session objectives and takeaways
DESCRIPTION
Implementing RESTful Services With WCF 3.5 SP1 Security , Scalability and Controlling the URI (Part 2 of 2). Session Objectives And Takeaways. Go a level deeper than we did in Part 1 Describe how optional HTTP features like caching and conditional GET impact scalability - PowerPoint PPT PresentationTRANSCRIPT
Implementing RESTful Services With WCF 3.5 SP1Security, Scalability and Controlling the URI (Part 2 of 2)
Session Objectives And Takeaways
Go a level deeper than we did in Part 1Describe how optional HTTP features like caching and conditional GET impact scalabilityExplain how you can fully control the URIConsider options for securing RESTful servicesLearn about the updates to WCF in 3.5 SP1
Agenda
What is REST and Why should I care?How will resources be addressed?How will resources be formatted?How do I insure scalability?How do I secure my service?
SOAP RESTWCF Test Client Notepad
Internet Explorer
Why REST?
REST is an architectural style for implementing services with the simple and open model of the webSOAP is a protocol that delivers a rich messaging model independent of the transport
5 HTTP Messages18,604 bytes“You entered: 1”
Agenda
What is REST and Why should I care?How will resources be addressed?How will resources be formatted?How do I insure scalability?How do I secure my service?
Information ArchitectureURI Verb Collection Action
/wine POST Wine Create
/wine/{wineId} GET Wine Read
/wine/{wineId} PUT Customers Update
/wine/{wineId} DELETE Customers Delete
/wine/series/{seriesId} GET Wine Series Read
/wine/{wineId}/reviews GET Wine Reviews Read
/wine/{wineId}/reviews POST Wine Reviews Create
Default WCF Web URI
http://localhost/service.svc/method?arg1=1
Authority
.svc File path Method
nameQuery
Arguments
Scheme
WCF 3.5 UriTemplates
UriTemplate allows you to override the defaultArguments are bound by name
[OperationContract][WebGet(UriTemplate="Wine/{wineId})]WineData GetWine(string wineId);
http://localhost/service.svc/Wine/1
New in WCF 3.5 SP1
Default Values for template items Cannot be used for query string values
[OperationContract][WebGet(UriTemplate="Wine/{wineID=17})]WineData GetWine(string wineID);
New in WCF 3.5 SP1
Compound Template Segments
[OperationContract][WebGet(UriTemplate=“wine({wineID})]WineData GetWine(string wineID);
http://localhost/service.svc/wine(17)
Full URI Control
Scott GuthrieTip/Trick: Url Rewriting with ASP.NET
Jon Flanders (MVP) Using WCF WebHttpBinding and WebGet with nicer Urls
IIS7 Use/Build an HttpModuleIIS7 Team Recently Released a URL Rewrite Module
IIS 5/6 Use an ISAPI filter
DemoControlling the URI
Agenda
What is REST and Why should I care?How will resources be addressed?How will resources be formatted?How do I insure scalability?How do I secure my service?
Message Schema
Option 1: Basic Atom FeedStandardized syndication schemaWCF 3.5 SP1 Supports All Atom Publishing Protocol types
Option 2: Custom Service SchemaYou create your own schema for messages using DataContracts or XSDSee Part 1 session for examples
microformats
Standards for common human readable data in (X)HTMLhCard, hCalendar, etc.
<div id="" class="vcard"> <a class="url fn n" href="http://www.cohowinery.net"> <div class="org">Coho Winery</div></a><a class="email" href="mailto:[email protected]">[email protected]</a> <div class="adr"> <div class="street-address">555 Wine Lane</div> <span class="locality">Napa</span> <span class="region">CA</span> <span class="postal-code">94558</span> <span class="country-name">USA</span></div> <div class="tel">800-555-1212</div></div>
DemoBasic Atom Feed
Content Negotiation
Allow the client to ask for the format they wantAccept HeaderExtension Query String
Fixed Content FormatAttribute your WCF service
DemoContent Negotiation
Agenda
What is REST and Why should I care?How will resources be addressed?How will resources be formatted?How do I insure scalability?How do I secure my service?
Caching
Client SideControlled by HTTP HeadersCache-Control
Instructions to client side cacheExpires
Server SideHttpRuntime.Cache“Velocity” Distributed Cache
CTP1 Now Available
Conditional Get
GET this data if...If-Modified-Since: (Date)
Return the data only if it has been modified since (Date)
If-None-Match: (Etag)Return the data only if there isn't one with this Etag
Saves Bandwidth by not transmitting old dataResponse.SuppressEntityBody
DemoCaching / Conditional Get
Agenda
What is REST and Why should I care?How will resources be addressed?How will resources be formatted?How do I insure scalability?How do I secure my service?
Security Scenarios
Developer / App AuthorizationAuthorizes an application to access RESTful services
Third Party AccessApplication or site accessing a protected resource on behalf of another
Human RIA UserAccessing a protected resource from an Ajax or Silverlight web page using a cookie
Developer / App Authorization
Control access to public servicesAllows you to revoke access if necessary
Developer is issued a token or application ID (or both)Verify email and acceptance of licenseEach request requires the token to be sent
URI may also include a signature to prevent request tamperingTokens may be sent in the URI or Authorization header
OAuth (Open Authentication)
An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.
OAuth.netAllows users to grant access to protected resources without having to give credentials to third partiesMySpace WCF Implementation
RestChess.com
Human RIA User
AuthenticationAjax authentication service is enabledHuman signs in to web site with script that calls Sys.Services.AuthenticationService.LoginAuthorization token returned in cookieClient side script accesses protected resources using cookie
AuthorizationServer authorizes client requests by placing a web.config file in the folder with the resource
DemoHuman RIA Security
Summary
RESTful Services work the way the Web worksSharing your data with the world works
Focus on simple and open ideas firstChoose broad adoption over elegant design
Embrace the protocol of the web HTTPUnderstand its semanticsUse it as designed
appendix
WCF Test Client
Fiddler Proxy
Yahoo Web Search Service back
Notepad Service Client?
Adventure Works Customer Get