service - SQL.ru

Download Report

Transcript service - SQL.ru

WEB404
ASP.NET Web Service Internals
“I didn’t know you could do that!”
Clemens Vasters
([email protected])
newtelligence AG
In an ideal world …
… there would only be XML superheroes …
SOAPERMAN
… like this guy.
However …
Many developers …
Ooops!
Many developers …
… need help and easy-to-use tools …
… and that‘s true for very many.
ASP.NET Bigotry – The Good
Very simple: You just write classes and methods
Simple enough for everybody
Write, compile, done
The WSDL contract is generated on the fly
Wire format is rendered on the fly
Proxies are automatically code-generated
ASP.NET Bigotry – The Bad
Too simple: You just write classes and methods
Suggests that a Web Service is just like anything
else
The WSDL contract is generated on the fly
Contract should dominate the programming model
Wire format is rendered on the fly
Somewhere in deep inside the infrastructure
Proxies are automatically code-generated
Hard to maintain customized versions
The Middle Ground
Many developers need simplicity
They have no time to deal with XML philosophy
They have no time to carefully craft Schema and
WSDL
They have no time to even learn Schema or WSDL
They have even less time to deal with GXA, etc.
Whether we like it or not …
… the programming model must be kept easy
… it's hard to move from RPC to messages
Bridging the gap is an infrastructure job.
[CheckArguments]
Data
Authentication
Transactions
Monitoring
Validation
and
and
and
and
Authorization
Diagnostics
Reliability
Security
[TipTransaction]
[PrincipalPermission]
[ExceptionMonitor][MethodStatistics]
[WebMethod]
public string MakeReservation(
[MinLength(8), MaxLength(8)] string FlightCycleId,
[Between(1,100)] int Row,
[Between('A','K')] char Seat,
[Match(@"[A-Z]")] string Fare,
[MinLength(1),MaxLength(80)] string FirstName,
[MinLength(1),MaxLength(80)] string LastName,
[OneOf("MR","MRS")] string Title,
[Match(@"[0-9]*"),MaxLength(20)] string CustomerCode)
Building A Pipeline

Identity

Timestamp

Signature

etc

Authentication

User
access to
service
WebMethod
Access
Control
Transport
Runtime
Logging,
Monitoring
Usage
Control

Signature
Conversation
Managmt.
WSE Pipeline stages and
SOAP extensions
HTTP Infrastructure
Logging,
Monitoring
Access
Decrypt
Accounting

Timestamp

Billing

Statistics

Royalties

Availability

Performance
Encrypt

Encryption
Conversation
Managmt.

Asynch.
messaging
support

Queuing
Service
Implementation
ASP.NET Runtime Environment
HTTP Request
Host environment:
IIS with authentication infrastructure
and additional ISAPI filters for
compression, etc.
ASP.NET hooked into IIS via ISAPI
Filter and Extension for .asmx
extension (customizable)
ASP.NET: Managed runtime running as
separate process. Processes IIS
requests asynchronously. Doesn't tie
up IIS threads.
HTTP Module chain allows for raw data
filtering and processing. Modules are
hooked in as callbacks.
Web Service Request Handler maps
request to WebService class and
method. SoapExtensions hooked in as
callbacks.
[SoapMethod]
Host (IIS)
ISAPI Filters
ASP.NET HTTP Runtime
HTTP Module
HTTP Module
WS Request Handler
Soap Extension
Soap Extension
Target Service
ASP.NET „SOAP Extensions“
Plug-in architecture for ASP.NET Web Services
Declarative and configurable plug-ins for Web Services
Can intercept and manipulate payloads and headers
Interception-driven functionality
Can extend WSDL and inject code into proxies
ServiceDescriptionFormatExtension
Injects attributes into WSDL
ServiceDescriptionReflector reads metadata
Injects "operation binding" into WSDL
ServiceDescriptionImporter reads WSDL
Injects code into CodeDOM at proxy creation time
The Pipeline Call Chain
SoapExtension
BeforeDeserialize
Handler
BeforeDeserialize
Handler
AfterDeserialize
Handler
AfterDeserialize
Handler
BeforeSerialize
Handler
BeforeSerialize
Handler
AfterSerialize
Handler
AfterSerialize
Handler
Chained
Copy
[WebMethod]
Web Service
Request Handler
Request
Stream
SoapExtension
Chained
Copy
WSE Pipeline
Transport-independent pipeline
Hooked into ASP.NET using SOAP Extension
Can be used outside of ASP.NET
Can intercept and manipulate payloads and headers
Interception-driven functionality
Infoset based, not stream based
Eliminates stream-writes/reads for every stage
WSE Pipelines
Endpoint
SoapOutputFilter
Endpoint
Header
Header
SoapInputFilter
Input message
Body
Body
SOAP
message
SOAP
message
B
A
Transport
BA
BA
SoapInputFilter
Header
Header
Body
Body
SOAP
message
Output message
SOAP
message
SoapOutputFilter
The WSE Pipeline
SoapInputFilter
ProcessMessage
SoapInputFilter
ProcessMessage
ProcessInputMessage
SoapEnvelope
Pipeline
SoapEnvelope
ProcessOutputMessage
ProcessMessage
ProcessMessage
SoapOutputFilter
SoapOutputFilter
The WSE Pipeline as SOAP Ext.
SoapInputFilter
ProcessMessage
SoapExtension
BeforeDeserialize
Handler
SoapInputFilter
ProcessMessage
ProcessInputMessage
SoapEnvelope
Pipeline
SoapEnvelope
ProcessOutputMessage
AfterDeserialize
Handler
ProcessMessage
BeforeSerialize
Handler
AfterSerialize
Handler
SoapOutputFilter
ProcessMessage
SoapOutputFilter
Implementing Tracing
Assumes
Write ACE
Logfile
SoapExtension
Web Service
Request Handler
BeforeDeserialize
Handler
AfterDeserialize
Handler
BeforeSerialize
Handler
AfterSerialize
Handler
Queue
Service
.NET
Error
Trace
Queue
Event
Log
Debug-Time
Traces
Service
WMI and Event Log must run in separate
process with privileged account.
WMI
Tracing is better with queues
SoapExtension
WT
Web Service
Request Handler
BeforeDeserialize
Handler
B
Enterprise Svc QC
AfterDeserialize
Handler
BeforeSerialize
Handler
Queue
Service
WMI
AfterSerialize
Handler
A
Auto
Reset
Event
Worker Thread
.NET Remoting
or COM+
Implementing Interception
Intercept,
Inspect
and fail out
SoapExtension
AfterDeserialize
Handler
Exception
BeforeSerialize
Handler
Request
Stream
AfterSerialize
Handler
Chained
Copy
[WebMethod]
Web Service
Request Handler
BeforeDeserialize
Handler
Implementing XML Injection
SoapExtension
Modify stream
copy before
deserialization
AfterDeserialize
Handler
BeforeSerialize
Handler
Request
Stream
Modify stream
copy after
serialization
AfterSerialize
Handler
Chained
Copy
[WebMethod]
Web Service
Request Handler
BeforeDeserialize
Handler
Format Extensions
Extensibility mechanism for WSDL
Perfectly legal through use of separate namespaces
Inject your own tags into „operation bindings“
Operating Binding:
Pair of input and output messages
Equivalent to a function signature
Also defined out-of-band data (headers)
Allows WSDL-mapping of method-level
attributes
Metadata-enhanced WSDL
Format Extensions Applied
<operation name="SampleKerberos">
<soap:operation soapAction="urn:schemas-newtelligence-com:SampleKerberos"
style="document" />
<wsse-kerb-ext:wssecurityKerberosExtension>
<wsse-kerb-ext:ServiceClass>
host
</wsse-kerb-ext:ServiceClass>
<wsse-kerb-ext:ServiceHost>
ambassador.embassy.newtelligence.com
</wsse-kerb-ext:ServiceHost>
</wsse-kerb-ext:wssecurityKerberosExtension>
<input>
<soap:body use="literal" />
<soap:header d5p1:required="true"
message="s0:SampleKerberosWSSecurityKerberos"
part="WSSecurityKerberos" use="literal"
xmlns:d5p1="http://schemas.xmlsoap.org/wsdl/" />
</input>
<output>
<soap:body use="literal" />
<soap:header d5p1:required="true"
message="s0:SampleKerberosWSSecurityKerberos"
part="WSSecurityKerberos" use="literal"
xmlns:d5p1="http://schemas.xmlsoap.org/wsdl/" />
</output>
</operation>
Reflectors
Reflectors are locally or globally installed classes
<soapExtensionReflectorTypes> in machine.config or
web.config
Derived from ServiceDescriptionReflector
Called for every [WebMethod] on "?WSDL"
Allow you to:
Modify WSDL using ServiceDescription object model
Add Schemas, Imports
Modify Messages
Add Headers
Inject format extensions into operation bindings
WSDL in the
Framework
ServiceDescription
Imports
Types
Messages
PortTypes
Bindings
Services
<?xml version="1.0" encoding="utf-8"?>
<definitions xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:s0="urn:this-service"
xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" targetNamespace="urn:this-service"
xmlns="http://schemas.xmlsoap.org/wsdl/">
<types>
<s:schema elementFormDefault="qualified" targetNamespace="urn:this-service">
<s:element name="HelloWorld">
<s:complexType />
</s:element>
<s:element name="HelloWorldResponse">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" maxOccurs="1" name="HelloWorldResult" type="s:string" />
</s:sequence>
</s:complexType>
</s:element>
<s:element name="string" nillable="true" type="s:string" />
</s:schema>
</types>
<message name="HelloWorldSoapIn">
<part name="parameters" element="s0:HelloWorld" />
</message>
<message name="HelloWorldSoapOut">
<part name="parameters" element="s0:HelloWorldResponse" />
</message>
<portType name="Service1Soap">
<operation name="HelloWorld">
<input message="s0:HelloWorldSoapIn" />
<output message="s0:HelloWorldSoapOut" />
</operation>
</portType>
<binding name="Service1Soap" type="s0:Service1Soap">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
<operation name="HelloWorld">
<soap:operation soapAction="urn:this-serviceHelloWorld" style="document" />
<input>
<soap:body use="literal" />
</input>
<output>
<soap:body use="literal" />
</output>
</operation>
</binding>
<service name="Service1">
<port name="Service1Soap" binding="s0:Service1Soap">
<soap:address location="http://localhost/WebService2/Service1.asmx" />
</port>
</service>
</definitions>
<definitions>
<import>
<types>
<message>
<portType>
<binding>
<service>
System.Web.Services.Description
Importers
Importers are globally installed classes
<soapExtensionImporterTypes> in machine.config
Derived from ServiceDescriptionImporter
Called for every [WebMethod]
"Add Web Reference" or wsdl.exe (extends VS.NET)
Allow you to:
Modify the proxy code (!) in any .NET language
Uses the CodeDOM
Add properties, methods to the proxy
Add attributes to the proxy methods
Allows to automatically hook in client-side SoapExtensions
Resources
Demo code for this talk:
http://www.newtelligence.com/teched-us/
Clemens' Weblog
http://radio.weblogs.com/0108971
Summary
ASP.NET Web Services let you do more than
you think….
Intercept and inspect messages
Manipulate content
Manipulate WSDL
Manipulate Proxies
WSE takes this further …
Transport independent pipeline
Host yourself for any non-HHTP protocol
Community Resources
Community Resources
http://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)
http://www.mvp.support.microsoft.com/
Newsgroups
Converse online with Microsoft Newsgroups, including Worldwide
http://www.microsoft.com/communities/newsgroups/default.mspx
User Groups
Meet and learn with your peers
http://www.microsoft.com/communities/usergroups/default.mspx
evaluations
© 2003 newtelligence AG. All rights reserved.
This presentation is for informational purposes only. MICROSOFT AND NEWTELLIGENCE MAKE NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
SUMMARY.