);
byte[] dataBytes = ASCIIEncoding.ASCII.GetBytes(uri);
byte[] computedHash = hmac.ComputeHash(dataBytes);
string computedHashString = Convert.ToBase64String(computedHash);
return computedHashString.Equals(hash);
}

11. if (!AuthenticateUser(username))
{
WebOperationContext.Current.OutgoingResponse.Sta
tusCode =
HttpStatusCode.Unauthorized;
return;
}

12. <configuration>
<system.serviceModel>
<services>
<service name="BookmarkService">
<endpoint binding="webHttpBinding" contract="BookmarkService"
behaviorConfiguration="webHttp"/>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="webHttp">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
<configuration>

13. The WCF provides the attributes,
MessageContractAttribute,
MessageHeaderAttribute, and
MessageBodyMemberAttribute to describe the
structure of the SOAP messages sent and
received by a service.

14. [DataContract]
public class SomeProtocol
{
[DataMember]
public long CurrentValue;
[DataMember]
public long Total;
}
[DataContract]
public class Item
{
[DataMember]
public string ItemNumber;
[DataMember]
public decimal Quantity;
[DataMember]
public decimal UnitPrice;
}
[MessageContract]
public class ItemMesage
{
[MessageHeader]
public SomeProtocol ProtocolHeader;
[MessageBody]
public Item Content;
}
[ServiceContract]
public interface IItemService
{
[OperationContract]
public void DeliverItem(ItemMessage itemMessage);
}

16. http://msdn.microsoft.com/en-
us/library/ms730214.aspx