chapter 9 transactions and reliable sessions ms 304 wxmla 1 wcf transactions reliable messaging...
DESCRIPTION
If either of the operations fail entire transaction should be rolled back.(It should be in the state before balance transfer). A Transaction has following properties: 1. Atomic : All or one. Single unit (Remember Atom). 2. Consistent: Outcome should be as per expected. For example if Account 1 has and Account2 has 3000 then at the end of transaction Account 1 should have 5000 and Account should have MS 304 WXMLA 3 Transactions OverviewTRANSCRIPT
Chapter 9 Transactions and Reliable Sessions
MS 304 WXMLA
1
WCF Transactions Reliable Messaging Sessions
TransactionsOverview
Group of one or more unit of operations executed as whole.
Logical unit of work. Balance Transfer of 5000 from Account1 to
Account21. Debit of 5000 from Account1.(bal=bal-5000)2. Credit of 5000 in Account 2.(bal=bal+5000).
Both operations should be part of single unit.
MS 304 WXMLA
2
If either of the operations fail entire transaction should be rolled back.(It should be in the state before balance transfer).
A Transaction has following properties: 1. Atomic : All or one. Single unit (Remember Atom).2. Consistent: Outcome should be as per expected.
For example if Account 1 has 10000 and Account2 has 3000 then at the end of transaction Account 1 should have 5000 and Account should have 8000.
MS 304 WXMLA
3
TransactionsOverview
3. Isolated : Private until it is committed. For ex: During balance transfer(not completed and not committed) if any relative of Account1 or Account2 checks balance from ATM then they would see 10000 Rs for Account1 and 3000 Rs for Account2.
4. Durable: Transaction must service failures. When a transaction is committed it should maintain that state even if there is a failure. For ex: After successful balance transfer(committed) if some shuts down bank server, then after restart a transaction must be in committed state.
MS 304 WXMLA
4
TransactionsOverview
Transaction Attribute in System.ServiceModel .NET 2.0 introduced new namespace
System.Transactions. WCF utilizes many available object of this
name space for all necessary transaction capabilities.
* Transaction in .NET 3.0 – ProWCF – A Press Book pages 280 to 282 *
MS 304 WXMLA
5
TransactionsOverview
Additional Details Enable transaction in binding. Use binding that supports transaction.
- WSHttpBinding, NetTcpBinding, NetNamedPipeBinding, WSDualHttpBinding
Transaction Protocols - OleTransactions: Optimal for .Net- Web Service Atomic Transaction- Use when Clients are not .Net
MS 304 WXMLA
6
TransactionsOverview
ServiceBehavior Attribute TransactionAutoCompleteOnSessionClos
e TransactionIsolationLevel TransactionTimeOutOperationBehavior Attribute TransactionAutoComplete TransactionScopeRequired
MS 304 WXMLA
7
TransactionsOverview
TransactionFlow Attribute Specifies whether an operation should be a part of
transaction or not. Single property which comes from
TransationFlowOption enum.- Allowed: Transaction may be flowed (not compulsory)
- Mandatory: Transaction must be flowed(compulsory) - NotAllowed: Tranasaction cannot be
flowed(operation can’t be used in transaction (transaction scope).
MS 304 WXMLA
8
TransactionsOverview
MS 304 WXMLA
9
TransactionsOverview
Default is NotAllowed.
WS-Atomic Transaction WS-AT is useful to flow transactions to other
applications. It is interoperable protocol. Enables two-phase commit protocol. No need to use it if you are using Microsoft
Technology.Specifying Transactions through config- Just set transactionFlow=true in binding (refer
demo).
MS 304 WXMLA
10
TransactionsOverview
MS 304 WXMLA
11
TransactionsSummary
What is reliable messaging?- A mechanism to successfully deliver
messages in between distributed applications even if there is a failure of dependent components.
MS 304 WXMLA
12
Reliable Sessions
Reliable sessions in WCF provides reliable transfer of messages from one point to another, from source to destination.
Reliable messaging must be ensured in case of any failure like network or transport failure.
WCF inherits its reliable messaging from implementation of SOAP reliable messaging protocol.
MS 304 WXMLA
13
Reliable SessionsOverview
Reliable messaging enabled by including <reliableSession> element to the binding (in config) and setting enabled attribute to true.
Demo Reliable Messaging support:NetTcpBinding, wsHttpBinding,
*NetNamedPipeBinding, *wsDualHttpBinding, wsFederationBinding, *MsmqIntegrationBinding- * have reliable messaging enabled by default.
MS 304 WXMLA
14
Reliable SessionsMessage Exchange
Messages can be secured by using one of the in-build bindings.
Securing session requires that a client and service must be configured to exchange messages inside a reliable session and set of credentials to authenticate service.
Steps1. Configure binding for reliable session.2. add <security> element to that binding. 3. Inside <security> element the clientCredentialType attribute of the <message> needs to be set.
MS 304 WXMLA
15
Reliable SessionsSecuring Messages
Credentials while using transport- None:- Basic: Basic authentication is required for client.- Digest,Ntlm, Windows, Certificate: via X.509 certificate
Credentials while using message- None, Windows- UserName: Authentication via username.- Certificate: X.509- IssuedToken: Authentication via custom token.
MS 304 WXMLA
16
Reliable SessionsSecuring Messages
Specifying None is ok for testing but it does not enforce security. It is like blank password.
WCF does not allow cryptographic data with username credential. But it ensures transport security.
More about security in chap 10.
MS 304 WXMLA
17
Reliable SessionsSecuring Messages
Concept of queue is to provide reliable communication between sender and receiver, in case of failure.
Direct transport protocols such as TCP or HTTP offer little or not guarantee for safe and successful msg delivery if either client or service fails.
In direct transfer both parties should be running. In Queued transport provides isolation between sender
and receiver so if either party fails communication continues.
Good metaphore is telephone conversation using voice mail.
MS 304 WXMLA
18
Reliable SessionsQueues
WCF provides MSMQ as transport for queuing. Reliable messaging is provided even if there is a
network failure or other crash on sender/receiver. The role of queue is to catch any message in between
sender and receiver and send it to correct destination. WCF recommends queue in following scenarios:
- Disconnected operations: If either party is disconnected.- Loosely coupled applications: Speed of sender or receiver does not matter as both might not be online at the same time.
MS 304 WXMLA
19
Reliable SessionsQueues
- Disconnected operations: If either party is disconnected.- Loosely coupled applications: Client is not dependent on running service.- Load Leveling: Fast sender and slow receiver.- Failure isolation: Failure of sender or receiver does not affect other party.
A queue manager manages a collection of queues. It manages all queue operations. Basic queue behavior is shown as:
MS 304 WXMLA
20
Reliable SessionsQueues
1. client sends message to queue. Address on message is address of target queue.
2. The client’s queue manager sends messages to outgoing queue.
3. The client’s queue manager finds target queue and sends message to target queue.
4. The receiving application quests a message from target queue.
5. The queue manager of target queue hands the message to receiving application.
MS 304 WXMLA
21
Reliable SessionsQueues
Queues can also support transactional messaging.
In that case if messages sent and received from queue within transaction and if transaction is rolled back then result would be if no messages are sent to or received from queue.
MS 304 WXMLA
22
Reliable SessionsQueues
WCF includes two built-in bindings for message queuing: NetMsmqBinding and MsmqIntegrationBinding. NetMsmqBinding supports some subset of MSMQ.
Contains various properties. ExactlyOnce property ensures that message
will not be duplicated if it is already delivered. The dead letter queue is a queue which stores
messages which are not delivered some how and the reason will be recorded in that queue.
MS 304 WXMLA
23
Reliable SessionsWCF and Queues
Points to consider while using WCF queued bindings:- Service operations must be one way.- Generating WCF client using metadata exchange requires an additional HTTP endpoint on service.- Additional configuration outside WCF might be required.
MS 304 WXMLA
24
Reliable SessionsWCF and Queues
Queuing Best Practices Reliable Transfer: Make sure that ExactlyOnce and
Durable properties are set to true. Transactions: Using Transactions ensures end-to-
end reliability by ensuring that message was received.
Use dead letter queues: Required for reliable messaging. Message delivery can fail due to network failure, authentication failure or any other failure. Dead letter queues make sure that you are notified if message is not delivered.
MS 304 WXMLA
25
Reliable SessionsWCF and Queues
MS 304 WXMLA
26
Summary
Chap 10 Security WCF Security overview Security behaviors Clients/Services Best Practices
MS 304 WXMLA
27
Security overview SOAP message is communicated
between client and service. Securing and safe delivery of message
important. Intruder problem: Discuss WCF provides robust and versatile
secure messaging infrastructure.
MS 304 WXMLA
28
Security overviewConcepts
Integrity Confidentiality Authentication Authorization
MS 304 WXMLA
29
Security overviewConcepts
Integrity Message arrives at receiver is not altered. You need to trust that a message is not
tempered between sender and receiver. Digitally signing a message can ensure
integrity.Confidentially Message is sent to intended recipient. Message should not be viewed or interrogated
while in transit between sender and receiver.MS 304 WXMLA
30
Security overviewConcepts
Authentication Requesting evidence of identity. Client and
service have identity Generally one sided. In distributed system it should be on both
sides. Keeping it on both sides ensures there is no
middle-man attack.Authorization Happens after authentication. Like rights. Permission to call service.MS 304 WXMLA
31
Security overviewConcepts
For ex: Login in windows – Authenticationand accessing resources of network : authorization takes place (students are not allowed to access certain network folder while faculties are .)
WCF follows following mechanisms:- Windows Identity: - Public key Infrastructure: PKI employs digital
certificate.- X.509: Main form to credentials.- Kerberos: Used in Windows domain.
MS 304 WXMLA
32
Security overviewConcepts
Security Mechanism Transport Level Security
-Security is based on OS level.- Encryption is based on binding.- HTTPs(Secure Socket Layer – SSL).- TCP (Transport layer security).- Can require client to pass credentials to do authentication.
MS 304 WXMLA
33
Security overviewConcepts
Message Level Security- Messages are signed and encrypted before sending.- Based on WS-Security standard.- Can require client to pass credentials to do authentication.
TransportWithMessageCredential : mix
MS 304 WXMLA
34
Security overviewConcepts
Difference
MS 304 WXMLA
35
Transport Level Message LevelPro: Faster, Provides benefit from h/w level acceleration
Con: Slower
Con: Provides point-to-point encryption, so if service forward message then it is not encrypted.
Pro: Provides end-to-end encryptionPro: More option for credentials.
Con: Requires support for XML and WS-Security
Security overviewConcepts
Default security settings BasicHttpBinding
- No Security- For interoperability
WsHttpinding- Message level security.- Messages are encrypted.
NetTcpBinding - Trasport level security.Demo
MS 304 WXMLA
36
Security overviewWhy WCF Security
WCF provides strong security mechanism for distributed applications.
It accomplishes it by dividing security in three distinct functional areas:- Transfer Security- Access Control- Auditing
MS 304 WXMLA
37
Security overviewWhy WCF Security
WCF provides strong security mechanism for distributed applications.
It accomplishes it by dividing security in three distinct functional areas:- Transfer Security- Access Control- Auditing
MS 304 WXMLA
38
Security overviewWhy WCF Security
Transfer Security- For message integrity, confidentially and authentication.- Modes:- None: - Message: SOAP message security. Messages are security using WS-security standards. It ensures CIAtifor sender and receiver.- Transport: Transport security to ensure CIAti.- Mixed: Message and Transport security
MS 304 WXMLA
39
Security overviewWhy WCF Security
- Mixed: Message and Transport security.- Both: Available in netMsmqBinding binding. Provides authentication and protection on both levels.
Control Access/ Authorization- Authorization by using- PrinciplePermissionAttribute - ASP.NET Membership provides- ASP.NET role provider- Authorization Manager- Identity Model.
MS 304 WXMLA
40
Security overviewWhy WCF Security
Auditing- Process of logging security events.- Security events are written to the Windows Event Log and include evens such as logon successes and failures.- Helpful to Administrators to find attacks.
MS 304 WXMLA
41
Security Credentials
Transport Credentials- None: Anonymous client.- Basic: User name and password against active
directory(HTTP only). Password in unencrypted form.
- Digest: Only works with Windows active directly account. Sending hash value over network.
- NTLM: Uses SSPI(Security Support provide Interface)
- Windows: Windows Authentication.- Certificate: Authentication using X.509
MS 304 WXMLA
42
Security Credentials
Message Credentials- None: Anonymous client.- Windows: Windows Authentication.- UserName: Client to be authenticated by
using username.- Certificate: Authentication using X.509- Windows Cardspace: Authentication using
Windows card space.- - All these credentials can be specified
by code or config.MS 304 WXMLA
43
Security Credentials
Authentication Demo Authorization Demo
Summary
MS 304 WXMLA
44
MS 304 WXMLA
45
MS 304 WXMLA
46
MS 304 WXMLA
47