Learn how easy it is to utilize POX, REST, RSS, ATOM, JSON, and SOAP in your Microsoft Silverlight mashup applications. Also learn how to easily access and display data with Silverlight using LINQ and databinding.
Mesh services allow web applications to access a user's social graph and storage from desktop devices through synchronization. The Live framework provides tools and APIs to build, deploy, run, and update these "mesh-enabled" web applications, giving them offline access and the ability to integrate with a user's social activity and connected devices. Updates to mesh applications are automatically synchronized across all user instances for easier management by developers and use by customers.
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web Shreeraj Shah
This document discusses cross-site request forgery (CSRF), also known as XSRF. It begins with an introduction to CSRF attacks, how they work by exploiting authenticated sessions across different domains, and why they are possible due to how web browsers handle cross-domain requests. The document then covers defenses against CSRF and provides an agenda for the topics to be discussed, including concepts, examples, and demos of CSRF vulnerabilities.
Dave Carroll Application Services Salesforcedeimos
The document discusses enterprise grade business application services provided through the Force.com platform as a service (PaaS). It provides an overview of Force.com's capabilities including building any type of business application, flexibility to integrate with other systems, security, and trust due to many customers and developers using the platform. Key aspects of Force.com covered include the multi-tenant architecture, APIs for development, and security options like single sign-on and two-factor authentication.
This document summarizes a presentation on hacking Web 2.0 technologies and web services. The presentation discusses security concerns with Ajax, including attacks like cross-site scripting and request forgery. It also covers fingerprinting Ajax frameworks, vulnerabilities in Ajax data structures and serialization, and defenses like validating data and avoiding client-side logic. Regarding web services, the document outlines methods for discovery, profiling, and attacks like injection flaws and insecure direct object references. It emphasizes the need for code analysis and filtering input through an IHTTPModule firewall module.
Metrics that Matter-Approaches To Managing High Performing WebsitesBen Rushlo
Managing the technical quality of your site has become more complex and the number of metrics you collect has skyrocketed. Faced with hundreds of candidate metrics, how do you select those that are most meaningful? In this session you will learn which KPIs are key for successfully testing and managing your site. You will walk away with a holistic framework for managing site quality.
An API needs to be user friendly, secure, documented, versioned, and handle failures gracefully to be considered great. The document discusses how APIs have evolved from monolithic applications to microservices that decompose functionality. It also covers best practices for API design like using RESTful principles, supporting different interaction patterns, handling dates and errors properly, and using authentication standards like OAuth. Versioning approaches and ensuring APIs are well documented and fail gracefully are also emphasized as important characteristics of a great API.
Vaadin, Rich Web Apps in Server-Side Java without Plug-ins or JavaScript: Joo...jaxconf
Get introduced to the Vaadin framework by one of its core developers. Vaadin provides a desktop-like programming model on the server for creating Rich Internet Applications (RIAs) in plain Java - without the need for HTML, XML, plug-ins or JavaScript. In this session, Joonas lays out the key concepts of the server-side RIA development model and compares it to client-side RIA. To demonstrate the use of framework, an example application is developed during the session step-by-step. The presentation is concluded with pointers on how to start developing your own applications with Apache-licensed Vaadin-framework. You'll learn: * How to create a desktop like web application in Java * Difference between page oriented, client-side RIA and server-side RIA architectures * How Vaadin can be extended with Google Web Toolkit
Vaadin - Rich Web Applications in Server-side Java without Plug-ins or JavaSc...Joonas Lehtinen
The Vaadin provides a desktop-like programming model on the server for creating Rich Internet Applications (RIAs) in plain Java - without the need for HTML, XML, plug-ins or JavaScript.
Session explains the key concepts of the server-side RIA development model and compares it to client-side RIA. To demonstrate the use of framework, an example application is developed during the session step-by-step. The presentation is concluded with pointers on how to start developing your own applications with Apache-licensed Vaadin-framework.
You'll learn:
* How to create a desktop like web application in Java
* Difference between page oriented, client-side RIA and server-side RIA architectures
* How Vaadin can be extended with Google Web Toolkit
More information and materials about the presentation:
http://vaadin.com/web/joonas/wiki/-/wiki/Main/Server-side%20RIA
Mesh services allow web applications to access a user's social graph and storage from desktop devices through synchronization. The Live framework provides tools and APIs to build, deploy, run, and update these "mesh-enabled" web applications, giving them offline access and the ability to integrate with a user's social activity and connected devices. Updates to mesh applications are automatically synchronized across all user instances for easier management by developers and use by customers.
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web Shreeraj Shah
This document discusses cross-site request forgery (CSRF), also known as XSRF. It begins with an introduction to CSRF attacks, how they work by exploiting authenticated sessions across different domains, and why they are possible due to how web browsers handle cross-domain requests. The document then covers defenses against CSRF and provides an agenda for the topics to be discussed, including concepts, examples, and demos of CSRF vulnerabilities.
Dave Carroll Application Services Salesforcedeimos
The document discusses enterprise grade business application services provided through the Force.com platform as a service (PaaS). It provides an overview of Force.com's capabilities including building any type of business application, flexibility to integrate with other systems, security, and trust due to many customers and developers using the platform. Key aspects of Force.com covered include the multi-tenant architecture, APIs for development, and security options like single sign-on and two-factor authentication.
This document summarizes a presentation on hacking Web 2.0 technologies and web services. The presentation discusses security concerns with Ajax, including attacks like cross-site scripting and request forgery. It also covers fingerprinting Ajax frameworks, vulnerabilities in Ajax data structures and serialization, and defenses like validating data and avoiding client-side logic. Regarding web services, the document outlines methods for discovery, profiling, and attacks like injection flaws and insecure direct object references. It emphasizes the need for code analysis and filtering input through an IHTTPModule firewall module.
Metrics that Matter-Approaches To Managing High Performing WebsitesBen Rushlo
Managing the technical quality of your site has become more complex and the number of metrics you collect has skyrocketed. Faced with hundreds of candidate metrics, how do you select those that are most meaningful? In this session you will learn which KPIs are key for successfully testing and managing your site. You will walk away with a holistic framework for managing site quality.
An API needs to be user friendly, secure, documented, versioned, and handle failures gracefully to be considered great. The document discusses how APIs have evolved from monolithic applications to microservices that decompose functionality. It also covers best practices for API design like using RESTful principles, supporting different interaction patterns, handling dates and errors properly, and using authentication standards like OAuth. Versioning approaches and ensuring APIs are well documented and fail gracefully are also emphasized as important characteristics of a great API.
Vaadin, Rich Web Apps in Server-Side Java without Plug-ins or JavaScript: Joo...jaxconf
Get introduced to the Vaadin framework by one of its core developers. Vaadin provides a desktop-like programming model on the server for creating Rich Internet Applications (RIAs) in plain Java - without the need for HTML, XML, plug-ins or JavaScript. In this session, Joonas lays out the key concepts of the server-side RIA development model and compares it to client-side RIA. To demonstrate the use of framework, an example application is developed during the session step-by-step. The presentation is concluded with pointers on how to start developing your own applications with Apache-licensed Vaadin-framework. You'll learn: * How to create a desktop like web application in Java * Difference between page oriented, client-side RIA and server-side RIA architectures * How Vaadin can be extended with Google Web Toolkit
Vaadin - Rich Web Applications in Server-side Java without Plug-ins or JavaSc...Joonas Lehtinen
The Vaadin provides a desktop-like programming model on the server for creating Rich Internet Applications (RIAs) in plain Java - without the need for HTML, XML, plug-ins or JavaScript.
Session explains the key concepts of the server-side RIA development model and compares it to client-side RIA. To demonstrate the use of framework, an example application is developed during the session step-by-step. The presentation is concluded with pointers on how to start developing your own applications with Apache-licensed Vaadin-framework.
You'll learn:
* How to create a desktop like web application in Java
* Difference between page oriented, client-side RIA and server-side RIA architectures
* How Vaadin can be extended with Google Web Toolkit
More information and materials about the presentation:
http://vaadin.com/web/joonas/wiki/-/wiki/Main/Server-side%20RIA
Social Photos is an online social network for photographers and photo lovers. Users can take photos and share them on the network. Other users can like, dislike, or comment on photos. The network also integrates location-based features so photos can be listed near the location where they were taken. The social network is built using various Microsoft and non-Microsoft technologies integrated seamlessly. It uses technologies like Entity Framework, WCF data services, OData, and supports multiple client platforms like Windows Phone, Android, iOS, and web clients.
Building Multi-Tenant and SaaS products in PHP - CloudConf 2015Innomatic Platform
Building Multi-Tenant and SaaS products in PHP with the open source Innomatic Platform.
Let’s look at how you can build multi-tenant applications and SaaS products in PHP faster and better with the open source Innomatic Platform.
Presentation at CloudConf 2015
Building Silverlight Applications Using .NET (Part 2 of 2)goodfriday
This session demonstrates building a rich interactive application (RIA) using Silverlight. We cover how to use Microsoft Visual Studio to create applications, how to create UI using XAML markup and code, how to build a custom control, how to retrieve data from a Web service, znc how to manipulate data with XML and LINQ. (This is the second in a two-part series.)
AJAX allows for updating portions of a web page without reloading the entire page. It uses a combination of technologies including HTML, CSS, XML, JavaScript, and the XMLHttpRequest object. This improves responsiveness by reducing unnecessary data transfer and allowing asynchronous data retrieval and updating of specific elements after page load. Some benefits are more desktop-like interfaces, reduced bandwidth usage, and improved productivity by eliminating full page reloads between user actions. Potential disadvantages include increased development complexity and debugging challenges.
This document summarizes a presentation given by Tim Francis and Sarika Sinha at the IBM Rational Software Conference 2009. The presentation introduced the IBM WebSphere Web 2.0 Feature Pack and how to develop rich internet applications using IBM Rational Application Developer. It covered Web 2.0 concepts, the feature pack's capabilities including Web 2.0 to SOA connectivity and AJAX messaging, and using the Dojo toolkit for Ajax development in RAD. A demo was also included.
MS TechDays 2011 - How to Run Middleware in the Cloud Story of Windows Azure ...Spiffy
This document summarizes a presentation about Windows Azure AppFabric. It discusses AppFabric as middleware for the cloud, including Windows Azure AppFabric Cache for scalable caching. It also describes the Windows Azure AppFabric Service Bus for interconnectivity across networks through messaging with queues and topics. The presentation demonstrates using queues and topics in the cloud and bridging on-premise messaging with the cloud.
This document discusses various technologies related to mobile computing and Java EE architecture. It covers topics such as instant messaging, location-based services, push mail, synchronization, load balancing, caching, and distributed task processing. For each topic, it provides an overview and then discusses different architectural approaches and technologies that can be used to address issues like high availability, scalability, and failure handling in distributed environments.
Force.com is the world's leading cloud platform that lets you build apps rapidly using configuration-driven development and powerful programmatic logic. With Force.com, you can design mobile, social, and real-time apps in the cloud five times faster than with traditional software development approaches.
Watch this webinar to learn about:
:: how Force.com streamlines app development life cycles
:: how Force.com's open architecture facilitates integration with other systems
:: the basics you need to get started building your first app in the cloud
Watch the recording on YouTube:
http://youtu.be/ee1ncea0eeE
Introduction to OAuth 2.0 - the technology you need but never really learnedMikkel Flindt Heisterberg
This document provides an overview of OAuth 2.0 and how it can be used by developers to access user data from an API or service without requiring the user's credentials. It begins with explaining the problem that OAuth solves by allowing access to user data without sharing usernames and passwords. It then demonstrates the OAuth flow through diagrams and descriptions of the steps. These include generating an authorization URL, exchanging the authorization code for tokens, making requests with the access token, and refreshing tokens. The document concludes by noting that a demonstration of OAuth will be shown.
Java Web Programming [1/9] : Introduction to Web ApplicationIMC Institute
This document provides an overview of web application development. It discusses the evolution of application frameworks from single-tier to multi-tier architectures. It also describes the components of a web application like servlets, JSPs, and the web container. The steps for building a simple web application using Eclipse and Tomcat are outlined, including creating the project structure, deployment descriptor, and deploying the WAR file.
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...ZendCon
Extend the market reach of your PHP application while creating additional revenue for your Company! Parallels a worldwide leader in virtualization and automation software that optimizes computing across all major hardware, operating systems, and virtualization platforms has the ideal platform for your PHP Application.
Ims soa tm and db solutions evgeni oct 2011evgeni77
The document discusses IBM's solutions for enabling IMS as a provider and consumer in a SOA environment. It describes tools that allow exposing IMS transactions and data as web services and consuming external services from IMS applications. It also discusses modernizing existing IMS applications through Java integration and leveraging open standards.
- Google offers many APIs including data APIs that allow querying and updating structured data from services like Calendar, Blogger, and Spreadsheets using a single API (GData)
- GData uses the Atom Publishing Protocol and format which provides a standardized way to work with resources and data over HTTP while allowing extensions
- While originally intended for blogs, Atom has proven effective for modeling data through its extensibility though it has some constraints for representing certain data types
The document discusses IBM's WebSphere Process Server (WPS) and WebSphere Integration Developer (WID) products and architecture. It provides an overview of the key components, including the Enterprise Service Bus (ESB), Process Server, human tasks, business rules and processes. It also discusses capabilities like Service Component Architecture (SCA), performance results for banking and contact manager scenarios, and clustering.
Silverlight 1.0 is a web plugin that allows developers to create rich interactive applications using XAML and JavaScript. It provides 2D graphics, animations, media playback and basic text support. Silverlight 1.1 will add a managed .NET programming model using C# to replace JavaScript. Both versions run in the browser sandbox and do not require installation on the client. Silverlight aims to improve the user experience for web applications compared to traditional HTML, CSS and JavaScript.
The document summarizes an App Engine update presentation given by David Chandler, a Google Developer Advocate. The presentation covered new App Engine features including improved SLAs, paid support options, security audits, backends, pull queues, the High Replication Datastore, query planner improvements, and XG transactions. It also provided examples of App Engine customers and common app types, and tips for optimizing performance including using memcache and content caching.
Building Living Web Applications with HTML5 WebSocketsPeter Moskovits
The document discusses how HTML5 WebSockets can be used to build living web applications by enabling full-duplex communications in the browser. It covers the limitations of traditional HTTP for interactive applications, how WebSockets work at a technical level including the handshake and framing, and provides examples of how WebSockets allow new types of real-time messaging apps to be created.
Move to the Lightweight Application Platform
Ankur Agarwal discusses the advantages of delivering applications as software as a service (SaaS) and implications for independent software vendors (ISVs). He introduces the VMware vFabric Cloud Application Platform, which provides a lightweight Java runtime, application services, and tools to build, run, and manage SaaS applications. The platform allows scaling applications elastically on demand and simplifies supporting global users.
Find me if you can – smart fuzzing and discovery! shreeraj shahowaspindia
This document discusses smart fuzzing and discovery techniques for assessing applications. It begins with an introduction of the speaker and his background in security research. It then covers challenges with traditional fuzzing approaches not working well on modern web 2.0 applications. The document discusses discovery techniques like crawling Ajax sites and enumerating hidden entry points. It also covers different attack vectors and payloads to use like XML, JSON, and different web protocols. The challenges of blind SQL injection and behavioral assessment with artificial intelligence are also mentioned.
Mike Taulty MIX10 Silverlight 4 Patterns Frameworksukdpe
The document discusses various frameworks and patterns in Silverlight 4, including ASP.NET client application services, WCF data services, WCF RIA services, navigation, search, and extensibility with MEF. It provides an overview and demos of each technology. The presentation encourages attendees to check the schedule for additional in-depth sessions on topics like OData, WCF data services, WCF RIA services, navigation, search engine optimization, and MEF.
Consuming Web Services in Microsoft Silverlight 3goodfriday
Come hear how to work with external REST, SOAP, and Windows Communication Foundation (WCF) services from Silverlight. Learn how to securely and efficiently communicate with services using Binary XML, debug services with improved Faults support, and implement server-to-client "push" using the new Add Service Reference for Duplex functionality.
Social Photos is an online social network for photographers and photo lovers. Users can take photos and share them on the network. Other users can like, dislike, or comment on photos. The network also integrates location-based features so photos can be listed near the location where they were taken. The social network is built using various Microsoft and non-Microsoft technologies integrated seamlessly. It uses technologies like Entity Framework, WCF data services, OData, and supports multiple client platforms like Windows Phone, Android, iOS, and web clients.
Building Multi-Tenant and SaaS products in PHP - CloudConf 2015Innomatic Platform
Building Multi-Tenant and SaaS products in PHP with the open source Innomatic Platform.
Let’s look at how you can build multi-tenant applications and SaaS products in PHP faster and better with the open source Innomatic Platform.
Presentation at CloudConf 2015
Building Silverlight Applications Using .NET (Part 2 of 2)goodfriday
This session demonstrates building a rich interactive application (RIA) using Silverlight. We cover how to use Microsoft Visual Studio to create applications, how to create UI using XAML markup and code, how to build a custom control, how to retrieve data from a Web service, znc how to manipulate data with XML and LINQ. (This is the second in a two-part series.)
AJAX allows for updating portions of a web page without reloading the entire page. It uses a combination of technologies including HTML, CSS, XML, JavaScript, and the XMLHttpRequest object. This improves responsiveness by reducing unnecessary data transfer and allowing asynchronous data retrieval and updating of specific elements after page load. Some benefits are more desktop-like interfaces, reduced bandwidth usage, and improved productivity by eliminating full page reloads between user actions. Potential disadvantages include increased development complexity and debugging challenges.
This document summarizes a presentation given by Tim Francis and Sarika Sinha at the IBM Rational Software Conference 2009. The presentation introduced the IBM WebSphere Web 2.0 Feature Pack and how to develop rich internet applications using IBM Rational Application Developer. It covered Web 2.0 concepts, the feature pack's capabilities including Web 2.0 to SOA connectivity and AJAX messaging, and using the Dojo toolkit for Ajax development in RAD. A demo was also included.
MS TechDays 2011 - How to Run Middleware in the Cloud Story of Windows Azure ...Spiffy
This document summarizes a presentation about Windows Azure AppFabric. It discusses AppFabric as middleware for the cloud, including Windows Azure AppFabric Cache for scalable caching. It also describes the Windows Azure AppFabric Service Bus for interconnectivity across networks through messaging with queues and topics. The presentation demonstrates using queues and topics in the cloud and bridging on-premise messaging with the cloud.
This document discusses various technologies related to mobile computing and Java EE architecture. It covers topics such as instant messaging, location-based services, push mail, synchronization, load balancing, caching, and distributed task processing. For each topic, it provides an overview and then discusses different architectural approaches and technologies that can be used to address issues like high availability, scalability, and failure handling in distributed environments.
Force.com is the world's leading cloud platform that lets you build apps rapidly using configuration-driven development and powerful programmatic logic. With Force.com, you can design mobile, social, and real-time apps in the cloud five times faster than with traditional software development approaches.
Watch this webinar to learn about:
:: how Force.com streamlines app development life cycles
:: how Force.com's open architecture facilitates integration with other systems
:: the basics you need to get started building your first app in the cloud
Watch the recording on YouTube:
http://youtu.be/ee1ncea0eeE
Introduction to OAuth 2.0 - the technology you need but never really learnedMikkel Flindt Heisterberg
This document provides an overview of OAuth 2.0 and how it can be used by developers to access user data from an API or service without requiring the user's credentials. It begins with explaining the problem that OAuth solves by allowing access to user data without sharing usernames and passwords. It then demonstrates the OAuth flow through diagrams and descriptions of the steps. These include generating an authorization URL, exchanging the authorization code for tokens, making requests with the access token, and refreshing tokens. The document concludes by noting that a demonstration of OAuth will be shown.
Java Web Programming [1/9] : Introduction to Web ApplicationIMC Institute
This document provides an overview of web application development. It discusses the evolution of application frameworks from single-tier to multi-tier architectures. It also describes the components of a web application like servlets, JSPs, and the web container. The steps for building a simple web application using Eclipse and Tomcat are outlined, including creating the project structure, deployment descriptor, and deploying the WAR file.
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...ZendCon
Extend the market reach of your PHP application while creating additional revenue for your Company! Parallels a worldwide leader in virtualization and automation software that optimizes computing across all major hardware, operating systems, and virtualization platforms has the ideal platform for your PHP Application.
Ims soa tm and db solutions evgeni oct 2011evgeni77
The document discusses IBM's solutions for enabling IMS as a provider and consumer in a SOA environment. It describes tools that allow exposing IMS transactions and data as web services and consuming external services from IMS applications. It also discusses modernizing existing IMS applications through Java integration and leveraging open standards.
- Google offers many APIs including data APIs that allow querying and updating structured data from services like Calendar, Blogger, and Spreadsheets using a single API (GData)
- GData uses the Atom Publishing Protocol and format which provides a standardized way to work with resources and data over HTTP while allowing extensions
- While originally intended for blogs, Atom has proven effective for modeling data through its extensibility though it has some constraints for representing certain data types
The document discusses IBM's WebSphere Process Server (WPS) and WebSphere Integration Developer (WID) products and architecture. It provides an overview of the key components, including the Enterprise Service Bus (ESB), Process Server, human tasks, business rules and processes. It also discusses capabilities like Service Component Architecture (SCA), performance results for banking and contact manager scenarios, and clustering.
Silverlight 1.0 is a web plugin that allows developers to create rich interactive applications using XAML and JavaScript. It provides 2D graphics, animations, media playback and basic text support. Silverlight 1.1 will add a managed .NET programming model using C# to replace JavaScript. Both versions run in the browser sandbox and do not require installation on the client. Silverlight aims to improve the user experience for web applications compared to traditional HTML, CSS and JavaScript.
The document summarizes an App Engine update presentation given by David Chandler, a Google Developer Advocate. The presentation covered new App Engine features including improved SLAs, paid support options, security audits, backends, pull queues, the High Replication Datastore, query planner improvements, and XG transactions. It also provided examples of App Engine customers and common app types, and tips for optimizing performance including using memcache and content caching.
Building Living Web Applications with HTML5 WebSocketsPeter Moskovits
The document discusses how HTML5 WebSockets can be used to build living web applications by enabling full-duplex communications in the browser. It covers the limitations of traditional HTTP for interactive applications, how WebSockets work at a technical level including the handshake and framing, and provides examples of how WebSockets allow new types of real-time messaging apps to be created.
Move to the Lightweight Application Platform
Ankur Agarwal discusses the advantages of delivering applications as software as a service (SaaS) and implications for independent software vendors (ISVs). He introduces the VMware vFabric Cloud Application Platform, which provides a lightweight Java runtime, application services, and tools to build, run, and manage SaaS applications. The platform allows scaling applications elastically on demand and simplifies supporting global users.
Find me if you can – smart fuzzing and discovery! shreeraj shahowaspindia
This document discusses smart fuzzing and discovery techniques for assessing applications. It begins with an introduction of the speaker and his background in security research. It then covers challenges with traditional fuzzing approaches not working well on modern web 2.0 applications. The document discusses discovery techniques like crawling Ajax sites and enumerating hidden entry points. It also covers different attack vectors and payloads to use like XML, JSON, and different web protocols. The challenges of blind SQL injection and behavioral assessment with artificial intelligence are also mentioned.
Mike Taulty MIX10 Silverlight 4 Patterns Frameworksukdpe
The document discusses various frameworks and patterns in Silverlight 4, including ASP.NET client application services, WCF data services, WCF RIA services, navigation, search, and extensibility with MEF. It provides an overview and demos of each technology. The presentation encourages attendees to check the schedule for additional in-depth sessions on topics like OData, WCF data services, WCF RIA services, navigation, search engine optimization, and MEF.
Consuming Web Services in Microsoft Silverlight 3goodfriday
Come hear how to work with external REST, SOAP, and Windows Communication Foundation (WCF) services from Silverlight. Learn how to securely and efficiently communicate with services using Binary XML, debug services with improved Faults support, and implement server-to-client "push" using the new Add Service Reference for Duplex functionality.
Mesh services extend web applications to the desktop by providing access to the live social graph, synchronized storage, and offline access. The Live framework provides tools and APIs to build, deploy, run, and update mesh-enabled web applications. Users are in control of accessing their own data and apps through the applications.
This document discusses hacking Web 2.0 technologies and provides an overview of vulnerabilities in Ajax and Web Services. The speaker is Shreeraj Shah, founder of Blueinfy Solutions, who has experience in web security research. The presentation covers trends in Web 2.0 adoption, technologies like Ajax and Web Services, and common attacks such as cross-site scripting and request forgery. It also summarizes methodologies for assessing vulnerabilities, including footprinting, profiling, scanning, and fuzzing, as well as defenses like secure coding practices and firewalls.
Web services present unique challenges for penetration testing due to their complexity and differences from traditional web applications. There is a lack of standardized testing methodology and tools for web services. Many penetration testers are unsure how to properly scope and test web services. Existing tools have limitations and testing environments must often be built from scratch. A thorough understanding of web service standards and frameworks is needed to effectively test for vulnerabilities from both the client and server side.
Janakiram MSV introduced .NET services including Service Bus, Access Control Service, and Workflow Services. Service Bus provides connectivity for applications over the cloud. Access Control Service enables claims-based access control in the cloud. Workflow Services provides infrastructure for hosting and managing workflows on the cloud. The presentation discussed how these services address challenges of distributed computing and provide key building blocks for cloud applications.
1. Windows Azure is a cloud computing platform that provides a hosted environment for building, deploying and managing applications and services through a global network of Microsoft-managed data centers.
2. The platform provides compute, storage and networking services that together support development and hosting of applications scaled for the internet.
3. Key components include the Azure Services Platform for .NET and SQL-based services, Live Services for user-centric experiences, and support for building applications that integrate on-premises and cloud-hosted services using standard protocols.
The document discusses building real-time applications with AWS AppSync. It covers common data needs for apps, such as user registration and analytics. It also discusses challenges like accessing data across devices and building scalable apps. The document then introduces AWS AppSync as a way to build apps that can fetch data in real-time, work offline, and handle interactions like querying, updating, and subscribing to data changes. It provides an overview of GraphQL and demonstrates how AWS AppSync addresses issues like offline support, security, and integrating with other AWS services.
The document summarizes major themes from JavaOne 2009 including cloud computing, social networking, mobile applications, rich Internet applications, interoperability, and the future of Java technologies. Cloud computing topics covered levels of cloud services, providers, and an example using Amazon S3. Social networking covered trends like integration with other sites and monetization. Mobile focused on bringing JavaFX to more devices. Rich applications discussed enhancing user experience with Ajax, push technologies, and JavaFX. Interoperability examined making components work across technologies. The future section previewed upcoming Java releases from NetBeans, Glassfish, Spring, and Oracle.
- SignalR provides a simple way to add real-time web functionality to applications. It allows for persistent connections and messaging between servers and clients.
- It abstracts away the various techniques for real-time communication like websockets, long polling, and server-sent events and chooses the best transport.
- SignalR uses hubs to facilitate two-way communication between clients and servers through methods. This allows for different message types and structures to be sent.
Mike Taulty MIX10 Silverlight Frameworks and Patternsukdpe
This document provides an overview and summary of Silverlight 4 frameworks, patterns, and capabilities. It discusses ASP.NET client application services, WCF data services, WCF RIA services, navigation, search, extensible applications using MEF, and the MVVM pattern. The document includes several demos that could be shown to illustrate these topics. It also provides information on related sessions at the conference to learn more.
This document summarizes Harry Lin's presentation about securing critical workloads on AWS. The 3 main points are:
1) AWS provides security features at multiple layers including encryption, identity and access management, and auditing. Customers are responsible for security within their applications while AWS handles security of the cloud platform.
2) AWS services like CloudTrail, Config, and WAF can help customers with security monitoring, auditing changes, and blocking attacks.
3) A case study of an e-commerce company MyDress showed how moving to AWS improved availability during promotions and attacks while reducing costs compared to an on-premise infrastructure.
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise ArchitecturesBIOVIA
The Accelrys Enterprise Platform is an integration and application platform that allows for a spectrum of deployment options from personal productivity to enterprise architectures. It provides connectivity through web services, data integration, and application integration. The platform architecture supports various client interfaces and deployments ranging from laptop to HPC environments. Future directions include increased focus on mobile, web standards, security standards, and performance while expanding deployment options like the cloud.
Anatomy of a web app
HTML5
CSS3
This presentation has been developed in the context of the Mobile Applications Development course, DISIM, University of L'Aquila (Italy), Spring 2014.
http://www.ivanomalavolta.com
Building Components and Services for the Programmable Webgoodfriday
Want to learn how to expose components and services like Windows Live Local and Virtual Earth, but not sure where to begin? This session introduces real-world design patterns and best practices for constructing reusable Web components and Web-based services for the programmable Web.
Application Services On The Web Sales ForcecomQConLondon2008
The document discusses Force.com, a platform as a service (PaaS) offering from Salesforce.com. Force.com allows developers to build and host web applications in the cloud without having to manage infrastructure. Key features mentioned include the use of Apex code to build applications, a metadata data model, and APIs to integrate applications. Security features like single sign-on and IP restrictions are also summarized.
This document provides an overview of Microsoft's Azure cloud services platform. It discusses key Azure capabilities and services including compute, storage, SQL Azure database, service bus, and access control. Azure provides scalable infrastructure and platform services that allow developers to build and host applications in the cloud using familiar .NET tools. The document also demonstrates a sample grid computing application built on Azure and highlights reasons to consider cloud computing such as reducing costs, improving scalability, and reducing IT overhead.
Real time Communication with Signalr (Android Client)Deepak Gupta
This document discusses real-time communication using SignalR. It begins with examples of real-time applications and techniques for implementing real-time functionality like polling, long polling, and web sockets. It then introduces SignalR as a library that provides real-time functionality in ASP.NET applications and supports cross-platform communication. Implementation details are covered for both the server-side Hub API in ASP.NET and client-side usage in JavaScript and Android apps. Common use cases for SignalR are also listed.
Web API or WCF - An Architectural ComparisonAdnan Masood
ASP.NET Web API is a framework that makes it easy to build HTTP services that reach a broad range of clients, including browsers and mobile devices. The new ASP.NET Web API is a continuation of the previous WCF Web API projection. WCF was originally created to enable SOAP-based services and other related bindings. However, for simpler RESTful or RPCish services (think clients like jQuery) ASP.NET Web API is a good choice.
In this meeting we discussed what do you need to understand as an architect to implement your service oriented architecture using WCF or ASP.NET web API. With code samples, we will elaborate on WCF Web API’s transition to ASP.NET Web API and respective constructs such as Service vs. Web API controller, Operation vs. Action, URI templates vs ASP.NET Routing, Message handlers, Formatters and Operation handlers vs Filters, model binders. WebApi offers support for modern HTTP programming model with full support for ASP.NET Routing, content negotiation and custom formatters, model binding and validation, filters, query composition, is easy to unit test and offers improved Inversion of Control (IoC) via DependencyResolver.
You will walk away with a sample set of services that run on Silverlight, Windows Forms, WPF, Windows Phone and ASP.NET.
Similar to Working with Data and Web Services in Microsoft Silverlight 2 (20)
The document provides information about Easter traditions and symbols. It discusses that Easter is celebrated on the first Sunday after the first full moon after March 21st and commemorates Jesus' resurrection. Common Easter symbols mentioned include eggs, bunnies, lambs, and crosses which represent new life, spring, and Jesus. The document also includes Easter jokes, riddles, poems, and tongue twisters.
This newsletter from the Asian Indian Christian Church discusses the Lenten season and upcoming church services. The pastor's letter encourages readers to observe Lent by giving up negative habits and focusing on spiritual growth. It provides suggestions for how to improve oneself, such as giving up complaining and focusing on others' good qualities instead. The newsletter also announces the Saturday Bible study series on faith and upcoming Holy Week and Easter services.
This document provides information about church services and events taking place at Holy Trinity Church in Brussels for the week of March 22nd, 2009. It includes details about Sunday services, Bible readings and prayers for the week, notices about upcoming Easter services and events, and announcements regarding church life and the local community.
This document provides the mass and confession schedule for St. Mary's Cathedral Church in Newcastle upon Tyne for March and April 2009. It includes the regular daily and Sunday mass times. It also highlights special services and masses during Holy Week and Easter, including Palm Sunday, Maundy Thursday, Good Friday, Holy Saturday, and Easter Sunday masses. The ordination of Bishop Seamus Cunningham on March 20th is also noted.
The document contains the swimming pool schedule for two weeks. In the first week, the large pool and small pool have general swim times on weekdays from 7:30-9:30am, 10am-12pm, 2-4pm, and 5-7pm. Fun swim with inflatables or beach parties is from 2-3pm. The second week has similar swim times but is over the Easter holiday with some sessions closed or having different times.
This document provides information about the Holy Week and Easter services at a church. It describes the events that will take place each day, from Palm Sunday through Easter Sunday, including pancake breakfasts, morning prayers, Holy Eucharist services, Taizé services, Tenebrae services, foot washing on Maundy Thursday, Good Friday Stations of the Cross, and the Easter Vigil. The purpose is to walk with parishioners through the full Holy Week journey from Jesus' triumphant entry to Jerusalem to his resurrection.
The pastor describes an interesting experience during a Good Friday Stations of the Cross walk. As the group stopped to pray outside a known crack house, some of the residents came out. The pastor engaged one man and invited him to join, which he did. More people from the area started gathering as they saw the cross. At another station, the leader of the house approached concerned but calmed down when the pastor explained what they were doing. The pastor invited him to keep walking but he had a job interview and said he may come to Easter services instead.
This document provides information about Lenten programs and events at the Swarthmore Presbyterian Church. It lists the schedule for Ash Wednesday worship services, lectures and discussions with a visiting theologian Amy-Jill Levine from March 27-29. It also advertises Lenten devotional materials and notes office hours. Sundays in Lent and Holy Week services leading up to Easter Sunday on April 12 are detailed, including Palm Sunday, Maundy Thursday, Good Friday, and Easter Sunday worship opportunities.
Easter services for several churches in Melbourne are listed, including dates for Palm Sunday, Maundy Thursday, Good Friday and Easter Day in 2009. The Baptist, Catholic, Methodist and United Reformed churches provide details of their Easter services and events, including times for masses, family services and musical performances. The document encourages people to attend any of the warmly welcoming services held by churches celebrating Easter together in Melbourne.
St. Stephen's Anglican Church in Calgary announced their Holy Week services for April 2009, including Palm Sunday with blessing of palms on April 5th, Maundy Thursday Eucharist and altar stripping on April 9th, Good Friday liturgy and music on April 10th, Easter Vigil with blessing of fire on April 11th, and Easter Sunday Eucharist on April 12th at both 8am and 10:30am.
This document provides the mass schedule, ministry schedules, and announcements for Our Lady of the Presentation church in Poolesville, MD for the week of Easter Sunday. It includes the times for masses and intentions, schedules for altar servers, eucharistic ministers, lectors, and ushers. It also lists upcoming events like a fashion show, yard sale, and camp information. It provides the parish prayer list and requests for the week.
This document provides information about mass times and sacraments at St. Anthony's Catholic Church in Tahmoor, NSW, Australia. It lists the mass times on Saturdays at 6:00pm and Sundays at 7:30am and 9:30am. It also provides the dates and times for Lent, Holy Week, Easter Sunday masses and the sacramental program for 2019, including First Communion in May and Confirmation in August. The parish priest, Father John Ho, invites parishioners to join in worship, especially during Lent, and provides his contact information for anyone needing pastoral care.
This document provides information about various religious events taking place at local churches, including Easter egg hunts, prayer vigils, blessing of motorcycles and fleets, and Holy Week mass schedules. It also includes announcements about charitable donations, prevention of child abuse, financial reports, and school news.
This document announces church services and activities at CFC for Holy Week and Easter. It also provides information on various men's and women's ministries, including breakfast meetings, Bible studies, and fellowship events. Details are given about signing up for the church's coed softball teams and an upcoming women's ministry event called "Girlfriends Unlimited."
This document provides information about upcoming religious services and events at a church for the weeks surrounding Easter Sunday on April 12, 2009. It lists the times and locations for services on Palm Sunday, Maundy Thursday, Good Friday, and Easter Sunday, as well as prayer requests and names of military members and nursing home residents to remember. A continental breakfast and prayer vigil are also announced.
The document provides details about Lenten and Easter events at St. James Parish, including Ash Wednesday services, Lenten soup suppers and Stations of the Cross on Fridays, confessions on Saturdays in March, and presentations on the letters of St. Paul. It concludes with details on Palm Sunday, Holy Week (Holy Thursday, Good Friday, Holy Saturday), Easter Sunday masses, and First Communions taking place through the Season of Easter.
The document lists various motorsports and racing events taking place in Mildura, Australia over the 2009 Easter weekend, including arena motocross, speedway racing, drag racing, and ski racing. Events will be held from Good Friday through Easter Sunday at locations like Timmis Speedway, Olympic Park Speedway, Sunset Strip, and the Murray River. Admission prices and contact details are provided for each event.
Easter trading hours for 2009 are outlined for various license types on specific dates. Normal trading hours generally apply except for Good Friday, where on-premises sales are only permitted from noon to 10pm without takeaway, and packaged liquor stores are closed for retail trading. Some license types like registered clubs and hotels have additional restrictions on Good Friday and Easter Saturday. Notes provide further clarification on things like 6-hour closure rules and vessel trading hours.
This document provides information about Holy Week and Easter events at St. Madeleine Sophie Catholic Parish, including dates and times. It discusses the Triduum (Holy Thursday, Good Friday and Holy Saturday), Easter Vigil mass, Easter Sunday masses, and the end of Lent and beginning of the Easter season. Key events include stations of the cross on Good Friday, mass of the Lord's supper and prayer before the Blessed Sacrament on Holy Thursday, and Easter Vigil mass on Holy Saturday including baptism and confirmation.
This document provides the schedule of events for Bethlehem Lutheran Church in March and April 2009. It includes the weekly schedule with times for worship services, meetings, rehearsals and classes. It also outlines the schedule for Lenten services held each Wednesday in March, culminating in Maundy Thursday and Good Friday services. The Easter schedule is noted, including an Easter Vigil service on April 11 and worship services with communion on Easter Sunday April 12 at 8:00am and 10:30am, along with an Easter breakfast from 9-10:30am.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
4. Images
Sounds
Videos
RSS/Atom
Feeds
New services
you build
In-Browser Application
Existing
Intranet
services
Public
Internet
mashup APIs
5. Images
<XAML/> Sounds
Videos
1.0 RSS/Atom
Feeds
New services
you build
JavaScript
?
AJAX (XmlHttpRequest) Existing
Intranet
services
Public
Internet
mashup APIs
HTML
6. Images
Sounds
Videos
RSS/Atom
2 Feeds
New services
you build
Managed Code (C#/VB)
Existing
Intranet
services
Public
Internet
mashup APIs
HTML
10. WCF
Service
1. Create the Service
2. Define what it does
3. “Add Service Reference”
4. Use the Service!
We’ll also cover:
- Migrating service usage from SL 1.1 Alpha
- Securing services
11. “Add New Item” (in Web Site / Web App)
“Silverlight-Enabled WCF Service”
Temporary for Beta1:
“Add New Item” “WCF Service”
Change wsHttpBinding basicHttpBinding in config
basicHttpBinding
<endpoint contract=“IShoppingService” binding=“wsHttpBinding”…>
12. [ServiceContract] for the service class (interface in Beta1)
[OperationContract] for methods (in the interface in Beta1)
[DataContract]/[DataMember] for data types
[ServiceContract]
public class ShoppingService {
[OperationContract]
Product[] GetProducts(string searchString)
{ /*... Implementation ... */ }
}
Nothing Silverlight-specific
[DataContract]
public class Product {
Regular WCF code!
[DataMember]
public string description;
[DataMember]
public string pictureUrl;
}
13. In the Silverlight project: “Add Service Reference”
“Discover” button will find services in solution
Can also give external URL (more on this later)
After Beta1: command-line equivalent (slsvcutil.exe)
14. var proxy = new ShoppingServiceClient();
•
Default address chosen if no parameters given
•
Can pass in address manually
•
But what if the service moves?
•
Configuration support after Beta1
•
No need to recompile Silverlight client code if service moves
•
Can reuse one Silverlight app for many services
•
15. Only asynchronous calls supported
•
Set up GetProductsCompleted event
•
“Tab,Tab” in Visual Studio
•
Call GetProductsAsync
•
var proxy = new ShoppingServiceClient();
Tab Tab
proxy.GetProductsCompleted +=
new EventHandler<GetProductsCompletedEventArgs>
(proxy_GetProductsCompleted);
proxy.GetProductsAsync(“book”);
void proxy_GetProductsCompleted(object sender, GetProductsCompletedEventArgs e)
{
// Process response…
}
16. All generated types/collections support data binding
•
Future Possibility:
•
Advanced data binding to services (XAML-only)
E.g. <GetProductsDataSource />
17. Breaking change on the Client-side
•
Remove “Web References”
•
Do “Add Service Reference”
•
FYI: Data format is now SOAP, not JSON
•
Server-side code does not have to change in
•
most cases
Details in documentation
•
18. Silverlight will use auth. information in the browser
E.g.: ASP.NET login
Credentials
User:
YourDomain.com
Password:
Auth info (e.g. cookie)
Service calls + Auth info
Silverlight code does not normally
HTML deal with credentials (user, password)
19. Silverlight will use auth. information in the browser
This is exactly what you want!
Login once for web page + Silverlight
To get user identity in WCF Services:
Turn ASP.NET Compat Mode on (template will do this for you)
HttpContext.Current.User – current user
20. Images
Sounds
Videos
RSS/Atom
2 Feeds
New services
you build
Existing
Intranet
services
Public
Internet
mashup APIs
22. Services for
your Silverlight
project
WCF
SOAP
services in the
enterprise
SOAP
Automatic Computer-Readable services
Proxy Metadata on the Internet
Generation (e.g. WSDL)
SQL Server
Data Services*
(Astoria)
23.
24. Works with:
Any “simple” SOAP service (e.g. Live Search)
SOAP 1.1 (Basic Profile – compatible)
Server-side may be JAVA, WCF, ASMX, etc.
A few restrictions (e.g. SOAP Faults not supported)
Future Possibility: SQL Server Data Services
(Astoria)
Can’t talk to just any service…
Silverlight-Wide Cross-Domain Restrictions…
25. MyBank.com Login
Credentials
User:
MyBank.com
Password:
Auth info (e.g. cookie)
Could steal or
change data
Malicious call + Auth info
if protection
wasn’t in place
Malicious application
EvilApps.com
26. Silverlight does not allow applications to
cross domain boundaries by default
MySite.com/silverlightApplication.xap
cannot call
SomeOtherSite.com/someService.svc
SecurityException if you try
Silverlight allows the calls if target site opts in
How do services opt in?
When should services opt-in?
27. SL app from InnocentMashups.com
SL app from EvilApps.com
InnocentMashups.com Weather.com
EvilApps.com MyBank.com
On first call to MyBank.com:
http://MyBank.com/clientaccesspolicy.xml
Does not exist:
SecurityException will be thrown
On first call to Weather.com:
http://weather.com/clientaccesspolicy.xml
Exists:
Silverlight will let the call go through (if policy allows)
28. Silverlight looks for two policy files:
Silverlight policy: clientaccesspolicy.xml
Adobe Flash policy: crossdomain.xml
Already used by etc…
All public services that work with Flash –
will also work with Silverlight
29.
30. “Private” services (for your own app)
DO use browser-based authentication
Cookies, HTTP Auth, etc.
DO NOT enable public access via cross-domain
policy file
“Public” services (for 3rd-party apps)
DO NOT use browser-based authentication
DO publish cross-domain policy files
DO use “cross-domain-safe” authentication
E.g. URL signatures
DO separate public services in their own domain
E.g. api.flickr.com vs. www.flickr.com
33. “Mashup APIs”
“Web APIs”
REST
Services
“POX”
Some Human-Readable (Plain Old XML)
Manual Documentation services
Work
Required
JSON
Services
1. Build a URL
2. Make a request
3. Work with request/response data (XML or JSON)
34.
35. Code was exactly as in the regular
.NET Framework!
Good news for existing .NET developers
Some Silverlight-specific things to be aware of…
36. Build a URL
What are the allowed protocols?
Where can I connect to?
Make a Request
How do I make a request?
What are the restrictions on requests?
Working with Request/Response Data
How do I work with XML?
How do I work with JSON?
37. Build a URL
What are the allowed protocols?
Where can I connect to?
Make a Request
How do I make a request?
What are the restrictions on requests?
Working with Request/Response Data
How do I work with XML?
How do I work with JSON?
38. HTTP and HTTPS
Some restrictions on HTTPS, cross-scheme
A few of these will go away after Beta1
Subject to cross-domain rules
Must have policy file if not local URL
No ftp:// or file:// URLs
Sockets support for non-HTTP Services
Originating server only (in Beta1)
Port number restrictions
Not in scope for this talk
39. Build a URL
What are the allowed protocols?
Where can I connect to?
Make a Request
How do I make a request?
What are the restrictions on requests?
Working with Request/Response Data
How do I work with XML?
How do I work with JSON?
40. WebClient
Simple to use
Limited functionality
HttpWebRequest
Access to all features
Future possibility:
Usability Improvements to HTTP client
Serializer integration, URI templates, etc.
Available as a sample
http://code.msdn.microsoft.com/SilverlightWS
41. WebClient w = new WebClient();
Tab Tab
w.DownloadStringCompleted +=
new DownloadStringCompletedEventHandler
(w_DownloadStringCompleted);
w.DownloadString(myUri);
static void w_DownloadStringCompleted(object sender,
DownloadStringCompletedEventArgs e)
{
// Process the response ...
}
Only Async supported – otherwise browser would hang
Calling from non-UI thread (sync/async) – not supported
42. Build a URL
What are the allowed protocols?
Where can I connect to?
Make a Request
How do I make a request?
What are the restrictions on requests?
Working with Request/Response Data
How do I work with XML?
How do I work with JSON?
43. High-level components and User Code
HttpWebRequest
Browser Plugin APIs Restrictions
Web Browser
- Cookies
- Authenticated sessions Restrictions
- Caching
- Proxy server to use
Windows/Mac
Networking Layer
44. Silverlight exposes all HTTP features that the
browsers make available
Supported features are equivalent to Flash
45. HTTP GET and POST
No PUT, DELETE, …
Setting headers on HTTP GET: only same domain
Response headers: can only read Content-Type
Response codes: only success/fail
No 403/404/etc, no message body
Redirects: Work (may be blocked in cross-domain)
Cannot override the browser
Can’t control / turn off caching
Can’t control HTTP Authentication credentials
Can’t read/write cookies
Can’t control HTTPS Client-Side Certificates
Can’t read HTTPS Server-Side Certificates
46. Cross-Domain and HTTP restrictions:
Some services not accessible from rich
browser apps (both Flash and Silverlight)
Change must come from:
Browser APIs - IE, NPAPI (Safari & FireFox)
Service Owners
e.g. Google allows X-Http-Verb-Override:DELETE inst. of HTTP DELETE
Can use a proxy:
SL app
47. Build a URL
What are the allowed protocols?
Where can I connect to?
Make a Request
How do I make a request?
What are the restrictions on requests?
Working with Request/Response Data
How do I work with XML?
How do I work with JSON?
48. XmlReader/XmlWriter
Linq to XML
static void w_DownloadStringCompleted(object sender
DownloadStringCompletedEventArgs e)
{
XElement x = XElement.Parse(e.Result);
foreach (photo in x.Elements(quot;photoquot;)) {
//...
}
}
XmlSerializer
49. Pre-build a type using XML Attributes
public class Photo
{
[XmlElement] public string photoName;
[XmlElement] public string location;
[XmlAttribute] public string size;
}
Serialize / Deserialize
XmlSerializer xs = new XmlSerializer(typeof(Photo));
Photo p = (Photo) xs.Deserialize(myHttpResponseStream);
string name = p.photoName;
Requires manual work to build the type
50. public class Video
{
Paste
[XmlElement] public string author;
[XmlElement] public string id;
[XmlElement] public string title;
[XmlElement] public string url;
Copy
}
Functionality already available in XSD.EXE tool
51. Build a URL
What are the allowed protocols?
Where can I connect to?
Make a Request
How do I make a request?
What are the restrictions on requests?
Working with Request/Response Data
How do I work with XML?
How do I work with JSON?
52. “JavaScript Object Notation”
Easy and fast to parse in JavaScript in
browsers
Often no real reason to use it for SL, except…
Reusing existing services built for AJAX pages
Smaller message size
(but binary XML is a future possibility)
Example:
{“Person”:{“name”:”john”,”age”:42}}
53. “Linq to JSON” (currently a sample)
http://code.msdn.microsoft.com/SilverlightWS
JsonObject j = JsonObject.Load(myString)
int a = j[“Person”][“age”];
{“Person”:{“name”:”john”,”age”:42}}
var cities = from JsonBaseType city in jObj[“citiesquot;]
select new CityDisplay {Name = city[quot;namequot;],
Population = city[quot;populationquot;] };
{“cities”:[{“name”:”Vegas”,”population”:1000},
{“name”:”Seattle”,”population”:2000}]}
54. Using the DataContractJsonSerializer
public class Person
{
public string name;
public int age;
}
Pre-build type, then deserialize and use
{“Person”:{“name”:”john”,”age”:42}}
56. RSS 2.0
Feeds
Atom 1.0
Feeds
Built-in Conform to
Atom
classes a Standard
Publishing
to work with
(Future?)
such services
SyndicationFeed feed = SyndicationFeed.Load(…)
foreach (SyndicationItem item in feed)
{
//Do something with item
}
57.
58. Protocols
RSS 2.0, Atom 1.0
Future possibility: Atom Publishing Protocol
Essentially the same as in .NET 3.5
SyndicationFeed, SyndicationItem, etc.
Can read / write feeds
“Feed Extensions” exposed as XML
Subject to same cross-domain restrictions, etc.
Use HttpWebRequest/WebClient,
then Syndication to parse
60. Creating Services for Silverlight
Creating and consuming WCF services
Securing local services
Creating public services (safe for cross-domain)
Accessing Services that Describe Themselves
“Add Service Reference”
Accessing Services that Don’t Describe Themselves
WebClient / HttpWebRequest, manual work
Accessing Feeds
RSS/Atom
63. •
Denial of Service
•
No protection (for now?)
•
Browser may hang if talking to malicious service
•
64. Timeline
SL1.1
SL1.1 SL1.1 SL 2
SL 1.0 Alpha
Alpha Dec CTP Beta1
Refresh
• Demonstrated
• Beta at MIX • Sep. 07
at MIX 07
07
• Shipped in
Sep. 07
“Full” service consumption
No service
“Temporary”
consumption story
story
(Consume ASP.NET AJAX services
only)
Nothing you will see today is “set in stone”
65. Aside: Core vs. Extensions
Core:
Small initial download
Only critical pieces
Extensions:
Additional .dlls (possibly hosted at Microsoft)
Same security restrictions as user code
Can be downloaded automatically – no need to ask the user
Main XAML file lists required extensions
66. SOAP in Silverlight: Architecture and Extensibility
Generated Proxy Generated Proxy (Complex)
(Simple) Custom / User
Proxy Runtime (Simple) Proxy Runtime (Complex) Code
WCF Channel Stack
Various Channels
In Core
User-defined
In
Extension
Encoders
Possible
User-defined
Textual XML
Streaming Binary XML
Transport Channels Extensibility
User-defined
HTTP(S) Duplex HTTP Duplex
67. HTTP Stack
Most services (SOAP, REST/POX, RSS/Atom feeds, …) accessable via HTTP
How it works:
High-level components User code
Web services proxies, Downloader control, E.g. POX
…
HttpWebRequest
Browser Plugin APIs XmlHttpWebRequest
IE/Firefox/Safari JavaScript
Web Browser
- Cookies, authentication info
- Caching
- Proxy server to use
Windows/Mac Networking Layer
68. Cross-Domain Calls: Service Opt-In: AJAX
• AJAX: Uses “JSONP” data format
– <script src = “…”> allows cross-domain
– HTML DOM: <script src=“http://weather.com/GetWeather?zip=98052”>
– Returns: function getResult { return {“temp”:59,”descr”:”cloudy”}}
– Used by EBay, Facebook, Yahoo, Del.Icio.Us, Flickr, …
– Requires special format, only works for AJAX
69. SL app from InnocentMashups.com
SL app from EvilGames.com
http://financeData InnocentMashups.com Weather.com
EvilApps.com
How do we know when cross-domain access is safe?
Rule of thumb: Can it be done without SL?
70. Cross-Domain Restrictions
Client Location
SL app from Origin URL
Origin URL Target URL
• Only the target service knows
if it’s safe to call it in a cross-domain way
71. Cross-Domain Restrictions
• Definition of cross-domain:
E.g. from http://foo.com/myApp.xap
• Considered cross-domain if:
– Different domain: http://bar.com/service.svc
– Different subdomain: http://xyz.foo.com/service.svc
– Different scheme: https://foo.com/service.svc
– Different port: http://foo.com:5050/service.svc
• Allowed: http://foo.com:80/bar/service.svc
72. Cross-Domain Policy Files
• Checked at the root of the domain
• E.g. request to http://foo.com/bar/service.svc
– Check http://foo.com/clientaccesspolicy.xml
– If not - check http://foo.com/crossdomain.xml
– If not – request fails, SecurityException
74. Unsafe for Cross-Domain
Client Location
Relying on:
Anything in the browser
SL app from Origin URL
Cookies
Authenticated Sessions
Zone (intranet) boundary
Origin URL Target URL
IP-address restrictions
…
75. Safe for Cross-Domain
• Relying on:
– The message contents, or
– The request URL
http://api.myservice.com/ErasePicture?
pictureName=Sunset123&
album=nature&
authToken=a4563c5ff0
• E.g. OAuth standard
76. Restrictions
• Cross-domain access
– Silverlight-wide restrictions on accessing data
cross-domain
– Add Service Reference is “smart” –
will try and warn you if this is an issue
• SOAP Faults not supported
– Remember the HTTP Error Code restriction?
• Restrictions likely to go away after the Beta:
– No one-way operations
– Some schema not supported
– No SOAP headers from WSDL
77. Creating the Proxy
• After Beta1: Address Change Support
• No longer need to recompile application if service moves
• Easy to write reusable components
• Easy to move between dev box / staging / production
WeatherServiceClient proxy = new WeatherServiceClient();
Silverlight .XAP package
YourApplication.dll
The .XAP package is just a
renamed .ZIP file
(other files…)
ServiceReferences.clientConfig
<endpoint address=“http://new.address.live.com” … />
(subset of WCF configuration)
78. Migrating from SL1.1 Alpha Services
• Breaking change on the Client-side
• Remove “Web References”
• Do “Add Service Reference”
• FYI: Data format is now SOAP, not JSON
• Server-side code does not have to change
• ASMX JSON services always do SOAP as well
• WCF JSON services – can add SOAP with simple
config change
• Some edge-case services that do JSON-specific
things may require server-side changes