Building Web Services with .

NET

Nigel Watson (nigelwat@microsoft.com)

Academic Developer Relations
Developer and Platform Strategy Group
Microsoft PTY, Melbourne
Agenda
• Building the Programmable Web
• Web Services in .NET
• Furthering standards: GXA
• Summary
.NET Vision
Bank Ski Lodge

Airline

Ski Hire Gear

 Building the Programmable Web
So… What is a Web Service?

• A remote procedure call technology based on open standards

• A way to connect disparate applications on disparate platforms using open
standards
• A way to automate application to application integration using open standards
• A way to expose application functionality using open standards

OPEN STANDARDS ARE KEY TO WEB SERVICES

Web applications today...

HTML
L
HT

T M
M

H
L

Presentation
tier
BusLogic
tier
OS/Data
tier
 The Web Services protocol stack
Founded on industry standard protocols XML and HTTP

SOAP used to call methods on other systems SOAP

using XML over HTTP Simple Object Access
Protocol

WSDL used to describe a Web Service’s

interface (i.e. methods available, WSDL
parameters, return values etc.) Web Services
Description Language

UDDI is a directory that can be used to

programmatically search for a Web Service
UDDI
Universal Description,
Discovery and Integration
 Next generation web applications…
Applications Become
Other Programmable Web Services Public Web
Services Services
XML
XML
Presentation
Presentation .NET
Smarter
Smarter tier
tier
Clients XML XML Services
Clients BusLogic
tier Internal
Standard XML Services
Standard
Browsers HTML OS/Data
Browsers
tier
Smarter XML XML Servers
Smarter
Devices
Devices Industry Standard Protocols Data, Hosts
(HTTP, XML, SOAP, WSDL, UDDI)
Richer, More Applications Leverage
Productive User Globally-Available
Experience Federated Web Services
 Standards adherence is crucial
Web services will not reach their full potential without vendor interoperability…
W3C
• Committee overseeing the development and adoption of Internet standards
WS-I
• Industry initiative to promote vendor Web Services interoperability
• Over 150 participants, including Microsoft, IBM, Oracle, SAP, Sun…
• See www.ws-i.org for more information
OASIS
• Involved in WS-Security standardisation process
From standards to implementation
• .NET provides an implementation of the
Web Services technology stack.
• Other vendors have similar libraries
• IONA – Orbix E2A Web Services
• IBM – WSTK for WebSphere (Now the ETTK)
• BEA – Integrated into WebLogic 8.1 appserver
• Open source/Freeware
• AXIS (Apache)
• Glue
• Etc…
Agenda
• Building the Programmable Web
• .NET and Web Services
• Furthering standards: GXA
• Summary
.NET and Web Services
• ASP.NET Architecture
• Creating and consuming Web Services
• Watching SOAP Messages
• Adding meta-data to your Web Service
 ASP.NET Web Services Architecture

SOAP Requests

ASP.NET Web Service

SOAP Responses
[WebMethod]
Client Code Public string blah()
{…}
ISAPI Ext ASP.NET Worker Process
Platform IIS Common Language Runtime
OS O/S (W2K, XP, WS2K3)
ASP.NET – Server Side
• To create a web service:
• Create a new project in VS.NET
• Add a Web Service class
• Add methods to the class, decorate with
[WebMethod] attribute
[WebService]
[WebService]
Public Class Foo
Public Class Foo
{
{
[WebMethod]
[WebMethod]
public string Hello( string strName)
public string Hello( string strName)
{ … }
{ … }
…
…
}
}
ASP.NET – Client Side
• To consume a web service:
• Add a web reference to the web service to your
project
• This adds a Web Service proxy class to your
project
• Instantiate an instance of the proxy class and
begin calling methods on it.
…
…
localhost.Foo ws = new localhost.Foo();
localhost.Foo ws = new localhost.Foo();
string result = ws.Hello();
string result = ws.Hello();
…
…
Demo – Create and Consume a
simple Web Service

demo
Drilling into SOAP Messages
<s:Envelope xmlns:s=“http://www.w3.org/2001/09/soap-envelope”>
<s:Envelope xmlns:s=“http://www.w3.org/2001/09/soap-envelope”>
<s:Header>
<s:Header>
<c:alertcontrol xmlns:c=“http://example.org/alctl”>
<c:alertcontrol xmlns:c=“http://example.org/alctl”>
<c:priority>1</c:priority>
<c:priority>1</c:priority>
<c:expires>2001-10-25T14:00:00</c:expires>
<c:expires>2001-10-25T14:00:00</c:expires>
</c:alertcontrol>
</c:alertcontrol>
</s:Header>
</s:Header>
<s:Body>
<s:Body>
<m:alert xmlns:m=“http://example.org/alert”>
<m:alert xmlns:m=“http://example.org/alert”>
<m:msg>Pick up Mary at school at 2pm</m:msg>
<m:msg>Pick up Mary at school at 2pm</m:msg>
</m:alert>
</m:alert>
</s:Body>
</s:Body>
</s:Envelope>
</s:Envelope>
Demo – Use proxyTrace to watch
SOAP messages

demo
Adding meta-data to your service
• You can add useful information to your Web
Service’s browse page with attribute
parameters:
• This information also appears in the Web
Service’s WSDL description
[WebService(Description=“Foo Service”, NameSpace=“http…”)]
[WebService(Description=“Foo Service”, NameSpace=“http…”)]
Public Class Foo
Public Class Foo
{
{
[WebMethod(Description=“Hello method”)]
[WebMethod(Description=“Hello method”)]
public string Hello( string strName)
public string Hello( string strName)
{ … }
{ … }
…
…
}
}
Demo – Adding meta-data to your
Web Service

demo
Agenda
• Building the Programmable Web
• Web Services in .NET
• Furthering standards: GXA
• Summary
 There are still some gaps to fill…
End-to-end security including
authentication, authorization, Security
message integrity and encryption

Ability to dynamically configure message

routing paths for scalability and fault Routing
tolerance

End-to-end guarantee of message Reliable

delivery with semantics (at-least-
once, at-most-once, exactly-once) Messaging

Ability to transact across companies

and provide compensation Transactions
semantics
Global XML Web Services
Architecture - GXA
Transactions

Reliable Messaging …

Referral Security Directory

Routing License … Inspection

Description
GXA Design Principles
• General-purpose
• Agnostic to application domain
• Standards-based
• Multi-vendor interoperation critical
• Federated
• No central point of administration, control or
failure
• Modular
• Factored to stand alone or work together
General-Purpose
• Universal communications • Application category neutral
• Across machine • Enterprise application
• Across process integration
• Business-to-business
• Flexible communications • Business-to-consumer
• Extensible headers • Peer-to-peer
• Extensible body
• Extensible communication • Platform neutral
topology • Devices
• Transport protocol neutral
• Desktops
• Clusters
• Datacenters
Standards-Based
• We are committed to…
• Publishing GXA specifications
• Working with partners to refine specifications
• Working with partners, customers, and
standards bodies for broad adoption
• WS-Security submitted to OASIS
• WS-I likely to profile security and other functionality
Federated
• Fully distributed
• Builds upon DNS and IP
• Strong affinity towards hierarchical URI
• Crosses organization and trust domains
• Can be inspected by firewalls
• Can interoperate with Kerberos and PKI
• Does not require centralized servers
or administration
Modular
• GXA framework layered on SOAP/WSDL
extensibility hooks
• GXA surfaced as composable headers for SOAP
messages
• GXA specifications are highly factored
• Often coalesced as they evolve
• GXA specifications are combined to provide end-
to-end capabilities
• GXA protocols augment problem domain-specific
protocols (e.g., banking)
Modular: Example
<?xml version="1.0" encoding="utf-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
SOAP xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Message <S:Header>
<m:path xmlns:m="http://schemas.xmlsoap.org/rp">
<m:action>http://tickers-r-us.org/getQuote</m:action>
<m:to>soap://tickers-r-us.org/stocks</m:to>
Routing <m:from>mailto:johnsmith@isps-r-us.com</m:from>
<m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>
</m:path>
<wssec:Security
xmlns:wssec="http://schemas.xmlsoap.org/ws/2002/04/secext">
<wssec:BinarySecurityToken
ValueType="wssec:X509v3"
Security EncodingType=“wssec:Base64Binary">
     dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD
</wssec:BinarySecurityToken>
</wssec:Security>
</S:Header>
<S:Body>
<app:TrafficStatus
xmlns:app="http://highwaymon.org/payloads">
<road>520W</road><speed>3MPH</speed>
</app:TrafficStatus>
</S:Body>
</S:Envelope>
WS-Security 1.0
• A specification for proposed SOAP
extensions to be used when building secure
Web services.
• Supercedes the following specifications
• SOAP-SEC
• Microsoft’s WS-Security, WS-License
• IBM’s security token and encryption
• Dependent upon XML DIGSIG, XML Encryption,
XML Schema, SOAP…
• Defined schema
WS-Security 1.0
• Protection
• Integrity = XML Signature + Security Tokens
• Confidentiality = XML Encryption + Security
Tokens
Non-Goals of WS-Security
• Establishing a security context that requires
multiple exchanges
• Key exchange and derived keys
• How trust is established
• Policy Enforcement
• Provisioning of certificates
• XKMS
WS-Security 1.0

• We have some more work to do…

WS-Secure
Conversation
WS-Federation WS-Authorization

WS-Policy WS-Trust WS-Privacy

Today WS-Security

SOAP

Refer to Security Roadmap – http://msdn.microsoft.com/webservices

Summary
• Reviewed Web Services protocol stack
• Looked at how you can leverage Web
Services from .Net
• Looked briefly at how web services will
evolve over time
Further information
• http://msdn.microsoft.com
• http://gotdotnet.com
• Developmentor mailing list
• MSDN Updates (monthly)
• http://msdn.microsoft.com/flash
• Melbourne .NET User’s Group
(http://www.mdnug.org)
• Australian Developers.NETwork
(http://www.ausdev.net)
© 2001 Microsoft Corporation. All rights reserved.