1 / 34

Building applications that combine WCF, WF and Cardspace in the .NET Framework 3.5

Gaëtan Holderbeke Xavier Pellegrino. Building applications that combine WCF, WF and Cardspace in the .NET Framework 3.5. Session Objectives & Prerequisites. Objectives WCF & WF Overview Messaging using Workflow Services Identity Metasystem Securing WCF with CardSpace Prerequisites

naida
Download Presentation

Building applications that combine WCF, WF and Cardspace in the .NET Framework 3.5

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Gaëtan Holderbeke Xavier Pellegrino Building applications that combine WCF, WF and Cardspace in the .NET Framework 3.5

  2. Session Objectives & Prerequisites • Objectives • WCF & WF Overview • Messaging using Workflow Services • Identity Metasystem • Securing WCF with CardSpace • Prerequisites • Experience with either WF or WCF in .NET 3.0 • Application Security basis • Some experience with the other

  3. Agenda Introduction to: • WCF • WF Better Together: • Workflow Services • Service Communications Identity Metasystem: • CardSpace • STS

  4. {WCF}

  5. Rhetorical Question WHAT IS A SERVICE? Some functionality exposed via a structured messaging scheme…

  6. Windows Communication Foundation • The Swiss-Army Chainsaw of service platforms • Unified programming model • Great manageability features • Tracing, message logging, threading controls, DOS remediation, WMI integration, configurability, etc. • Introduced in .NET 3.0, enhanced in .NET 3.5

  7. A A A B B B C C C C B A Clients, Services & Endpoint Client Service Endpoint Endpoint Endpoint Endpoint Address Where? Binding How? Contract What? Endpoint

  8. WCF Gross Anatomy • <service> • <endpoint name=“MyService” • address=“http://MyServer:6666/MyService” • binding=“basicHttpBinding” • contract=“IMyInterface”/> • [ServiceContract] • public interface IMyInterface { • [OperationContract] • void MyMethod(String arg); • } Address Binding Contract Service Contract Definition Service Type • [ServiceBehavior(InstanceContextMode= • InstanceContextMode.Single] • public class MyService: IMyInterface { • public void MyMethod(String arg){…} • }

  9. {WF}

  10. Windows Workflow Foundation Visual Studio Designer What is Workflow? A Workflow Workflow is the organization of work Activity What’s the value of Workflow? Long Running Logic Flexibility Transparency

  11. Workflow ServicesApproaches • Service implemented as Workflow • Leverage Workflow development experience • Allows long-running, durable Services • Workflow hosted as Service • ServiceContract provides typed interface for integrating with the Workflow • Messages enforce by-value, serializable data • Workflows can be message-activated

  12. {DEMO} Workflow Services

  13. Workflow Services Architecture Service.cs Service Instance Workflow Instance Workflow.cs or Workflow.xoml Service Runtime Workflow Runtime ReceiveActivity 1 OperationInvoker Operation 1 App.config WorkflowOperationInvoker ReceiveActivity 2 Operation 2 OperationSelector ServiceHost Workflow ServiceHost DurableInstanceProvider InstanceProvider MessageContextInspector MessageInspector WorkflowServiceBehavior ServiceDescription WorkflowOperationBehavior WF Persistence DB ContextChannel ListenerChannel ServiceBehavior OperationBehavior

  14. Context Exchange • Transport model for exchange will not work in long-running process • Manage at application or process layer • Need to agree upon a protocol to exchange context

  15. Context Exchange Protocol Client Service Send Receive op x params {instanceId} Context repository (your choice) {instanceId} op x response op y params op y params Send Receive {instanceId} {instanceId} Non-WF Client op y response op y response

  16. Duplex Communication • Cannot rely on a duplex channel • Model this via two contracts (inside two WorkflowServiceHost’s) • Explicitly provide “client” context in the initiating message to the “server”

  17. Duplex Message Flow Receive Request Send Request Client Service {ServiceId} {ClientId} {ServiceId} {ServiceId} Body Body Body Body Receive Respose BeginWorkflow Send Receive {no context} ClientId Receive Send {ServiceId} Body BeginWorkItem Send Receive ContinueWorkItem Receive Send CompleteWorkItem WorkItemComplete

  18. {EXAMPLE} Duplex Messaging

  19. {IDENTITY}

  20. Identity on the Internet Today • Passwords • Not a secure option with today’s computing power • Too easy to attack, long passwords hard to remember • We need stronger options! • Identity silos • How many user accounts do you have on the web? • Each requires its own password or other credential • Expensive and painful to manage • Today’s “solution” • Most users have one password they use everywhere!

  21. Information Card From the user's perspective • Data about myself • Name, phone, address… • Data about a relationship with some entity • Frequent Flyer -> Airline • Credit card holder -> Bank • Citizen of X -> Government • I may have to “do” something for using the card • Insert smartcard • Be on my company’s network Perception: I send this card so that the service provider will recognize me and use the information I disclose.

  22. Information Card From the computer's perspective • Token Format • SAML, Kerberos… • STS Information • Address • Metadata • Policy • Authentication factor type & hints • Thumbprint for certificates • Card ID for self issued A card represent the ability of obtaining a token of a certain format, containing certain claims, requesting it from a certain STS following a certain policy

  23. A Token [optional] key material Issuer’s signature S ClaimName1: Value1 E … ClaimNamen: Valuen Claims collection Encryption for the intended audience

  24. Windows CardSpace • Windows CardSpace is an identity selector for the metasystem • Represents digital identities graphically • Gets the user more highly involved in authentication • Designed to be difficult to spoof (helps mitigate phishing attacks) • Makes identity feel real • Each identity represented as a card

  25. {DEMO}

  26. Externalizing Authentication • Embedding identity management code in the app codebase is a Bad Idea • Competence • Maintenance • Robustness/Flexibility The technical details of authentication should be abstracted away from the application developer

  27. S+S IP R-STS Trust Trust User’s PC Resources R-STS Trust IP

  28. Identity Flow Identity Provider The IP authenticates RST… If successful, builds & signs the requested token Identities Store Website STS User’s PC Get Login Page The application posts the token to the website Pass card to STS Read Policies SAML SAML Token Policy Cards Store The IP sends back the token Pass Policies to Identity Selector Filter the list based on policies The website authenticates the token

  29. {DEMO}

  30. Zermatt • Framework for implementing claims-based identity in your applications • Set of .NET Framework 3.5 classes • Federated Authentication HttpModule • IIdentity -> IClaimsIdentity • IPrincipal -> IClaimsPrincipal • Information Card Design Control • Passive Sign In Design Control Still Beta…

  31. SUMMARY • WCF provides numerous extension points and configuration parameters • Workflow Services provide a natural way to build services. • With an understanding of context, advanced communication patterns can be implemented across many parties. • Identity Management Frameworks provide great opportunities to drive security implementations targeting the future of software architecture.

  32. Related Contents • Community site, samples, news • http://cardspace.nefx3.com • www.dinnernow.net • MSDN Forum • http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=784&SiteID=1 • MSDN Home Page • http://msdn.microsoft.com/identity

  33. Any questions ? Feel Free to meet during the break Or contact us: Gaetan.holderbeke@pragmaconsult.lu Xavier.pellegrino@pragmaconsult.lu www.pragmaconsult.lu

  34. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related