210 likes | 357 Views
Web Services Enhancements. GXA. Global XML Architecture variety of proposed new standards in the area of Web services interoperability A fair number of big corporate players are cooperating behind the curtain of GXA, including Microsoft and IBM. Advanced WS protocols.
E N D
GXA • Global XML Architecture • variety of proposed new standards in the area of Web services interoperability • A fair number of big corporate players are cooperating behind the curtain of GXA, including Microsoft and IBM
Advanced WS protocols • Designed to add common infrastructure capabilities to basic WS stack • Built on existing foundation of XML, SOAP, XML Schema, and WSDL • Uses standard extensibility points • Protocols being standardized for interop
Protocol domains Advanced Protocols Security Transactions ReliableMessaging Metadata Messaging SOAP, XML, WSDL Internet Transports
WSE 1.0 • Simple framework layered on ASP.NET Web Services • Support for… • WS-Security • WS-Routing/Referral • WS-Attachments/DIME
WSE 2.0 • Extended security support • WS-SecureConversation, WS-Trust • Improved token management • Protection from replay attacks • New WS-Policy support • Extended messaging support • WS-Addressing supplants WS-Routing
ASP.NET and WSE • ASP.NET provides support for basic Web services • Only the base-line protocols • Only RPC programming model • Web Services Enhancements (WSE) add-on provides advanced features on top of ASP.NET • Latest protocols, like WS-Security • A messaging programming model
How WSE works • Core WSE functionality implemented as input and output filters Client Server Output Filters Input Filters Input Filters Output Filters
The Pipeline • Use of IO filters encapsulated by pipeline class • Pipeline can be extended with custom filters • Pipeline can be configured per-proxy or per-process
Output Filter Input Filter Output Filter Input Filter Output Filter Input Filter Server integration HttpContext.Current Http- Context Web Service Http- Request Soap- Context Pipeline WebServicesExtension Http- Response Soap- Context ResponseSoapContext.Current RequestSoapContext.Current
Server integration public class Service1 : WebService{ // WebServiceExtension runs gives pipeline a // chance to process messages [WebMethod] public String GetMessage() { SoapContext reqCtx = RequestSoapContext.Current; if (reqCtx == null) throw new ApplicationException("SOAP only!"); DateTime created = reqCtx.Timestamp.Created; return c.Envelope.InnerXml; } } <%@ WebService class="Service1, SampDll" %>
Server configuration • WebServicesExtension must be configured to process messages(if not SoapContext == null) <configuration> <system.web> <webServices> <soapExtensionTypes> <add type="Microsoft.Web.Services.WebServicesExtension, Microsoft.Web.Services,Version=2.0.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35" priority="1" group="0"/> </soapExtensionTypes> </webServices> </system.web> ...</configuration>
Proxy integration • WebServicesClientProtocol is new proxy base class • Output filters process request messages • Input filters process response messages • RequestSoapContext property exposes protocol settings for next message sent • ResponseSoapContext property exposes protocol settings for last message received
Output Filter Input Filter Output Filter Input Filter Output Filter Input Filter Proxy integration SoapContext RequestSoapContext ProxyClass SoapWeb- Request Pipeline WebServices- ClientProtocol SoapWeb- Response SoapContext ResponseSoapContext
Proxy integration static void Main() { // create WebServicesClientProtocol-derived // proxy class Service1Wse proxy = new Service1Wse(); // WebServiceClientProtocol gives pipeline // a chance to filter messages Console.WriteLine(proxy.GetMessage()); }
WS-Security • Defines a framework for building security protocols using existing protocols • Propagation of security tokens • Integrity via XML Signature • Confidentiality via XML Encryption • Framework designed for end-to-end security of SOAP messages • From initial sender, through 0-n intermediaries to ultimate receiver
Simple Example (Server) [WebMethod] public string HelloWorld() { string x=""; SoapContext c=RequestSoapContext.Current; foreach(SecurityToken s in c.Security.Tokens) if(s is UsernameToken) x=((UsernameToken)s).Password; if(x!="12345") throw new ApplicationException(“error"); return "Hello World "; }
Client Service1Wse s=new Service1Wse(); s.RequestSoapContext.Security.Tokens.Add( new UsernameToken( "avi“ ,"12345“, PasswordOption.SendPlainText)); x=s.HelloWorld();
WSE 2.0 Messaging • WSE 2.0 provides a flexible API for sending and receiving SOAP messages • in-process • TCP • HTTP • Basic functionality: • SoapSender • SoapReceiver • Higher-level API • SoapClient and SoapService classes