360 likes | 577 Views
Implementing RESTful Services With WCF 3.5 SP1 Security , Scalability and Controlling the URI (Part 2 of 2). Session Objectives And Takeaways. Go a level deeper than we did in Part 1 Describe how optional HTTP features like caching and conditional GET impact scalability
E N D
Implementing RESTful Services With WCF 3.5 SP1Security, Scalability and Controlling the URI (Part 2 of 2)
Session Objectives And Takeaways • Go a level deeper than we did in Part 1 • Describe how optional HTTP features like caching and conditional GET impact scalability • Explain how you can fully control the URI • Consider options for securing RESTful services • Learn about the updates to WCF in 3.5 SP1
Agenda • What is REST and Why should I care? • How will resources be addressed? • How will resources be formatted? • How do I insure scalability? • How do I secure my service?
Why REST? • REST is an architectural style for implementing services with the simple and open model of the web • SOAP is a protocol that delivers a rich messaging model independent of the transport 5 HTTP Messages 18,604 bytes “You entered: 1”
Agenda • What is REST and Why should I care? • How will resources be addressed? • How will resources be formatted? • How do I insure scalability? • How do I secure my service?
Default WCF Web URI http://localhost/service.svc/method?arg1=1 Authority .svc File path Scheme Method name Query Arguments
WCF 3.5 UriTemplates • UriTemplateallows you to override the default • Arguments are bound by name [OperationContract] [WebGet(UriTemplate="Wine/{wineId})] WineDataGetWine(string wineId); http://localhost/service.svc/Wine/1
New in WCF 3.5 SP1 • Default Values for template items • Cannot be used for query string values [OperationContract] [WebGet(UriTemplate="Wine/{wineID=17})] WineDataGetWine(string wineID);
New in WCF 3.5 SP1 • Compound Template Segments [OperationContract] [WebGet(UriTemplate=“wine({wineID})] WineDataGetWine(string wineID); http://localhost/service.svc/wine(17)
Full URI Control • Scott Guthrie • Tip/Trick: Url Rewriting with ASP.NET • Jon Flanders (MVP) • Using WCF WebHttpBinding and WebGet with nicer Urls • IIS7 • Use/Build an HttpModule • IIS7 Team Recently Released a URL Rewrite Module • IIS 5/6 • Use an ISAPI filter
Demo Controlling the URI
Agenda • What is REST and Why should I care? • How will resources be addressed? • How will resources be formatted? • How do I insure scalability? • How do I secure my service?
Message Schema • Option 1: Basic Atom Feed • Standardized syndication schema • WCF 3.5 SP1 Supports All Atom Publishing Protocol types • Option 2: Custom Service Schema • You create your own schema for messages using DataContracts or XSD • See Part 1 session for examples
microformats • Standards for common human readable data in (X)HTML • hCard, hCalendar, etc. <div id="" class="vcard"> <a class="url fn n" href="http://www.cohowinery.net"> <div class="org">Coho Winery</div> </a> <a class="email" href="mailto:greatwine@cohowinery.net">greatwine@cohowinery.net</a> <div class="adr"> <div class="street-address">555 Wine Lane</div> <span class="locality">Napa</span> <span class="region">CA</span> <span class="postal-code">94558</span> <span class="country-name">USA</span> </div> <div class="tel">800-555-1212</div> </div>
Demo Basic Atom Feed
Content Negotiation • Allow the client to ask for the format they want • Accept Header • Extension • Query String • Fixed Content Format • Attribute your WCF service
Demo Content Negotiation
Agenda • What is REST and Why should I care? • How will resources be addressed? • How will resources be formatted? • How do I insure scalability? • How do I secure my service?
Caching • Client Side • Controlled by HTTP Headers • Cache-Control • Instructions to client side cache • Expires • Server Side • HttpRuntime.Cache • “Velocity” Distributed Cache • CTP1 Now Available
Conditional Get • GET this data if... • If-Modified-Since: (Date) • Return the data only if it has been modified since (Date) • If-None-Match: (Etag) • Return the data only if there isn't one with this Etag • Saves Bandwidth by not transmitting old data • Response.SuppressEntityBody
Demo Caching / Conditional Get
Agenda • What is REST and Why should I care? • How will resources be addressed? • How will resources be formatted? • How do I insure scalability? • How do I secure my service?
Security Scenarios • Developer / App Authorization • Authorizes an application to access RESTful services • Third Party Access • Application or site accessing a protected resource on behalf of another • Human RIA User • Accessing a protected resource from an Ajax or Silverlight web page using a cookie
Developer / App Authorization • Control access to public services • Allows you to revoke access if necessary • Developer is issued a token or application ID (or both) • Verify email and acceptance of license • Each request requires the token to be sent • URI may also include a signature to prevent request tampering • Tokens may be sent in the URI or Authorization header
OAuth (Open Authentication) • An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. • OAuth.net • Allows users to grant access to protected resources without having to give credentials to third parties • MySpace WCF Implementation • RestChess.com
Human RIA User • Authentication • Ajax authentication service is enabled • Human signs in to web site with script that calls Sys.Services.AuthenticationService.Login • Authorization token returned in cookie • Client side script accesses protected resources using cookie • Authorization • Server authorizes client requests by placing a web.config file in the folder with the resource
Demo Human RIA Security
Summary • RESTful Services work the way the Web works • Sharing your data with the world works • Focus on simple and open ideas first • Choose broad adoption over elegant design • Embrace the protocol of the web HTTP • Understand its semantics • Use it as designed