1. 1.NET Web Forms Web Services © 2002 by Jerry Post

2. 2 Web Service Principles  Primary goal: small independent programs that can be called to perform a task or deliver data by other programs on diverse machines, all using Web transfers and standard protocols.  Accessible by URL  Data transfer by XML, preferably over HTTP  XML Schemas to define data structures  SOAP to handle activation  Registered on a public registry, with descriptive information to enable its use  Universal Description, Discovery, and Integration (UDDI)  Web Services Description Language (WSDL) Esposito, Ch. 9, p. 285-315; Short, 2002.

3. 3 Web Services Perspective User: Browser Primary application Legacy data Service: data analysis HTML XML

4. 4 Web Service Structure  Your Web service  Receives a request via HTTP  It might contain data within an XML transfer  Your code performs some action (e.g., look up data)  And returns an XML result  It will be name something.ASMX

5. 5.NET Web Services  Create a new class that inherits from System.Web.Services.WebService  WebService Attribute  Not required, but used by WSDL to document your service.  Name = “”  Description=“”  Namespace=“”usually your url, but could be anything unique [WebService(Namespace=“something/whatever”, Name=“MyService”, Description=“Sample test service”)] Public Class MyService1 Inherits WebService … End Class

6. 6 WebMethod  A Web Method is a function performed by your service. It must be declared as a WebMethod to be accessible. [WebMethod(MessageName=“GetProductList”, CacheDuration=60, Description=“Main item list.”)] Public Function GetProducts() As DataSet … End Function [WebMethod(MessageName=“GetOneProduct”, Description=“Detailed information about one item.”)] Public Function GetProducts(ByVal ItemID As Integer) As DataSet … End Function

7. 7 WebMethod Properties  BufferResponse (true by default)  CacheDuration (seconds to hold in memory)  Description (mostly for WSDL)  EnableSession (false by default, avoid because it might require cookies)  MessageName (Lets you expose a different name to the public)  TransactionOption (activates transaction support)

8. 8 Invoking a Web Service  Three methods  POST command that contains a SOAP request  POST command specifying method name and parameters  GET command with URL specifying method name and parameters POST URL, etc 15 POST URL/MyService.asmx/GetOneProduct ItemID=15 GET URL/MyService.asmx/GetOneProduct?ItemID=15

9. 9 Handling the Response  Your calling application receives a response as an HTTP return packet. If you use SOAP, you get SOAP back, otherwise, straight XML. HTTP/1.1 200 OK Content-Type: text/xml; charset=utf-8 Content-Length: (some number) (schema info) (XML version of the DataSet)

10. 10 Proxy Class within.NET  Once the service is created (or known), you can create a proxy class and install it in your application. Your application will then build all of the code needed to cal the Web service and process the results. You treat it as if it were a simple class (but remember the round-trip delay to go get the data).  Find or build the original service.  On your application machine, create a proxy class--command line: wsdl.exe /out:MyService1Proxy.vb /namespace:ServiceNameSpace /language:VB url  Add the resulting class to your project, by adding a Reference within the page where you want to use it Dim ds As DataSet = New DataSet() Dim srv As Namespace.MyService1 = new Namespace.MyService1() Ds = srv.GetOneProduct(15)

11. 11 Web Service Security: Authentication  Three built-in possibilities by inheriting from WebService, and can be set in web.config file:  Windows integrated (default)  Form-based  Microsoft passport (requires payment to Microsoft)  Usually easier (and cheaper) to create your own table of users and authenticate against it. As a service, users would have to call a logon method first, which would give them an encrypted token. Other method requests would require (and test) the token.

12. 12 Summary  Web service technologies are relatively standardized and can be built using diverse technologies.  Authentication is still an issue because there are no accepted standards.  Finding useful commercial ideas appears to be difficult.  Charging for commercial services is going to be a nightmare for a while (except maybe as a monthly service).  But Web Services are great for internal use, because it separates applications, and makes it much easier to centralize some data.  Academic example: there should be only one student database. All other applications should be able to send a Student ID and get whatever student data they need and are authorized to see.