1 / 36

Session Objectives And Takeaways

Implementing RESTful Services With WCF 3.5 SP1 Security , Scalability and Controlling the URI (Part 2 of 2). Session Objectives And Takeaways. Go a level deeper than we did in Part 1 Describe how optional HTTP features like caching and conditional GET impact scalability

dallon
Download Presentation

Session Objectives And Takeaways

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Implementing RESTful Services With WCF 3.5 SP1Security, Scalability and Controlling the URI (Part 2 of 2)

  2. Session Objectives And Takeaways • Go a level deeper than we did in Part 1 • Describe how optional HTTP features like caching and conditional GET impact scalability • Explain how you can fully control the URI • Consider options for securing RESTful services • Learn about the updates to WCF in 3.5 SP1

  3. Agenda • What is REST and Why should I care? • How will resources be addressed? • How will resources be formatted? • How do I insure scalability? • How do I secure my service?

  4. Why REST? • REST is an architectural style for implementing services with the simple and open model of the web • SOAP is a protocol that delivers a rich messaging model independent of the transport 5 HTTP Messages 18,604 bytes “You entered: 1”

  5. Agenda • What is REST and Why should I care? • How will resources be addressed? • How will resources be formatted? • How do I insure scalability? • How do I secure my service?

  6. Information Architecture

  7. Default WCF Web URI http://localhost/service.svc/method?arg1=1 Authority .svc File path Scheme Method name Query Arguments

  8. WCF 3.5 UriTemplates • UriTemplateallows you to override the default • Arguments are bound by name [OperationContract] [WebGet(UriTemplate="Wine/{wineId})] WineDataGetWine(string wineId); http://localhost/service.svc/Wine/1

  9. New in WCF 3.5 SP1 • Default Values for template items • Cannot be used for query string values [OperationContract] [WebGet(UriTemplate="Wine/{wineID=17})] WineDataGetWine(string wineID);

  10. New in WCF 3.5 SP1 • Compound Template Segments [OperationContract] [WebGet(UriTemplate=“wine({wineID})] WineDataGetWine(string wineID); http://localhost/service.svc/wine(17)

  11. Full URI Control • Scott Guthrie • Tip/Trick: Url Rewriting with ASP.NET • Jon Flanders (MVP) • Using WCF WebHttpBinding and WebGet with nicer Urls • IIS7 • Use/Build an HttpModule • IIS7 Team Recently Released a URL Rewrite Module • IIS 5/6 • Use an ISAPI filter

  12. Demo Controlling the URI

  13. Agenda • What is REST and Why should I care? • How will resources be addressed? • How will resources be formatted? • How do I insure scalability? • How do I secure my service?

  14. Message Schema • Option 1: Basic Atom Feed • Standardized syndication schema • WCF 3.5 SP1 Supports All Atom Publishing Protocol types • Option 2: Custom Service Schema • You create your own schema for messages using DataContracts or XSD • See Part 1 session for examples

  15. microformats • Standards for common human readable data in (X)HTML • hCard, hCalendar, etc. <div id="" class="vcard"> <a class="url fn n" href="http://www.cohowinery.net"> <div class="org">Coho Winery</div> </a> <a class="email" href="mailto:greatwine@cohowinery.net">greatwine@cohowinery.net</a> <div class="adr"> <div class="street-address">555 Wine Lane</div> <span class="locality">Napa</span> <span class="region">CA</span> <span class="postal-code">94558</span> <span class="country-name">USA</span> </div> <div class="tel">800-555-1212</div> </div>

  16. Demo Basic Atom Feed

  17. Content Negotiation • Allow the client to ask for the format they want • Accept Header • Extension • Query String • Fixed Content Format • Attribute your WCF service

  18. Demo Content Negotiation

  19. Agenda • What is REST and Why should I care? • How will resources be addressed? • How will resources be formatted? • How do I insure scalability? • How do I secure my service?

  20. Caching • Client Side • Controlled by HTTP Headers • Cache-Control • Instructions to client side cache • Expires • Server Side • HttpRuntime.Cache • “Velocity” Distributed Cache • CTP1 Now Available

  21. Conditional Get • GET this data if... • If-Modified-Since: (Date) • Return the data only if it has been modified since (Date) • If-None-Match: (Etag) • Return the data only if there isn't one with this Etag • Saves Bandwidth by not transmitting old data • Response.SuppressEntityBody

  22. Demo Caching / Conditional Get

  23. Agenda • What is REST and Why should I care? • How will resources be addressed? • How will resources be formatted? • How do I insure scalability? • How do I secure my service?

  24. Security Scenarios • Developer / App Authorization • Authorizes an application to access RESTful services • Third Party Access • Application or site accessing a protected resource on behalf of another • Human RIA User • Accessing a protected resource from an Ajax or Silverlight web page using a cookie

  25. Developer / App Authorization • Control access to public services • Allows you to revoke access if necessary • Developer is issued a token or application ID (or both) • Verify email and acceptance of license • Each request requires the token to be sent • URI may also include a signature to prevent request tampering • Tokens may be sent in the URI or Authorization header

  26. OAuth (Open Authentication) • An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. • OAuth.net • Allows users to grant access to protected resources without having to give credentials to third parties • MySpace WCF Implementation • RestChess.com

  27. Human RIA User • Authentication • Ajax authentication service is enabled • Human signs in to web site with script that calls Sys.Services.AuthenticationService.Login • Authorization token returned in cookie • Client side script accesses protected resources using cookie • Authorization • Server authorizes client requests by placing a web.config file in the folder with the resource

  28. Demo Human RIA Security

  29. Summary • RESTful Services work the way the Web works • Sharing your data with the world works • Focus on simple and open ideas first • Choose broad adoption over elegant design • Embrace the protocol of the web HTTP • Understand its semantics • Use it as designed

  30. appendix

  31. WCF Test Client

  32. Fiddler Proxy

  33. Yahoo Web Search Service back

  34. Notepad Service Client?

  35. Adventure Works Customer Get

More Related