.NET Web Forms

bevyquixoticSecurity

Nov 3, 2013 (4 years and 1 month ago)

123 views

1

.NET Web Forms

Web Services

© 2002 by Jerry Post

2

Web Service Principles


Primary goal: small independent programs that can be called to
perform a task or deliver data by other programs on diverse
machines, all using Web transfers and standard protocols.


Accessible by URL


Data transfer by XML, preferably over HTTP


XML Schemas to define data structures


SOAP to handle activation


Registered on a public registry, with descriptive information to enable
its use


Universal Description, Discovery, and Integration (UDDI)


Web Services Description Language (WSDL)

Esposito, Ch. 9, p. 285
-
315; Short, 2002.

3

Web Services Perspective

User: Browser

Primary application

Legacy data

Service:

data analysis

HTML

XML

4

Web Service Structure


Your Web service


Receives a request via HTTP


It might contain data within an XML transfer


Your code performs some action (e.g., look up data)


And returns an XML result


It will be name something.ASMX

5

.NET Web Services


Create a new class that inherits from
System.Web.Services.WebService








WebService Attribute


Not required, but used by WSDL to document your service.


Name = “”


Description=“”


Namespace=“”

usually your url, but could be anything unique

<%@ WebService Language=“VB” Class=“MyService1” %>

[WebService(Namespace=“something/whatever”, Name=“MyService”,


Description=“Sample test service”)]

Public Class MyService1


Inherits WebService



End Class

6

WebMethod


A Web Method is a function performed by your service. It must be
declared as a WebMethod to be accessible.





[WebMethod(MessageName=“GetProductList”, CacheDuration=60,
Description=“Main item list.”)]

Public Function GetProducts() As DataSet



End Function


[WebMethod(MessageName=“GetOneProduct”, Description=“Detailed
information about one item.”)]

Public Function GetProducts(ByVal ItemID As Integer) As DataSet



End Function

7

WebMethod Properties


BufferResponse (true by default)


CacheDuration (seconds to hold in memory)


Description (mostly for WSDL)


EnableSession (false by default, avoid because it might require
cookies)


MessageName (Lets you expose a different name to the public)


TransactionOption (activates transaction support)


8

Invoking a Web Service


Three methods


POST command that contains a SOAP request


POST command specifying method name and parameters


GET command with URL specifying method name and parameters

POST URL, etc

<soap: Envelope …>

<soap:Body>


<GetOneProduct xmlns=«

unique name

»>



<ItemID>15</ItemID>


</GetOneProduct>

</soap:Body>

</soap:Envelope>

POST
URL/MyService.asmx/GetOneProduct

ItemID=15

GET
URL
/MyService.asmx/GetOneProduct?ItemID=15

9

Handling the Response


Your calling application receives a response as an HTTP return
packet. If you use SOAP, you get SOAP back, otherwise, straight
XML.

HTTP/1.1 200 OK

Content
-
Type: text/xml; charset=utf
-
8

Content
-
Length:
(some number)

<?xml version=“1.0” encoding=“utf
-
8”?>

<DataSet xmlns=“your service name”>


<schema xmlns=“http://www.we.org/2001/XMLSchema”>



(schema info)


</schema>


(XML version of the DataSet)

</DataSet>

10

Proxy Class within .NET


Once the service is created (or known), you can create a proxy
class and install it in your application. Your application will then
build all of the code needed to cal the Web service and process the
results. You treat it as if it were a simple class (but remember the
round
-
trip delay to go get the data).


Find or build the original service.


On your application machine, create a proxy class
--
command line:

wsdl.exe /out:MyService1Proxy.vb /namespace:ServiceNameSpace
/language:VB url


Add the resulting class to your project, by adding a Reference within
the page where you want to use it

<%@ Assembly Name=“MyService1Proxy” %>

Dim ds As DataSet = New DataSet()

Dim srv As Namespace.MyService1 = new Namespace.MyService1()

Ds = srv.GetOneProduct(15)

11

Web Service Security: Authentication


Three built
-
in possibilities by inheriting from WebService, and can
be set in web.config file:


Windows integrated (default)


Form
-
based


Microsoft passport (requires payment to Microsoft)


Usually easier (and cheaper) to create your own table of users and
authenticate against it. As a service, users would have to call a
logon method first, which would give them an encrypted token.
Other method requests would require (and test) the token.

12

Summary


Web service technologies are relatively standardized and can be
built using diverse technologies.


Authentication is still an issue because there are no accepted
standards.


Finding useful commercial ideas appears to be difficult.


Charging for commercial services is going to be a nightmare for a
while (except maybe as a monthly service).



But Web Services are great for internal use, because it separates
applications, and makes it much easier to centralize some data.


Academic example: there should be only one student database. All
other applications should be able to send a Student ID and get
whatever student data they need and are authorized to see.