1 / 54

Consuming Web Services in Microsoft Silverlight 3

Consuming Web Services in Microsoft Silverlight 3. Eugene Osovetsky Program Manager Microsoft Corporation. We'll Cover 3 Scenarios :. Simple Back-End Data Access. WCF, SOAP. “Data Push” (Server to Client). WCF. Mashups (Using REST APIs). REST, XML/JSON, Atom/RSS.

Jimmy
Download Presentation

Consuming Web Services in Microsoft Silverlight 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Consuming Web Services in Microsoft Silverlight 3 Eugene Osovetsky Program Manager Microsoft Corporation

  2. We'll Cover 3 Scenarios: Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST,XML/JSON,Atom/RSS

  3. Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST,XML/JSON,Atom/RSS

  4. Back-End Data Access: Silverlight 2 Recap WCF • Server: • “Add New Item…”  “Silverlight-enabled WCF Service” • Or any BP SOAP service… • Client: • “Add Service Reference”

  5. demo Product Catalog – Accessing Server Data from Silverlight

  6. Common Pain Points WCF • Performance • SOAP / XML “bloat” • Handling Error Conditions • Debugging impossible: • Can’t use SOAP Faults • Security • No automated way to send user credentials (if cannot rely on browser) • Can’t do “Add Service Reference” as part of build process System.ServiceModel.CommunicationException: The remote server returned an error: NotFound

  7. Silverlight 3 Addresses All These

  8. Performance • Errors / Faults / Debugging • Security • Proxy Creation

  9. demo Optimizing Performance withBinary XML

  10. Binary XML • Browser apps are often “chatty” • You pay for bandwidth and server capacity • Sometimes a tradeoff… • Bandwidth: Compression at HTTP level (Turn on in IIS) • Server Capacity: Binary XML • More clients with existing server capacity

  11. Binary XML Characteristics • NOT Compression (but usually reduces size) • Optimizes for Speed, not Size • Biggest gains • Arrays, Numbers, Complex type graphs, Byte Arrays (binary blobs) • Not optimized • Very small messages • Strings • Even repeated strings - Difference from netTcpBinding • Recommendation: Always use Binary • “Silverlight-enabled WCF Service”- now Binary by default

  12. Binary XML: Server ThroughputUsing "typical" message payloads 24% 71% Your mileage may vary

  13. Binary XML: Message Size ReductionUsing large messages with arrays of "typical" data Your mileage may vary

  14. Performance • Errors / Faults / Debugging • Security • Proxy Creation

  15. demo Fault / Error Handling and DebuggingAttempt #1: Naïve Approach

  16. Naïve Approach: Just call the service • No error info on the wire: • Security reasons • So… No error info in Silverlight • Need to Enable Debugging • IncludeExceptionDetailsInFaults=true

  17. demo Fault / Error Handling and DebuggingAttempt #2: Enable Debugging

  18. With Debugging Enabled: • Error info is on the wire • Error info still not in Silverlight! • Can use “Fiddler Debugging”, but… • … not with Binary XML • … not with HTTPS • … can be hard to set up System.ServiceModel.CommunicationException: The remote server returned an error: NotFound

  19. Why No Error Info in Silverlight? WCF • Server • Sends HTTP 500 Error Code (SOAP standard) • Not supported by browser plugins (like Silverlight) • Solution: Switch to HTTP 200 Code • How? • WCF Sample (“Message Inspector Sample”) athttp://code.msdn.com/SilverlightWS • Looking into a better solution after Beta1

  20. Why No Error Info in Silverlight? WCF • Client: • No support for faults in Silverlight 2 • Even with HTTP 200 • Supported in Silverlight 3 • ExceptionDetail • FaultException<T> • Etc …

  21. demo Fault / Error Handling and DebuggingWith Silverlight 3 Faults Support

  22. Performance • Errors / Faults / Debugging • Security • Proxy Creation

  23. Securing Services: 2 Options • How is identity communicated to the service? • Browser-Based (Automatic)Examples • Windows Authentication • Cookies • Message-Based (Manual) Examples • URL parameters • SOAP headers with Username/Password

  24. Browser-Based Authentication Example with Cookies + Forms Auth E.g.: ASP.NET loginUser:Password: Credentials YourDomain.com Auth info (cookie) Service calls + Auth info Browser

  25. Browser-Based Authentication Login through Silverlight YourDomain.com Call with credentials toASP.NET Auth Service User:Password: ASP.NET Auth Service Reply contains cookie Service calls + Auth info Browser

  26. Browser-Based Authentication Using Windows Authentication Windows loginUser:Password: YourDomain.com Service calls + Creds Browser

  27. Browser-Based Authentication: Cross-Domain Threat MyBank.com LoginUser:Password: Credentials MyBank.com Auth info (e.g. cookie) Could steal orchange dataif protection wasn’t in place Malicious call + Auth info Malicious application EvilApps.com

  28. Cross-domain access blocked by default • Can enable with “cross-domain policy file” • Browser-Based Auth is only appropriate if • No cross-domain access, or • Access limited to a few trusted domains • If you enable access for “*”: • MUST NOT use a browser-based method • MUST use message-based method instead

  29. Message-Based Authentication Identity managed by Silverlight, not the Browser YourDomain.com User:Password: Creds are added by Silverlight, not browser No creds EvilApps.com Browser

  30. Enabling In-Message Auth: • Option 1: Change the Contract • [OperationContract]public decimal GetAccountBalance(intaccountID, string userName, string password); • Option 2: Automatically inject SOAP headers using WCF Extensibility • See “Message Inspector Sample” for SL2 • Option 3: Built-in Support in Silverlight 3

  31. demo Securing Services withMessage Credentials

  32. Transport With Message Credential Mode <soap:Envelope> <soap:Header><!-- WS-Security Header --> <!-- With UserName, Password, Timestamp --> </soap:Header> <soap:Body><!-- Message Payload --></soap:Body> </soap:Envelope> • Plain-text password sent over the wire • Requires SSL (HTTPS). Restriction is enforced • Timestamp, Lifetime, Max Clock Skew • Simple replay protection • Enforced in both directions (client   server) • Default max skew is 5 minutes – may require changes(Client clock can’t be more that 5 minutes out of sync with server)

  33. Performance • Errors / Faults / Debugging • Security • Proxy Creation

  34. Proxy Creation • SL2: Only through Visual Studio • SL3: Command-line Tool available • slsvcutil.exe • Silverlight version of svcutil.exe (simplified) • More flexibility than Add Service Reference

  35. demo Slsvcutil.exe

  36. Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST,XML/JSON,Atom/RSS

  37. Pushing Messages to Silverlight • Useful for real-time interaction (e.g. chat),monitoring (e.g. stock ticker), etc. • “Duplex” feature introduced in Silverlight 2 • Based on “smart polling” • Hard to use in SL2Advanced WCF knowledge required • Significantly simplified in Silverlight 3 Beta1 • May improve even more after the Beta

  38. demo Pushing Data to a Silverlight 3 Client

  39. Using Duplex: Client Side • 1. “Add Service Reference” • 2. Open the Proxy (Config not supported) • May get easier in final SL3 release • 3. Call Methods and Handle Events EndpointAddress address = new EndpointAddress("http://example.com/Service1.svc"); CustomBinding binding = new CustomBinding( new PollingDuplexBindingElement(), new TextMessageEncodingBindingElement( MessageVersion.Soap12WSAddressing10, Encoding.UTF8), new HttpTransportBindingElement());

  40. Using Duplex: Server Side • 1. Define a Service with a Callback Contract • [ServiceContract(CallbackContract=…)] • [OperationContract(IsOneWay=true)] • 2. Implement the service • OperationContext.Current .GetCallbackChannel<ICallbackContract>() • 3. Host the service • No config support • A bit tricky for now – see sample code • May get much easier after Beta1

  41. Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST,XML/JSON,Atom/RSS

  42. Recap: REST in Silverlight 2 • Making requests: • HttpWebRequest • WebClient • Working with XML: • XmlReader / XmlWriter • Linq – to – XML • XmlSerializer • Working with JSON: • System.Json (“Linq – to – JSON”) • DataContractJsonSerializer • Working with RSS/Atom Feeds • System.ServiceModel.Syndication

  43. REST Pain Points • HTTP Stack Restrictions • Usability

  44. REST Services: HTTP Stack • SL3 Beta1 has same capabilities as SL2 • HTTP stack browser restrictions still there • Exploring options to remove these in the future • HTTP stack extensibility added in SL3 • Can “roll your own” stack • E.g. HTML DOM + JavaScript XmlHttpRequest • E.g. Proxied through a Service • These may be released as samples / CodePlex

  45. REST Services: Usability • SL3 has same capabilities as SL2 • “Paste XML as Serializable Types” • Copy: XML or XSD • Paste: Silverlight-compatible types • In “REST Starter Kit, Preview 2” (CodePlex)

  46. demo Paste XML as Serializable Types

  47. Summary Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST,XML/JSON,Atom/RSS

  48. More Information • Team Blog: • http://blogs.msdn.com/SilverlightWS • My Blog: • http://eugeneos.blogspot.com • Samples Will Be Posted At: • http://code.msdn.com/SilverlightWS • REST Starter Kit Preview 2 (for Paste-XML-as-Types): • http://msdn.com/WCF/REST

  49. Please Complete an Evaluation FormYour feedback is important! • Evaluation forms can be found on each chair • Temp Staff at the back of the room have additional evaluation form copies

More Related