540 likes | 760 Views
Consuming Web Services in Microsoft Silverlight 3. Eugene Osovetsky Program Manager Microsoft Corporation. We'll Cover 3 Scenarios :. Simple Back-End Data Access. WCF, SOAP. “Data Push” (Server to Client). WCF. Mashups (Using REST APIs). REST, XML/JSON, Atom/RSS.
E N D
Consuming Web Services in Microsoft Silverlight 3 Eugene Osovetsky Program Manager Microsoft Corporation
We'll Cover 3 Scenarios: Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST,XML/JSON,Atom/RSS
Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST,XML/JSON,Atom/RSS
Back-End Data Access: Silverlight 2 Recap WCF • Server: • “Add New Item…” “Silverlight-enabled WCF Service” • Or any BP SOAP service… • Client: • “Add Service Reference”
demo Product Catalog – Accessing Server Data from Silverlight
Common Pain Points WCF • Performance • SOAP / XML “bloat” • Handling Error Conditions • Debugging impossible: • Can’t use SOAP Faults • Security • No automated way to send user credentials (if cannot rely on browser) • Can’t do “Add Service Reference” as part of build process System.ServiceModel.CommunicationException: The remote server returned an error: NotFound
Performance • Errors / Faults / Debugging • Security • Proxy Creation
demo Optimizing Performance withBinary XML
Binary XML • Browser apps are often “chatty” • You pay for bandwidth and server capacity • Sometimes a tradeoff… • Bandwidth: Compression at HTTP level (Turn on in IIS) • Server Capacity: Binary XML • More clients with existing server capacity
Binary XML Characteristics • NOT Compression (but usually reduces size) • Optimizes for Speed, not Size • Biggest gains • Arrays, Numbers, Complex type graphs, Byte Arrays (binary blobs) • Not optimized • Very small messages • Strings • Even repeated strings - Difference from netTcpBinding • Recommendation: Always use Binary • “Silverlight-enabled WCF Service”- now Binary by default
Binary XML: Server ThroughputUsing "typical" message payloads 24% 71% Your mileage may vary
Binary XML: Message Size ReductionUsing large messages with arrays of "typical" data Your mileage may vary
Performance • Errors / Faults / Debugging • Security • Proxy Creation
demo Fault / Error Handling and DebuggingAttempt #1: Naïve Approach
Naïve Approach: Just call the service • No error info on the wire: • Security reasons • So… No error info in Silverlight • Need to Enable Debugging • IncludeExceptionDetailsInFaults=true
demo Fault / Error Handling and DebuggingAttempt #2: Enable Debugging
With Debugging Enabled: • Error info is on the wire • Error info still not in Silverlight! • Can use “Fiddler Debugging”, but… • … not with Binary XML • … not with HTTPS • … can be hard to set up System.ServiceModel.CommunicationException: The remote server returned an error: NotFound
Why No Error Info in Silverlight? WCF • Server • Sends HTTP 500 Error Code (SOAP standard) • Not supported by browser plugins (like Silverlight) • Solution: Switch to HTTP 200 Code • How? • WCF Sample (“Message Inspector Sample”) athttp://code.msdn.com/SilverlightWS • Looking into a better solution after Beta1
Why No Error Info in Silverlight? WCF • Client: • No support for faults in Silverlight 2 • Even with HTTP 200 • Supported in Silverlight 3 • ExceptionDetail • FaultException<T> • Etc …
demo Fault / Error Handling and DebuggingWith Silverlight 3 Faults Support
Performance • Errors / Faults / Debugging • Security • Proxy Creation
Securing Services: 2 Options • How is identity communicated to the service? • Browser-Based (Automatic)Examples • Windows Authentication • Cookies • Message-Based (Manual) Examples • URL parameters • SOAP headers with Username/Password
Browser-Based Authentication Example with Cookies + Forms Auth E.g.: ASP.NET loginUser:Password: Credentials YourDomain.com Auth info (cookie) Service calls + Auth info Browser
Browser-Based Authentication Login through Silverlight YourDomain.com Call with credentials toASP.NET Auth Service User:Password: ASP.NET Auth Service Reply contains cookie Service calls + Auth info Browser
Browser-Based Authentication Using Windows Authentication Windows loginUser:Password: YourDomain.com Service calls + Creds Browser
Browser-Based Authentication: Cross-Domain Threat MyBank.com LoginUser:Password: Credentials MyBank.com Auth info (e.g. cookie) Could steal orchange dataif protection wasn’t in place Malicious call + Auth info Malicious application EvilApps.com
Cross-domain access blocked by default • Can enable with “cross-domain policy file” • Browser-Based Auth is only appropriate if • No cross-domain access, or • Access limited to a few trusted domains • If you enable access for “*”: • MUST NOT use a browser-based method • MUST use message-based method instead
Message-Based Authentication Identity managed by Silverlight, not the Browser YourDomain.com User:Password: Creds are added by Silverlight, not browser No creds EvilApps.com Browser
Enabling In-Message Auth: • Option 1: Change the Contract • [OperationContract]public decimal GetAccountBalance(intaccountID, string userName, string password); • Option 2: Automatically inject SOAP headers using WCF Extensibility • See “Message Inspector Sample” for SL2 • Option 3: Built-in Support in Silverlight 3
demo Securing Services withMessage Credentials
Transport With Message Credential Mode <soap:Envelope> <soap:Header><!-- WS-Security Header --> <!-- With UserName, Password, Timestamp --> </soap:Header> <soap:Body><!-- Message Payload --></soap:Body> </soap:Envelope> • Plain-text password sent over the wire • Requires SSL (HTTPS). Restriction is enforced • Timestamp, Lifetime, Max Clock Skew • Simple replay protection • Enforced in both directions (client server) • Default max skew is 5 minutes – may require changes(Client clock can’t be more that 5 minutes out of sync with server)
Performance • Errors / Faults / Debugging • Security • Proxy Creation
Proxy Creation • SL2: Only through Visual Studio • SL3: Command-line Tool available • slsvcutil.exe • Silverlight version of svcutil.exe (simplified) • More flexibility than Add Service Reference
demo Slsvcutil.exe
Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST,XML/JSON,Atom/RSS
Pushing Messages to Silverlight • Useful for real-time interaction (e.g. chat),monitoring (e.g. stock ticker), etc. • “Duplex” feature introduced in Silverlight 2 • Based on “smart polling” • Hard to use in SL2Advanced WCF knowledge required • Significantly simplified in Silverlight 3 Beta1 • May improve even more after the Beta
demo Pushing Data to a Silverlight 3 Client
Using Duplex: Client Side • 1. “Add Service Reference” • 2. Open the Proxy (Config not supported) • May get easier in final SL3 release • 3. Call Methods and Handle Events EndpointAddress address = new EndpointAddress("http://example.com/Service1.svc"); CustomBinding binding = new CustomBinding( new PollingDuplexBindingElement(), new TextMessageEncodingBindingElement( MessageVersion.Soap12WSAddressing10, Encoding.UTF8), new HttpTransportBindingElement());
Using Duplex: Server Side • 1. Define a Service with a Callback Contract • [ServiceContract(CallbackContract=…)] • [OperationContract(IsOneWay=true)] • 2. Implement the service • OperationContext.Current .GetCallbackChannel<ICallbackContract>() • 3. Host the service • No config support • A bit tricky for now – see sample code • May get much easier after Beta1
Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST,XML/JSON,Atom/RSS
Recap: REST in Silverlight 2 • Making requests: • HttpWebRequest • WebClient • Working with XML: • XmlReader / XmlWriter • Linq – to – XML • XmlSerializer • Working with JSON: • System.Json (“Linq – to – JSON”) • DataContractJsonSerializer • Working with RSS/Atom Feeds • System.ServiceModel.Syndication
REST Pain Points • HTTP Stack Restrictions • Usability
REST Services: HTTP Stack • SL3 Beta1 has same capabilities as SL2 • HTTP stack browser restrictions still there • Exploring options to remove these in the future • HTTP stack extensibility added in SL3 • Can “roll your own” stack • E.g. HTML DOM + JavaScript XmlHttpRequest • E.g. Proxied through a Service • These may be released as samples / CodePlex
REST Services: Usability • SL3 has same capabilities as SL2 • “Paste XML as Serializable Types” • Copy: XML or XSD • Paste: Silverlight-compatible types • In “REST Starter Kit, Preview 2” (CodePlex)
demo Paste XML as Serializable Types
Summary Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST,XML/JSON,Atom/RSS
More Information • Team Blog: • http://blogs.msdn.com/SilverlightWS • My Blog: • http://eugeneos.blogspot.com • Samples Will Be Posted At: • http://code.msdn.com/SilverlightWS • REST Starter Kit Preview 2 (for Paste-XML-as-Types): • http://msdn.com/WCF/REST
Please Complete an Evaluation FormYour feedback is important! • Evaluation forms can be found on each chair • Temp Staff at the back of the room have additional evaluation form copies