Session Objectives And Takeaways

Download Session Objectives And Takeaways

Post on 11-Feb-2016

78 views

Category:

Documents

0 download

Embed Size (px)

DESCRIPTION

Implementing RESTful Services With WCF 3.5 SP1 Security , Scalability and Controlling the URI (Part 2 of 2). Session Objectives And Takeaways. Go a level deeper than we did in Part 1 Describe how optional HTTP features like caching and conditional GET impact scalability - PowerPoint PPT Presentation

TRANSCRIPT

<p>SBP315 - Implementing RESTful Services With Windows Communication Foundation 3.5 SP1 - Security, Scalability and Controlling the URI (Part 2 of 2)</p> <p>Implementing RESTful Services With WCF 3.5 SP1Security, Scalability and Controlling the URI (Part 2 of 2)Welcome to our session on building RESTful services with WCF 3.5 SP1. 1 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8/7/2008Session Objectives And TakeawaysGo a level deeper than we did in Part 1Describe how optional HTTP features like caching and conditional GET impact scalabilityExplain how you can fully control the URIConsider options for securing RESTful servicesLearn about the updates to WCF in 3.5 SP12Once again we made some assumptions about youWe assume that most of you attended part 1 of this talk. Its ok if you didnt but we arent going to cover the same ground again, instead we are going to go a level deeper than we did in part 1that you are interested in leveraging the features of the application protocol of the web (HTTP) that enable scalabilityThat you want to know how you can make the URI exactly what you want it to be so you can please the REST puristsThat you want to know about the changes in WCF 3.5 SP1 which can help you to do even more with the UriTemplate 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8/7/2008Fiddler Proxy</p> <p>Notepad Service Client?</p> <p>Yahoo Web Search Service</p> <p>backDefault WCF Web URIhttp://localhost/service.svc/method?arg1=1Authority.svc File pathMethodname</p> <p>QueryArgumentsSchemeNow that we know what the Information architecture of the site should be lets think about the default URI behavior of WCF. TechReady7 Breakout Chalktalk Template8/7/2008 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.7WCF 3.5 UriTemplatesUriTemplate allows you to override the defaultArguments are bound by name[OperationContract][WebGet(UriTemplate="Wine/{wineId})]WineData GetWine(string wineId);http://localhost/service.svc/Wine/1As we said last time WCF allows you to control the URI by using a UriTemplate with holes that will map arguments from the URITechReady7 Breakout Chalktalk Template8/7/2008 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.8New in WCF 3.5 SP1Default Values for template items Cannot be used for query string values[OperationContract][WebGet(UriTemplate="Wine/{wineID=17})]WineData GetWine(string wineID);Now in WCF 3.5 SP1 you can set default values for arguments that are not passed in the URITechReady7 Breakout Chalktalk Template8/7/2008 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.9New in WCF 3.5 SP1Compound Template Segments[OperationContract][WebGet(UriTemplate=wine({wineID})]WineData GetWine(string wineID);http://localhost/service.svc/wine(17)You can also use compound template segments where more than one argument is mapped from a single URI segment.TechReady7 Breakout Chalktalk Template8/7/2008 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10Full URI ControlScott GuthrieTip/Trick: Url Rewriting with ASP.NETJon Flanders (MVP) Using WCF WebHttpBinding and WebGet with nicer Urls IIS7 Use/Build an HttpModuleIIS7 Team Recently Released a URL Rewrite ModuleIIS 5/6 Use an ISAPI filterIf you want to fully control the URI we have some resources for you. TechReady7 Breakout Chalktalk Template8/7/2008 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.11DemoControlling the URI12AgendaWhat is REST and Why should I care?How will resources be addressed?How will resources be formatted?How do I insure scalability?How do I secure my service?Next you have to consider how you want your resources to be formattedTechReady7 Breakout Chalktalk Template8/7/2008 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.13Message SchemaOption 1: Basic Atom FeedStandardized syndication schemaWCF 3.5 SP1 Supports All Atom Publishing Protocol typesOption 2: Custom Service SchemaYou create your own schema for messages using DataContracts or XSDSee Part 1 session for examplesmicroformatsStandards for common human readable data in (X)HTMLhCard, hCalendar, etc.</p> <p> Coho Winery</p> <p>greatwine@cohowinery.net 555 Wine Lane Napa CA 94558 USA</p> <p> 800-555-1212</p> <p>DemoBasic Atom Feed16Content NegotiationAllow the client to ask for the format they wantAccept HeaderExtension Query StringFixed Content FormatAttribute your WCF service</p> <p>DemoContent Negotiation</p> <p>18AgendaWhat is REST and Why should I care?How will resources be addressed?How will resources be formatted?How do I insure scalability?How do I secure my service?CachingClient SideControlled by HTTP HeadersCache-ControlInstructions to client side cacheExpiresServer SideHttpRuntime.CacheVelocity Distributed CacheCTP1 Now AvailableConditional GetGET this data if...If-Modified-Since: (Date)Return the data only if it has been modified since (Date)If-None-Match: (Etag)Return the data only if there isn't one with this EtagSaves Bandwidth by not transmitting old dataResponse.SuppressEntityBody</p> <p>DemoCaching / Conditional Get22AgendaWhat is REST and Why should I care?How will resources be addressed?How will resources be formatted?How do I insure scalability?How do I secure my service?Security ScenariosDeveloper / App AuthorizationAuthorizes an application to access RESTful servicesThird Party AccessApplication or site accessing a protected resource on behalf of anotherHuman RIA UserAccessing a protected resource from an Ajax or Silverlight web page using a cookieDeveloper / App Authorization</p> <p>Control access to public servicesAllows you to revoke access if necessaryDeveloper is issued a token or application ID (or both)Verify email and acceptance of licenseEach request requires the token to be sent URI may also include a signature to prevent request tamperingTokens may be sent in the URI or Authorization header</p> <p>OAuth (Open Authentication)An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.OAuth.netAllows users to grant access to protected resources without having to give credentials to third partiesMySpace WCF Implementation RestChess.com</p> <p>Human RIA UserAuthenticationAjax authentication service is enabledHuman signs in to web site with script that calls Sys.Services.AuthenticationService.LoginAuthorization token returned in cookieClient side script accesses protected resources using cookieAuthorizationServer authorizes client requests by placing a web.config file in the folder with the resource</p> <p>DemoHuman RIA Security28SummaryRESTful Services work the way the Web worksSharing your data with the world worksFocus on simple and open ideas firstChoose broad adoption over elegant designEmbrace the protocol of the web HTTPUnderstand its semanticsUse it as designed</p> <p>appendixAdventure Works Customer Get</p>