Web Services Enhancements 2.0 Mike Taulty Developer & Platform Group Microsoft Ltd mtaulty@microsoft.com http://mtaulty.com
Agenda Backgrounder WSE 2.0 Essentials Resources What is it? Functionality Security, Policy, Attachments, Transports, Routing Architecture Resources
Core Web Service Stack Application Application Discovery UDDI Description Packaging Data Protocol UDDI WSDL SOAP XML HTTP Application
ASP.NET Web Services IIS Web Server Client ASP.NET Web Service Class ASMX File Web Service Class Web Method A Web Method B Web Method C Client GET WSDL Document WSDL Document WSDL Proxy Class SOAP/HTTP Soap Extension SOAP/HTTP
Web Services Architecture Core web services stack & ASP.NET provide a set of basic building blocks Extensible messaging, description, discovery Real-world distributed systems need more capabilities Security Reliability etc More building blocks! Discovery Description Packaging Data Protocol UDDI WSDL SOAP XML HTTP
Web Services Architecture Driven through standards WS-* standards – e.g. WS-Security Microsoft working with IBM, BEA and others Standards are ‘baked’ and then ratified through bodies such as OASIS, W3C Architectural approach Modular and composable General purpose B2B, EAI, Mobile Devices Interoperable
Agenda Backgrounder WSE 2.0 Essentials Resources What is it? Functionality Security, Policy, Attachments, Transports, Routing Architecture Resources
Web Services Enhancements Addition to VS.NET and .NET Framework Provides new functionality SOAP Messaging Addressing, Security, Policy, Attachments, etc. Implementing Web Service standards (WS-*) Possibility of not involving IIS TCP and In-Process transports Download V2.0 from MSDN Support is as for .NET Framework 1.1
Enabling WSE 2.0 Mike’s Demo Plan for this; Create an ASMX web service – e.g. maybe make a simple service that adds a couple of numbers together. Create a client for that web service. Make sure that works Alter the service to include support for WSE (through the tickbox), show the config file to illustrate what’s happening Show the client still works Alter the client to include support for WSE (through the tickbox). Show the client still works. Update the web reference in the client and show that there is now a second proxy class included (XXXWse) and that it has some new properties on it. Show that we can replace the original proxy used now with the WSE version and everything still works.
Programming WSE Key object is the SoapContext Request SoapContext Body Headers Request SoapContext Client Service Response SoapContext Body Headers Response SoapContext
Programming WSE How to get your SoapContext On the server side; RequestSoapContext.Current ResponseSoapContext.Current On the client side; MyProxy.RequestSoapContext My.ResponseSoapContext Working directly with a SOAP Envelope; MyEnvelope.Context
Agenda Backgrounder WSE 2.0 Essentials Resources What is it? Functionality Security, Policy, Attachments, Transports, Routing Architecture Resources
Securing Messages with WSE Security features Authentication Security Token propagation User names, Kerberos, X509 Certificates Digital Signing of message contents Digital Encryption of message contents Implements specifications WS-Security WS-SecureConversation WS-Trust
Securing SOAP Messages with Code Mike’s Demo Plan for this; Take the projects that we produced in the previous demo and start adding security features to them. First thing to do is to add code on the server side that checks for a username token. If that token’s not there then we’ll bounce the request – just throw a random Exception of some sort. Now show that the client no longer works. Now set about fixing the client. Set up the client so that it includes a Username token and passes that across the wire. Show that the client now won’t work because the server is taking the default action with the username token (i.e. trying to call LogonUser with it). Show that we can override that default behaviour on the server side by introducing a tokenmanager that does something else. Show that we can now get the client to work. Go further to show that we can also now sign the data that goes across the wire. Go further to show that we can also encrypt the data that goes across the wire. Don’t forget the WSE Tracing Tool (http://mtaulty.com/blog/archive/2004/05/25/433.aspx)
Policy WSDL describes a web service Operations, Messages, Types, etc A client may need a lot more metadata before it can talk to a service Hours of operation? Charging model? Security requirements? Message data requirements? Web Service Policy deals with describing this additional metadata
Policy WSE implements the WS-Policy specification Assertions around Policy modelled as a set of assertions Implements WS-SecurityPolicy Assertions around Tokens, Signature, Encryption, Message Age Can add custom assertions Example from MSDN Magazine
Security through Policy Mike’s Demo Plan; Idea here is to rip out the “security code” that we put into the last demo and replace it with policy instead. Problem with using policy here is it’d be nice to show X509/Kerberos stuff but it’s hard to show in demos. Continue with the user name token. Rip out the code that we put into the client and service. Make sure everything works once more without any security stuff. Now, go use the policy editor for the service to switch on requiring a Username based signature (not encryption – the wizard doesn’t help you here) Show the client now won’t work because policy isn’t matched. Fix the client by running the wizard on the client and setting up the flip-side of the server policy. Show the client still doesn’t run because we haven’t actually supplied the user-name token on the client side so it doesn’t know how to enforce policy for messages on the way out. Finally – supply the user name token on the client side and show that things work. Show the messages being traced – show that we are signing the message as it goes out without any code.
Working with Attachments WSE2.0 implements the WS-Attachments specification Allows passing of files as attachments to SOAP messages Implemented through use of the DIME protocol Other approaches are out there – SwA, MTOM, etc.
Working with attachments Mike’s Demo Plan; Take the existing service. Change the “GetPerson” method on it in order to return a picture file as an attachment Make sure to set the attachment type to something like “image/jpg” Make sure to disable policy on the web service. Build a new windows forms client which then displays the picture on the screen.
Transports WSE has support for SOAP messaging over non-HTTP transports TCP transport between processes In-Proc transport inside a process (unsupported) Removes the need for IIS for certain scenarios Two programming models for this functionality; “High level” – SoapClient/SoapService “Low level” – SoapSender/SoapReceiver Can also write your own
Working with different transports Mike’s Demo Plan; Build a whole new web service – just make a console app Derive from SoapService – put a simple method on there (remember the constraint around 1 parameter!) Build a client Show that the client needs a proxy and we have to go to WSEWSDL2.EXE to get it. Make it work.
Routing SOAP Messages Sometimes the direct recipient is not the final recipient WSE implements WS-Referral
Agenda Backgrounder WSE 2.0 Essentials Resources What is it? Functionality Security, Policy, Attachments, Transports, Routing Architecture Resources
WSE Architecture - Filters ASP.NET ASMX Web Service Handler WSE Soap Extension Security Referral Policy Tracing Custom WSE Filters Web Service Class Web Method A Web Method B Web Method C Invoke Method Return results Config Soap Extension
Agenda Backgrounder WSE 2.0 Essentials Resources What is it? Functionality Security, Policy, Attachments, Transports, Routing Architecture Resources
Resources Developer Web Casts Web Services Urls www.microsoft.com/uk/MSDN Web Services Urls http://msdn.microsoft.com/webservices/understanding/default.aspx http://msdn.microsoft.com/webservices http://msdn.microsoft.com/xml http://uddi.microsoft.com http://www.ws-i.org http://www.oasis-open.org http://msdn.microsoft.com/Longhorn/understanding/pillars/Indigo/default.aspx http://www.w3c.org
© 2004 Microsoft Limited. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.