slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Consuming Web Services in Microsoft Silverlight 3 PowerPoint Presentation
Download Presentation
Consuming Web Services in Microsoft Silverlight 3

Loading in 2 Seconds...

play fullscreen
1 / 54

Consuming Web Services in Microsoft Silverlight 3 - PowerPoint PPT Presentation


  • 198 Views
  • Uploaded on

Consuming Web Services in Microsoft Silverlight 3. Eugene Osovetsky Program Manager Microsoft Corporation. We'll Cover 3 Scenarios :. Simple Back-End Data Access. WCF, SOAP. “Data Push” (Server to Client). WCF. Mashups (Using REST APIs). REST, XML/JSON, Atom/RSS.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Consuming Web Services in Microsoft Silverlight 3' - Jimmy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
consuming web services in microsoft silverlight 3

Consuming Web Services in Microsoft Silverlight 3

Eugene Osovetsky

Program Manager

Microsoft Corporation

we ll cover 3 scenarios
We'll Cover 3 Scenarios:

Simple Back-End Data Access

WCF,

SOAP

“Data Push” (Server to Client)

WCF

Mashups (Using REST APIs)

REST,XML/JSON,Atom/RSS

slide4

Simple Back-End Data Access

WCF,

SOAP

“Data Push” (Server to Client)

WCF

Mashups (Using REST APIs)

REST,XML/JSON,Atom/RSS

back end data access silverlight 2 recap
Back-End Data Access: Silverlight 2 Recap

WCF

  • Server:
      • “Add New Item…”  “Silverlight-enabled WCF Service”
      • Or any BP SOAP service…
  • Client:
      • “Add Service Reference”
common pain points
Common Pain Points

WCF

  • Performance
    • SOAP / XML “bloat”
  • Handling Error Conditions
    • Debugging impossible:
    • Can’t use SOAP Faults
  • Security
    • No automated way to send user credentials (if cannot rely on browser)
  • Can’t do “Add Service Reference” as part of build process

System.ServiceModel.CommunicationException: The remote server returned an error: NotFound

slide9

Performance

  • Errors / Faults / Debugging
  • Security
  • Proxy Creation
binary xml
Binary XML
  • Browser apps are often “chatty”
  • You pay for bandwidth and server capacity
    • Sometimes a tradeoff…
  • Bandwidth: Compression at HTTP level (Turn on in IIS)
  • Server Capacity: Binary XML
    • More clients with existing server capacity
binary xml characteristics
Binary XML Characteristics
  • NOT Compression (but usually reduces size)
  • Optimizes for Speed, not Size
  • Biggest gains
    • Arrays, Numbers, Complex type graphs, Byte Arrays (binary blobs)
  • Not optimized
    • Very small messages
    • Strings
      • Even repeated strings - Difference from netTcpBinding
  • Recommendation: Always use Binary
  • “Silverlight-enabled WCF Service”- now Binary by default
binary xml server throughput u sing typical message payloads
Binary XML: Server ThroughputUsing "typical" message payloads

24%

71%

Your mileage may vary

binary xml message size reduction using large messages with arrays of typical data
Binary XML: Message Size ReductionUsing large messages with arrays of "typical" data

Your mileage may vary

slide15

Performance

  • Errors / Faults / Debugging
  • Security
  • Proxy Creation
slide17

Naïve Approach: Just call the service

    • No error info on the wire:
    • Security reasons
    • So… No error info in Silverlight
  • Need to Enable Debugging
    • IncludeExceptionDetailsInFaults=true
slide19

With Debugging Enabled:

    • Error info is on the wire
    • Error info still not in Silverlight!
    • Can use “Fiddler Debugging”, but…
      • … not with Binary XML
      • … not with HTTPS
      • … can be hard to set up

System.ServiceModel.CommunicationException: The remote server returned an error: NotFound

why no error info in silverlight
Why No Error Info in Silverlight?

WCF

  • Server
      • Sends HTTP 500 Error Code (SOAP standard)
      • Not supported by browser plugins (like Silverlight)
      • Solution: Switch to HTTP 200 Code
      • How?
          • WCF Sample (“Message Inspector Sample”) athttp://code.msdn.com/SilverlightWS
          • Looking into a better solution after Beta1
why no error info in silverlight21
Why No Error Info in Silverlight?

WCF

  • Client:
    • No support for faults in Silverlight 2
    • Even with HTTP 200
    • Supported in Silverlight 3
      • ExceptionDetail
      • FaultException<T>
      • Etc …
slide23

Performance

  • Errors / Faults / Debugging
  • Security
  • Proxy Creation
securing services 2 options
Securing Services: 2 Options
  • How is identity communicated to the service?
  • Browser-Based (Automatic)Examples
    • Windows Authentication
    • Cookies
  • Message-Based (Manual) Examples
    • URL parameters
    • SOAP headers with Username/Password
browser based authentication
Browser-Based Authentication

Example with Cookies + Forms Auth

E.g.: ASP.NET loginUser:Password:

Credentials

YourDomain.com

Auth info (cookie)

Service calls + Auth info

Browser

browser based authentication26
Browser-Based Authentication

Login through Silverlight

YourDomain.com

Call with credentials toASP.NET Auth Service

User:Password:

ASP.NET Auth Service

Reply contains cookie

Service calls + Auth info

Browser

browser based authentication27
Browser-Based Authentication

Using Windows Authentication

Windows loginUser:Password:

YourDomain.com

Service calls + Creds

Browser

browser based authentication cross domain threat
Browser-Based Authentication: Cross-Domain Threat

MyBank.com LoginUser:Password:

Credentials

MyBank.com

Auth info (e.g. cookie)

Could steal orchange dataif protection wasn’t in place

Malicious call + Auth info

Malicious application

EvilApps.com

slide29

Cross-domain access blocked by default

  • Can enable with “cross-domain policy file”
  • Browser-Based Auth is only appropriate if
    • No cross-domain access, or
    • Access limited to a few trusted domains
  • If you enable access for “*”:
    • MUST NOT use a browser-based method
    • MUST use message-based method instead
message based authentication
Message-Based Authentication

Identity managed by Silverlight, not the Browser

YourDomain.com

User:Password:

Creds are added by Silverlight, not browser

No creds

EvilApps.com

Browser

enabling in message auth
Enabling In-Message Auth:
  • Option 1: Change the Contract
    • [OperationContract]public decimal GetAccountBalance(intaccountID, string userName, string password);
  • Option 2: Automatically inject SOAP headers using WCF Extensibility
    • See “Message Inspector Sample” for SL2
  • Option 3: Built-in Support in Silverlight 3
transport with message credential mode
Transport With Message Credential Mode

<soap:Envelope> <soap:Header><!-- WS-Security Header --> <!-- With UserName, Password, Timestamp --> </soap:Header> <soap:Body><!-- Message Payload --></soap:Body>

</soap:Envelope>

  • Plain-text password sent over the wire
    • Requires SSL (HTTPS). Restriction is enforced
  • Timestamp, Lifetime, Max Clock Skew
    • Simple replay protection
    • Enforced in both directions (client   server)
    • Default max skew is 5 minutes – may require changes(Client clock can’t be more that 5 minutes out of sync with server)
slide34

Performance

  • Errors / Faults / Debugging
  • Security
  • Proxy Creation
proxy creation
Proxy Creation
  • SL2: Only through Visual Studio
  • SL3: Command-line Tool available
    • slsvcutil.exe
    • Silverlight version of svcutil.exe (simplified)
    • More flexibility than Add Service Reference
slide37

Simple Back-End Data Access

WCF,

SOAP

“Data Push” (Server to Client)

WCF

Mashups (Using REST APIs)

REST,XML/JSON,Atom/RSS

pushing messages to silverlight
Pushing Messages to Silverlight
  • Useful for real-time interaction (e.g. chat),monitoring (e.g. stock ticker), etc.
  • “Duplex” feature introduced in Silverlight 2
  • Based on “smart polling”
  • Hard to use in SL2Advanced WCF knowledge required
  • Significantly simplified in Silverlight 3 Beta1
    • May improve even more after the Beta
using duplex client side
Using Duplex: Client Side
  • 1. “Add Service Reference”
  • 2. Open the Proxy (Config not supported)
    • May get easier in final SL3 release
  • 3. Call Methods and Handle Events

EndpointAddress address = new EndpointAddress("http://example.com/Service1.svc");

CustomBinding binding = new CustomBinding(

new PollingDuplexBindingElement(),

new TextMessageEncodingBindingElement(

MessageVersion.Soap12WSAddressing10, Encoding.UTF8),

new HttpTransportBindingElement());

using duplex server side
Using Duplex: Server Side
  • 1. Define a Service with a Callback Contract
    • [ServiceContract(CallbackContract=…)]
    • [OperationContract(IsOneWay=true)]
  • 2. Implement the service
    • OperationContext.Current .GetCallbackChannel<ICallbackContract>()
  • 3. Host the service
    • No config support
    • A bit tricky for now – see sample code
    • May get much easier after Beta1
slide42

Simple Back-End Data Access

WCF,

SOAP

“Data Push” (Server to Client)

WCF

Mashups (Using REST APIs)

REST,XML/JSON,Atom/RSS

recap rest in silverlight 2
Recap: REST in Silverlight 2
  • Making requests:
    • HttpWebRequest
    • WebClient
  • Working with XML:
    • XmlReader / XmlWriter
    • Linq – to – XML
    • XmlSerializer
  • Working with JSON:
    • System.Json (“Linq – to – JSON”)
    • DataContractJsonSerializer
  • Working with RSS/Atom Feeds
    • System.ServiceModel.Syndication
rest pain points
REST Pain Points
  • HTTP Stack Restrictions
  • Usability
rest services http stack
REST Services: HTTP Stack
  • SL3 Beta1 has same capabilities as SL2
  • HTTP stack browser restrictions still there
    • Exploring options to remove these in the future
  • HTTP stack extensibility added in SL3
    • Can “roll your own” stack
    • E.g. HTML DOM + JavaScript XmlHttpRequest
    • E.g. Proxied through a Service
    • These may be released as samples / CodePlex
rest services usability
REST Services: Usability
  • SL3 has same capabilities as SL2
  • “Paste XML as Serializable Types”
    • Copy: XML or XSD
    • Paste: Silverlight-compatible types
    • In “REST Starter Kit, Preview 2” (CodePlex)
summary
Summary

Simple Back-End Data Access

WCF,

SOAP

“Data Push” (Server to Client)

WCF

Mashups (Using REST APIs)

REST,XML/JSON,Atom/RSS

more information
More Information
  • Team Blog:
    • http://blogs.msdn.com/SilverlightWS
  • My Blog:
    • http://eugeneos.blogspot.com
  • Samples Will Be Posted At:
    • http://code.msdn.com/SilverlightWS
  • REST Starter Kit Preview 2 (for Paste-XML-as-Types):
    • http://msdn.com/WCF/REST
slide50

Please Complete an Evaluation FormYour feedback is important!

  • Evaluation forms can be found on each chair
  • Temp Staff at the back of the room have additional evaluation form copies
slide51

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

transport with message credential mode52
Transport With Message Credential Mode
  • Server Side: Enabling This Mode
    • BasicHttp binding
      • TransportWithMessageCredentials
      • Only UserName credential type (no Certificates)
    • Custom binding
      • Security binding element with UserNameOverTransportmode
  • Server Side: AuthN and AuthZ
    • Standard WCF methods
    • E.g. <serviceCredentials> behavior + membership provider
    • Or custom username/password validator
  • Client Side:
    • proxy.ClientCredentials.UserName.UserName = …
    • proxy.ClientCredentials.UserName.Password = …
http requests in silverlight
HTTP Requests in Silverlight

High-level components and User Code

HttpWebRequest

Browser Plugin APIs

Restrictions

Web Browser- Cookies

- Authenticated sessions- Caching- Proxy server to use

Restrictions

Windows/MacNetworking Layer

how duplex works
How Duplex Works
  • “Smart Polling” over HTTP
  • Simplifiedexplanation:

Any messages?

ClientApp

ClientDuplexChannel

ServerDuplexChannel

ServerApp

10-15sec

No messages

Any messages?

Message

Message

Message

Any messages?

Server

Client Browser