Web Services Enhancements 2.0

Slides:



Advertisements
Similar presentations
Siebel Web Services Siebel Web Services March, From
Advertisements

cetis Really Complex Web Service Specifications Scott Wilson.
SOAP : Simple Object Access Protocol
Web Services Nasrullah. Motivation about web service There are number of programms over the internet that need to communicate with other programms over.
Building and Using Web Services with ASP.NET Rob Howard Program Manager.NET Framework Team Microsoft Corp.
XML Web Services in Visual Studio ®.NET NameTitleCompany.
Extending Web Applications with Web Services Mike Taulty Developer & Platform Group Microsoft Ltd
Web Services (ASMX 2.0 and WSE 3.0) Mike Taulty Developer & Platform Group Microsoft Ltd
Prashanth Kumar Muthoju
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Web Service Standards, Security & Management Chris Peiris
XML Web Services in Visual Studio.NET Peter Ty Developer Evangelist.NET and Developer Group.
Lecture 15 Introduction to Web Services Web Service Applications.
Dynamics AX TAP Knowledge Transfer Wave 2. Application Integration Framework (AIF) Overview Dean WiermanSøren Vagn Andersen Lead Program ManagerProgram.
Web Services based e-Commerce System Sandy Liu Jodrey School of Computer Science Acadia University July, 2002.
Web Services Standards. Introduction A web service is a type of component that is available on the web and can be incorporated in applications or used.
XML Web Services Architecture Siddharth Ruchandani CS 6362 – SW Architecture & Design Summer /11/05.
WS-Security Protocol Ramkumar Chandrasekharan CS 265.
Random Logic l Forum.NET l Web Services Enhancements for Microsoft.NET (WSE) Forum.NET ● October 4th, 2006.
Developing Web Services Using ASP.NET and WSE That Interoperate with the Windows Communications Foundation ("Indigo") Mark Fussell COM432 Lead Program.
Web Services Presented By : Noam Ben Haim. Agenda Introduction What is a web service Basic Architecture Extended Architecture WS Stacks.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 Customization Using Interceptors Using an interceptor-based framework for providing customized client-side.
Copyright © 2013 Curt Hill SOAP Protocol for exchanging data and Enabling Web Services.
XML and Web Services (II/2546)
Kemal Baykal Rasim Ismayilov
Agenda What Is the Windows Communication Foundation? How Does It Work? How Do I Use and Deploy It? Bindings Addresses Contracts How to host WCF services.
Web Services Security Patterns Alex Mackman CM Group Ltd
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Web Services An Introduction Copyright © Curt Hill.
BEA position on W3C ‘Web Services’ Standards Jags Ramnarayan 11th April 2001.
INFSO-RI Enabling Grids for E-sciencE Web Services Mike Mineter National e-Science Centre, Edinburgh.
Introduction to.NET FX 3.0 (+ sneak preview of.NET FX 3.5) Martin Parry Developer & Platform Group Microsoft Ltd
Introduction to.NET Building.NET Applications Mike Taulty Developer & Platform Group Microsoft Ltd
EGEE is a project funded by the European Union under contract IST Introduction to Web Services 3 – 4 June
Web Services Security Mike Shaw Architectural Engineer.
1 WS-Security Yosi Taguri Microsoft Israel
Windows Communication Foundation and Web Services
Jim Fawcett CSE681 – SW Modeling & Analysis Spring 2005
Introduction to Windows Azure AppFabric
5/25/2018 2:39 AM © 2006 Microsoft Corporation. All rights reserved.
Sabri Kızanlık Ural Emekçi
A Web Services Journey on the .NET Bus
WEB SERVICES.
HMA Identity Management Status
Increasing Profitability by Exposing or Consuming XML Web Services
Web Service Interview/VIVA
ASP.NET Web Forms and Web Services
2007 Office System Integration
Web Services UNIT 5.
Windows Communication Foundation and Web Services
INTRODUCTION TO WEB SERVICES CS 795. What is a Web Service ? Web service is a means by which computers talk to each other over the web using HTTP and.
Implementing a service-oriented architecture using SOAP
The future of distributed systems architecture
Security & .NET 12/1/2018.
WSE 3.0 的网络服务安全 Security in WSE 3.0 Hongmei Ge Con321
W3C Workshop WS-Policy in the Web Service Architecture
Tim Bornholtz Director of Technology Services
TechEd /22/2019 9:22 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Deepak Shenoy Agni Software
Experiences in Deploying Services within the Axis Container
Introduction to Web Services
Distributed Applications on Windows Vista
The SOAP Story Martin Parry Developer & Platform Group Microsoft Ltd
Techniques to Invoke Web Services from SAS
Presentation transcript:

Web Services Enhancements 2.0 Mike Taulty Developer & Platform Group Microsoft Ltd mtaulty@microsoft.com http://mtaulty.com

Agenda Backgrounder WSE 2.0 Essentials Resources What is it? Functionality Security, Policy, Attachments, Transports, Routing Architecture Resources

Core Web Service Stack Application Application Discovery UDDI Description Packaging Data Protocol UDDI WSDL SOAP XML HTTP Application

ASP.NET Web Services IIS Web Server Client ASP.NET Web Service Class ASMX File Web Service Class Web Method A Web Method B Web Method C Client GET WSDL Document WSDL Document WSDL Proxy Class SOAP/HTTP Soap Extension SOAP/HTTP

Web Services Architecture Core web services stack & ASP.NET provide a set of basic building blocks Extensible messaging, description, discovery Real-world distributed systems need more capabilities Security Reliability etc More building blocks! Discovery Description Packaging Data Protocol UDDI WSDL SOAP XML HTTP

Web Services Architecture Driven through standards WS-* standards – e.g. WS-Security Microsoft working with IBM, BEA and others Standards are ‘baked’ and then ratified through bodies such as OASIS, W3C Architectural approach Modular and composable General purpose B2B, EAI, Mobile Devices Interoperable

Agenda Backgrounder WSE 2.0 Essentials Resources What is it? Functionality Security, Policy, Attachments, Transports, Routing Architecture Resources

Web Services Enhancements Addition to VS.NET and .NET Framework Provides new functionality SOAP Messaging Addressing, Security, Policy, Attachments, etc. Implementing Web Service standards (WS-*) Possibility of not involving IIS TCP and In-Process transports Download V2.0 from MSDN Support is as for .NET Framework 1.1

Enabling WSE 2.0 Mike’s Demo Plan for this; Create an ASMX web service – e.g. maybe make a simple service that adds a couple of numbers together. Create a client for that web service. Make sure that works Alter the service to include support for WSE (through the tickbox), show the config file to illustrate what’s happening Show the client still works Alter the client to include support for WSE (through the tickbox). Show the client still works. Update the web reference in the client and show that there is now a second proxy class included (XXXWse) and that it has some new properties on it. Show that we can replace the original proxy used now with the WSE version and everything still works.

Programming WSE Key object is the SoapContext Request SoapContext Body Headers Request SoapContext Client Service Response SoapContext Body Headers Response SoapContext

Programming WSE How to get your SoapContext On the server side; RequestSoapContext.Current ResponseSoapContext.Current On the client side; MyProxy.RequestSoapContext My.ResponseSoapContext Working directly with a SOAP Envelope; MyEnvelope.Context

Agenda Backgrounder WSE 2.0 Essentials Resources What is it? Functionality Security, Policy, Attachments, Transports, Routing Architecture Resources

Securing Messages with WSE Security features Authentication Security Token propagation User names, Kerberos, X509 Certificates Digital Signing of message contents Digital Encryption of message contents Implements specifications WS-Security WS-SecureConversation WS-Trust

Securing SOAP Messages with Code Mike’s Demo Plan for this; Take the projects that we produced in the previous demo and start adding security features to them. First thing to do is to add code on the server side that checks for a username token. If that token’s not there then we’ll bounce the request – just throw a random Exception of some sort. Now show that the client no longer works. Now set about fixing the client. Set up the client so that it includes a Username token and passes that across the wire. Show that the client now won’t work because the server is taking the default action with the username token (i.e. trying to call LogonUser with it). Show that we can override that default behaviour on the server side by introducing a tokenmanager that does something else. Show that we can now get the client to work. Go further to show that we can also now sign the data that goes across the wire. Go further to show that we can also encrypt the data that goes across the wire. Don’t forget the WSE Tracing Tool (http://mtaulty.com/blog/archive/2004/05/25/433.aspx)

Policy WSDL describes a web service Operations, Messages, Types, etc A client may need a lot more metadata before it can talk to a service Hours of operation? Charging model? Security requirements? Message data requirements? Web Service Policy deals with describing this additional metadata

Policy WSE implements the WS-Policy specification Assertions around Policy modelled as a set of assertions Implements WS-SecurityPolicy Assertions around Tokens, Signature, Encryption, Message Age Can add custom assertions Example from MSDN Magazine

Security through Policy Mike’s Demo Plan; Idea here is to rip out the “security code” that we put into the last demo and replace it with policy instead. Problem with using policy here is it’d be nice to show X509/Kerberos stuff but it’s hard to show in demos. Continue with the user name token. Rip out the code that we put into the client and service. Make sure everything works once more without any security stuff. Now, go use the policy editor for the service to switch on requiring a Username based signature (not encryption – the wizard doesn’t help you here) Show the client now won’t work because policy isn’t matched. Fix the client by running the wizard on the client and setting up the flip-side of the server policy. Show the client still doesn’t run because we haven’t actually supplied the user-name token on the client side so it doesn’t know how to enforce policy for messages on the way out. Finally – supply the user name token on the client side and show that things work. Show the messages being traced – show that we are signing the message as it goes out without any code.

Working with Attachments WSE2.0 implements the WS-Attachments specification Allows passing of files as attachments to SOAP messages Implemented through use of the DIME protocol Other approaches are out there – SwA, MTOM, etc.

Working with attachments Mike’s Demo Plan; Take the existing service. Change the “GetPerson” method on it in order to return a picture file as an attachment Make sure to set the attachment type to something like “image/jpg” Make sure to disable policy on the web service. Build a new windows forms client which then displays the picture on the screen.

Transports WSE has support for SOAP messaging over non-HTTP transports TCP transport between processes In-Proc transport inside a process (unsupported) Removes the need for IIS for certain scenarios Two programming models for this functionality; “High level” – SoapClient/SoapService “Low level” – SoapSender/SoapReceiver Can also write your own

Working with different transports Mike’s Demo Plan; Build a whole new web service – just make a console app Derive from SoapService – put a simple method on there (remember the constraint around 1 parameter!) Build a client Show that the client needs a proxy and we have to go to WSEWSDL2.EXE to get it. Make it work.

Routing SOAP Messages Sometimes the direct recipient is not the final recipient WSE implements WS-Referral

Agenda Backgrounder WSE 2.0 Essentials Resources What is it? Functionality Security, Policy, Attachments, Transports, Routing Architecture Resources

WSE Architecture - Filters ASP.NET ASMX Web Service Handler WSE Soap Extension Security Referral Policy Tracing Custom WSE Filters Web Service Class Web Method A Web Method B Web Method C Invoke Method Return results Config Soap Extension

Agenda Backgrounder WSE 2.0 Essentials Resources What is it? Functionality Security, Policy, Attachments, Transports, Routing Architecture Resources

Resources Developer Web Casts Web Services Urls www.microsoft.com/uk/MSDN Web Services Urls http://msdn.microsoft.com/webservices/understanding/default.aspx http://msdn.microsoft.com/webservices http://msdn.microsoft.com/xml http://uddi.microsoft.com http://www.ws-i.org http://www.oasis-open.org http://msdn.microsoft.com/Longhorn/understanding/pillars/Indigo/default.aspx http://www.w3c.org

© 2004 Microsoft Limited. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.