Exposing Data Using WCF

Shannon RichardsAssociate Principal ConsultantEmail: shannonr@magenic.com

Expectations

» Overview of WCF…» This presentation will set the stage for the following presentations…

» If you’re new to WCF – I hope you walk away excited about how WCF can fit into your projects!

» If you’re experienced with WCF – I hope you pick up on something new!

» Patience is a virtue – You will not become a WCF expert overnight!

SOA Overview

» What is SOA?» Service-oriented architecture…» It is an evolution of distributed computing based on a model of loose

coupling and software composition.» The ubiquity of [and almost universal support for] TCP/IP, HTTP and

XML technologies have created an environment where interoperability through services is achievable.

» Relies on metadata to describe not only the characteristics of services, but also the data that drives them.

SOA Overview – Continued

SOA Overview – Continued

» Why SOA?» The reality of life in modern IT organizations is that infrastructure is

heterogeneous across operating systems, applications, system software and application infrastructure…

» Allows business to leverage existing investments in applications and infrastructure to satisfy evolving business needs:» Wrap existing functionality with services and expose them for consumption by

other applications.» Loose coupling:

» Rather than being bound to an operating system, a development platform or a binary API, SOA defines interactions in terms of contracts and protocols.

» Ability to more quickly adapt as business process inevitably changes:» Services can be rapidly developed, deployed, refactored and consumed by existing

software systems.

WCF

» What is WCF?» Windows Communication Foundation» Microsoft’s framework for building service-oriented applications using .NET» Replaces ASMX technologies and supports a rich set of service features under a

unified programming model:» RPC style service operations» Message style service operations» Authentication/Authorization» Highly extensible framework» Highly configurable framework» Flexible hosting options» Supports multiple communication protocols

WCF Services – ABC’s

» WCF is complex and has many moving pieces but the key to understanding a WCF service is to learn your ABC’s

» Address – Where is the service?» Binding – How do I talk to the service?» Contract – What can the service do for me?

» …A is for address it’s good enough for me, B is for binding it’s good enough for me, C is for contract it’s good enough for me, oh contract-contract-contract starts with “C”

C. Monster May 2, 2012

WCF Services – ABC’s Continued

» Address» A WCF address uniquely identifies the service.» All WCF services are deployed at a specific address, listening at that address for incoming

requests.» Typically expressed as an explicit path or URI with the first part specifying the transport

mechanism and the hierarchical parts specifying the unique location of the service.

[transport]://[machine][:optional port]

http://localhosthttp://localhost:8080http://localhost:8080/SomeServicenet.tcp://localhost:8081/SomeServicenet.pipe://localhost/Pipe

WCF Services – ABC’s Continued

» Binding» Bindings are used to specify the transport, encoding and protocol details required for clients and services to communicate with

each other.» Bindings are what WCF uses to generate the underlying wire representation of the endpoint.

» Some common bindings include:» BasicHttpBinding:

» Represents a binding that a service can use to configure and expose endpoints that are able to communicate with ASMX-based Web services and clients and other services that conform to the WS-I Basic Profile 1.1.

» WSHttpBinding:» Represents an interoperable binding that supports distributed transactions and secure, reliable sessions.

» NetTcpBinding:» A secure, reliable binding suitable for cross-machine communication. Binary message encoding ensures maximum

performance.» Additional bindings include: BasicHttpContextBinding, BasicHttpContextBinding, WS2007HttpBinding,

WSHttpContextBinding, WSDualHttpBinding, WebHttpBinding, WS2007FederationHttpBinding, WSFederationHttpBinding, NetTcpContextBinding, NetPerrTcpBinding, NetNamedPipeBinding, NetMsmqBinding, MsmqIntegrationBinding

» If none of the OOB bindings meet your needs you can roll your own custom binding.» A binding consists of an ordered set of binding elements stacked on top of each other. Each binding element is responsible for

some aspect of message processing: Encoding, Transport etc.

WCF Services – ABC’s Continued

» Contract» A WCF contract is a platform-neutral and standard way of describing what the service does.» A WCF service communicates with other applications according to its contracts.

» There are several types of WCF contracts:» Service Contract:

» Marks an interface as a service contract.» Operation Contract:

» Marks a method on the service contract as being a service method.» Data Contract:

» Marks a type as a data contract for use as parameters or return values.» RPC style messaging.

» Message Contract:» Marks a type as a message contract for user as parameters or return values.» Message style messaging.

» Fault Contract:» Marks a type as a fault.» Service operations must advertise the types of faults they can throw so clients can more easily respond to service exceptions using

typed exceptions.

WCF Services – Channel Stack

Building WCF Services» RPC Style:

» Based on data contracts that describe the data to be exchanged between a service and client.» Primitive .NET types such as integers and strings will be automatically serialized by the built in Data

Contract Serializer.» User defined complex types must have a data contract defined for them so that they can be serialized

by WCF.

» Message Style:» Based on message contracts where you want complete control over the structure of the SOAP message:

» Headers, body elements etc.» Important when interoperability is paramount or security needs to be controlled at the message or

message part level.» Can sign and encrypt header or body elements etc.

» Cannot mix data contracts and message contracts in service operations. If you use a message contract anywhere in the service operation you must exclusively use message contract:» Operation parameters and return values.

Demo 1 – WCF Contracts

» RPC Style Messaging:» ServiceContract» DataContract» DataMember

» Message Style Messaging:» MessageContract» MessageHeader» MessageBodyMember» Message/Data Contract Hybrid?

WCF Diagnostics» WCF provides a rich set of functionalities that can help you monitor the different

stages of an application’s life.

» Seamless debugging in VS2010

» Message tracing and logging are available to follow activities end-to-end in your application.

» Large set of performance counters to help you gauge your application's performance.

» Exposes inspection data of a service at runtime through a WCF Windows Management Instrumentation (WMI) provider.

» When the application experiences a failure or starts acting improperly, you can use the Event Log to see if anything significant has occurred.

Demo 2 – WCF Message Logging

» Configuring WCF Logging:» Web/App.config files» Configuration Editor (SvcConfigEditor.exe)

» Viewing Service Logs:» Service Trace Viewer (SvcTraceViewer.exe)

Hosting WCF Services

» IIS» Traditional way of hosting a web service.» Provides many useful out of the box features including:

» Process recycling, idle shutdown, process health monitoring, message-based activation, high availability, easy manageability and versioning.

» Suitable for enterprise situations.

» WAS: Windows Process Activation Services» WAS is the new process activation mechanism for Windows Server 2008 that is also available on Windows

Vista and Windows 7. » Is part of IIS7, but can be installed and configured separately.» Can be used with any of the available WCF transports, ports and queues.» Applications that use non-HTTP communication protocols can benefit from IIS features like process recycling,

rapid fail protection and the common configuration systems which were previously available to only HTTP-based applications.

» Suitable for enterprise situations.

Hosting WCF Services - Continued

» Windows Service Hosting» The WCF service is hosted in a process managed by the operating system.» Provides a limited set of out-of-the-box features to support high availability, easy manageability, versioning

and deployment scenarios.

» Self Hosting» Service runs as a standalone application and controls its own lifetime:

» WinForms application» Console application

» Most flexible and easiest way of hosting a WCF service.» Availability and features are limited.» Not suitable for enterprise situations.

Securing WCF Services

» Authentication» Verifying that you are who you say you are!» Internally best facilitated using Active Directory:

» Credentials cached in the users logon process, automatically passed to the service - Windows Integrated Security.

» Externally best facilitated using forms authentication:» Not practical to add external users to your Active Directory.» Clients responsibility to provide credentials to the service.

Securing WCF Services – Continued

» Authorization» Verifying that you are allowed to do what you want to do!

» Typically facilitated using roles» WCF can use .NET declarative security to associate roles with operations:» Windows Token Role Provider

» Internal Active Directory» ASP.NET Role Provider

» Public internet facing» Authorization Store Role Provider

» Roles stored in AD or XML files

Securing WCF Services – Continued

Transport Level Security» Provides Point-To-Point security» Does not require that the communicating parties understand XML-level security

concepts. This can improve the interoperability, for example, when HTTPS is used to secure the communication.

» Typically faster since it can rely on hardware support for computationally intensive encryption operations.

» Transport level authentication checks are enforced before the client sends a message [Negotiation] so failures can be detected sooner.

» Streaming is possible.» Main disadvantage over MLS is that by the time the service has received the message it

has already been decrypted – If the service is an intermediary service that simply forwards the request potentially sensitive data could be exposed or modified on the intermediary server.

»Regarding configuration, the important part is that the client and service agree on the encryption mechanism!

Securing WCF Services – Continued

» Message Level Security» Provides End-To-End security» Uses the WS-Security specification to secure messages. The WS-Security

specification describes enhancements to SOAP messaging to ensure confidentiality, integrity, and authentication at the SOAP message level.

» Requires implementation of XML-level security mechanisms and support for WS-Security specification. This might affect the interoperability.

» Message security differs from transport security by encapsulating the security credentials and claims with every message along with any message protection (signing or encryption)

» Slower than transport level security.» Cannot use message streaming.

» Regarding configuration, the important part is that the client and service agree on the encryption mechanism!

Demo 3 – Hosting/Securing WCF Services

» Hosting a service in IIS7» Examining the .svc file» Fileless Service Activation

» Hosting a service in WAS» netTcpBinding» Requiring Windows credentials» Turning on message level security

» Declarative service operation security

Consuming WCF Services

» Service Reference» Simplest and most common way to access one or more WCF services.» Functionality provided by the Visual Studio IDE.» Handles the creation the client proxy and required “plumbing”.

» ServiceModel Metadata Utility Tool (svcutil.exe)» Command line tool that can import a service's metadata to generate WCF client code (proxy classes).» Similar to Channel Factory approach except that the interface is inferred from the metadata from your WCF

service.» Part of the Windows SDK.

» Channel Factory (ChannelFactory<T>)» Used to invoke operations on the service on the fly without generating and using service proxy.» Some knowledge of WCF internals is required.» Allows for more control over service invocation since class can be shared.

Demo 4 – Consuming WCF Services

» Using ChannelFactory<T>» Accessing service object behaviors

WCF Extensibility

» The Windows Communication Foundation (WCF) application model is designed to solve the greater part of the communication requirements of any distributed application.

» The WCF extensibility model is intended to support custom scenarios by enabling you to modify system behavior at every level, even to the point of replacing the entire application model.

WCF Extensibility – Continued» Application Runtime:

» Extends the dispatching and the processing of messages for the application. Includes:» Security system» Metadata system» Serialization system» Bindings and binding elements (Connect the application with the underlying channel

system)

» Channel and Channel Runtime:» Extends the system that functions at the message level

» Providing protocol, transport, and encoding support.

» Host Runtime:» Extends the relationship of the hosting application domain to the channel

and application runtime.

Demo – Extending WCF

» Endpoint extensibility walkthrough» Implementing a custom parameter inspector

WCF Resources

» Beginners Guide to WCF» http://msdn.microsoft.com/en-us/netframework/aa663324.aspx

» WCF Feature Details» http://msdn.microsoft.com/en-us/library/ms733103.aspx

» WCF and Service-Oriented Architectures» http://visualstudiomagazine.com/articles/2011/06/01/pcnet_wcf-and-soa.aspx

» WCF 4.0 Glossary» http://msdn.microsoft.com/en-us/library/dd456781.aspx