Embed Size (px)
Citation preview
WEB404 ASP.NET Web Service Internals“I didn’t know you could do that!”
Clemens Vasters([email protected])
newtelligence AG
In an ideal world …
… there would only be XML superheroes …
SOAPERMAN
… like this guy.
However …
Many developers …
Ooops!
Many developers …
… need help and easy-to-use tools …
… and that‘s true for very many.
ASP.NET Bigotry – The Good
Very simple: You just write classes and methodsSimple enough for everybody
Write, compile, done
The WSDL contract is generated on the fly
Wire format is rendered on the fly
Proxies are automatically code-generated
ASP.NET Bigotry – The Bad
Too simple: You just write classes and methodsSuggests that a Web Service is just like anything else
The WSDL contract is generated on the flyContract should dominate the programming model
Wire format is rendered on the flySomewhere in deep inside the infrastructure
Proxies are automatically code-generatedHard to maintain customized versions
The Middle Ground
Many developers need simplicityThey have no time to deal with XML philosophy
They have no time to carefully craft Schema and WSDL
They have no time to even learn Schema or WSDL
They have even less time to deal with GXA, etc.
Whether we like it or not …… the programming model must be kept easy
… it's hard to move from RPC to messages
Bridging the gap is an infrastructure job.
[WebMethod]public string MakeReservation( string FlightCycleId, int Row, char Seat, string Fare, string FirstName, string LastName, string Title, string CustomerCode)
[PrincipalPermission]
[ExceptionMonitor][MethodStatistics]
[TipTransaction]
[CheckArguments]
[MinLength(8), MaxLength(8)]
[Between(1,100)]
[Between('A','K')]
[Match(@"[A-Z]")][MinLength(1),MaxLength(80)]
[OneOf("MR","MRS")]
[Match(@"[0-9]*"),MaxLength(20)]
[MinLength(1),MaxLength(80)]
Monitoring and Diagnostics
Authentication and Authorization
Transactions and Reliability
Data Validation and Security
Building A Pipeline IdentityIdentity
SignatureSignature
AuthenticationAuthentication
AccessAccessControlControl
AccessAccessControlControl
Logging,Logging,MonitoringMonitoring
Logging,Logging,MonitoringMonitoring
UsageUsageControlControl
UsageUsageControlControl
AccountingAccountingAccountingAccountingLogging,Logging,MonitoringMonitoring
Logging,Logging,MonitoringMonitoring
ConversationConversationManagmt.Managmt.
ConversationConversationManagmt.Managmt.
DecryptDecryptDecryptDecrypt
EncryptEncryptEncryptEncrypt
BillingBilling
RoyaltiesRoyalties
EncryptionEncryption
User User access to access to serviceservice
SignatureSignature Asynch. Asynch. messaging messaging supportsupport
QueuingQueuing
Service Service
ImplementationImplementation
Service Service
ImplementationImplementation
TimestampTimestamp
StatisticsStatistics
AvailabilityAvailability
PerformancePerformance
TimestampTimestamp
etcetc
TransportTransportRuntimeRuntime
TransportTransportRuntimeRuntime
AccessAccessAccessAccess
ConversationConversationManagmt.Managmt.
ConversationConversationManagmt.Managmt.
HTTP InfrastructureHTTP Infrastructure
WebMethodWebMethod
WSE Pipeline stages andWSE Pipeline stages andSOAP extensionsSOAP extensions
ASP.NET Runtime Environment
WS Request Handler
HTTP Module
HTTP Module
ASP.NET HTTP Runtime
Host (IIS)
HTTP Request
Soap Extension
Target Service
Soap Extension
ISAPI Filters
Host environment: IIS with authentication infrastructure
and additional ISAPI filters for compression, etc.
ASP.NET hooked into IIS via ISAPI Filter and Extension for .asmx
extension (customizable)
ASP.NET: Managed runtime running as separate process. Processes IIS
requests asynchronously. Doesn't tie up IIS threads.
HTTP Module chain allows for raw data filtering and processing. Modules are
hooked in as callbacks.
Web Service Request Handler maps request to WebService class and
method. SoapExtensions hooked in as callbacks.
[SoapMethod]
ASP.NET „SOAP Extensions“
Plug-in architecture for ASP.NET Web ServicesDeclarative and configurable plug-ins for Web Services
Can intercept and manipulate payloads and headersInterception-driven functionality
Can extend WSDL and inject code into proxiesServiceDescriptionFormatExtension
Injects attributes into WSDL
ServiceDescriptionReflector reads metadataInjects "operation binding" into WSDL
ServiceDescriptionImporter reads WSDLInjects code into CodeDOM at proxy creation time
The Pipeline Call Chain
Web
Service
Req
uest H
and
ler
SoapExtension
BeforeDeserializeHandler
AfterDeserializeHandler
BeforeSerializeHandler
AfterSerializeHandler
SoapExtension
BeforeDeserializeHandler
AfterDeserializeHandler
BeforeSerializeHandler
AfterSerializeHandler
[Web
Meth
od
]
Chained Copy
Chained Copy
Request Stream
WSE Pipeline
Transport-independent pipeline Hooked into ASP.NET using SOAP Extension
Can be used outside of ASP.NET
Can intercept and manipulate payloads and headersInterception-driven functionality
Infoset based, not stream basedEliminates stream-writes/reads for every stage
WSE Pipelines
TransportTransport
SOAPmessage
Header
Body
SOAPmessage
Header
Body
SOAPmessage
Header
Body
SOAPmessage
Header
Body
SoapOutputFilterSoapOutputFilter
SoapInputFilterSoapInputFilter
Input message
Output message
Endpoint Endpoint
B AB AB AB A
SoapInputFilterSoapInputFilter
SoapOutputFilterSoapOutputFilter
AA BB
Pipeline
The WSE PipelineSoapInputFilter
ProcessMessage
SoapEnvelopeSoapEnvelope
SoapInputFilter
ProcessMessage
ProcessInputMessage
ProcessOutputMessage
SoapOutputFilter
ProcessMessage
SoapEnvelopeSoapEnvelope
SoapOutputFilter
ProcessMessage
The WSE Pipeline as SOAP Ext.
Pipeline
SoapInputFilter
ProcessMessage
SoapEnvelopeSoapEnvelope
SoapInputFilter
ProcessMessage
ProcessInputMessage
ProcessOutputMessage
SoapOutputFilter
ProcessMessage
SoapEnvelopeSoapEnvelope
SoapOutputFilter
ProcessMessage
SoapExtension
BeforeDeserializeHandler
AfterDeserializeHandler
BeforeSerializeHandler
AfterSerializeHandler
Implementing Tracing
Web
Service
Req
uest H
and
ler
SoapExtension
BeforeDeserializeHandler
AfterDeserializeHandler
BeforeSerializeHandler
AfterSerializeHandler
Logfile
Event Log
.NET Error Trace
Queue Service
WMIQueue Service
Assumes Write ACE
Debug-TimeTraces
WMI and Event Log must run in separate process with privileged account.
Worker Thread
Tracing is better with queues
Web
Service
Req
uest H
and
ler
SoapExtension
BeforeDeserializeHandler
AfterDeserializeHandler
BeforeSerializeHandler
AfterSerializeHandler
WMIQueue Service
WT
AutoResetEvent
.NET Remotingor COM+
Enterprise Svc QC
AA
BB
Implementing Interception
Web
Service
Req
uest H
and
ler
SoapExtension
BeforeDeserializeHandler
AfterDeserializeHandler
BeforeSerializeHandler
AfterSerializeHandler
[Web
Meth
od
]
Chained Copy
Request Stream
Exception
Intercept, Inspect
and fail out
Implementing XML Injection
Web
Service
Req
uest H
and
ler
SoapExtension
BeforeDeserializeHandler
AfterDeserializeHandler
BeforeSerializeHandler
AfterSerializeHandler
[Web
Meth
od
]
Chained Copy
Request Stream
Modify stream copy after
serialization
Modify stream copy before
deserialization
Format Extensions
Extensibility mechanism for WSDLPerfectly legal through use of separate namespaces
Inject your own tags into „operation bindings“Operating Binding:
Pair of input and output messages
Equivalent to a function signature
Also defined out-of-band data (headers)
Allows WSDL-mapping of method-level attributes
Metadata-enhanced WSDL
Format Extensions Applied<operation name="SampleKerberos"><operation name="SampleKerberos"> <soap:operation soapAction="urn:schemas-newtelligence-com:SampleKerberos" <soap:operation soapAction="urn:schemas-newtelligence-com:SampleKerberos" style="document" /> style="document" /> <wsse-kerb-ext:wssecurityKerberosExtension><wsse-kerb-ext:wssecurityKerberosExtension> <wsse-kerb-ext:ServiceClass><wsse-kerb-ext:ServiceClass> host host </wsse-kerb-ext:ServiceClass> </wsse-kerb-ext:ServiceClass> <wsse-kerb-ext:ServiceHost><wsse-kerb-ext:ServiceHost> ambassador.embassy.newtelligence.com ambassador.embassy.newtelligence.com </wsse-kerb-ext:ServiceHost> </wsse-kerb-ext:ServiceHost> </wsse-kerb-ext:wssecurityKerberosExtension></wsse-kerb-ext:wssecurityKerberosExtension> <input><input> <soap:body use="literal" /><soap:body use="literal" /> <soap:header d5p1:required="true" <soap:header d5p1:required="true" message="s0:SampleKerberosWSSecurityKerberos" message="s0:SampleKerberosWSSecurityKerberos" part="WSSecurityKerberos" use="literal" part="WSSecurityKerberos" use="literal" xmlns:d5p1="http://schemas.xmlsoap.org/wsdl/" /> xmlns:d5p1="http://schemas.xmlsoap.org/wsdl/" /> </input></input> <output><output> <soap:body use="literal" /><soap:body use="literal" /> <soap:header d5p1:required="true" <soap:header d5p1:required="true" message="s0:SampleKerberosWSSecurityKerberos" message="s0:SampleKerberosWSSecurityKerberos" part="WSSecurityKerberos" use="literal" part="WSSecurityKerberos" use="literal" xmlns:d5p1="http://schemas.xmlsoap.org/wsdl/" /> xmlns:d5p1="http://schemas.xmlsoap.org/wsdl/" /> </output></output> </operation></operation>
<operation name="SampleKerberos"><operation name="SampleKerberos"> <soap:operation soapAction="urn:schemas-newtelligence-com:SampleKerberos" <soap:operation soapAction="urn:schemas-newtelligence-com:SampleKerberos" style="document" /> style="document" /> <wsse-kerb-ext:wssecurityKerberosExtension><wsse-kerb-ext:wssecurityKerberosExtension> <wsse-kerb-ext:ServiceClass><wsse-kerb-ext:ServiceClass> host host </wsse-kerb-ext:ServiceClass> </wsse-kerb-ext:ServiceClass> <wsse-kerb-ext:ServiceHost><wsse-kerb-ext:ServiceHost> ambassador.embassy.newtelligence.com ambassador.embassy.newtelligence.com </wsse-kerb-ext:ServiceHost> </wsse-kerb-ext:ServiceHost> </wsse-kerb-ext:wssecurityKerberosExtension></wsse-kerb-ext:wssecurityKerberosExtension> <input><input> <soap:body use="literal" /><soap:body use="literal" /> <soap:header d5p1:required="true" <soap:header d5p1:required="true" message="s0:SampleKerberosWSSecurityKerberos" message="s0:SampleKerberosWSSecurityKerberos" part="WSSecurityKerberos" use="literal" part="WSSecurityKerberos" use="literal" xmlns:d5p1="http://schemas.xmlsoap.org/wsdl/" /> xmlns:d5p1="http://schemas.xmlsoap.org/wsdl/" /> </input></input> <output><output> <soap:body use="literal" /><soap:body use="literal" /> <soap:header d5p1:required="true" <soap:header d5p1:required="true" message="s0:SampleKerberosWSSecurityKerberos" message="s0:SampleKerberosWSSecurityKerberos" part="WSSecurityKerberos" use="literal" part="WSSecurityKerberos" use="literal" xmlns:d5p1="http://schemas.xmlsoap.org/wsdl/" /> xmlns:d5p1="http://schemas.xmlsoap.org/wsdl/" /> </output></output> </operation></operation>
Reflectors
Reflectors are locally or globally installed classes<soapExtensionReflectorTypes> in machine.config or web.config
Derived from ServiceDescriptionReflector
Called for every [WebMethod] on "?WSDL"
Allow you to:Modify WSDL using ServiceDescription object model
Add Schemas, Imports
Modify Messages
Add Headers
Inject format extensions into operation bindings
WSDL in the Framework
ServiceDescriptionServiceDescription
<?xml version="1.0" encoding="utf-8"?><?xml version="1.0" encoding="utf-8"?><definitions xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/" <definitions xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:s0="urn:this-service" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:s0="urn:this-service" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" targetNamespace="urn:this-service" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" targetNamespace="urn:this-service" xmlns="http://schemas.xmlsoap.org/wsdl/">xmlns="http://schemas.xmlsoap.org/wsdl/"> <types><types> <s:schema elementFormDefault="qualified" targetNamespace="urn:this-service"><s:schema elementFormDefault="qualified" targetNamespace="urn:this-service"> <s:element name="HelloWorld"><s:element name="HelloWorld"> <s:complexType /><s:complexType /> </s:element></s:element> <s:element name="HelloWorldResponse"><s:element name="HelloWorldResponse"> <s:complexType><s:complexType> <s:sequence><s:sequence> <s:element minOccurs="0" maxOccurs="1" name="HelloWorldResult" type="s:string" /><s:element minOccurs="0" maxOccurs="1" name="HelloWorldResult" type="s:string" /> </s:sequence></s:sequence> </s:complexType></s:complexType> </s:element></s:element> <s:element name="string" nillable="true" type="s:string" /><s:element name="string" nillable="true" type="s:string" /> </s:schema></s:schema> </types></types> <message name="HelloWorldSoapIn"><message name="HelloWorldSoapIn"> <part name="parameters" element="s0:HelloWorld" /><part name="parameters" element="s0:HelloWorld" /> </message></message> <message name="HelloWorldSoapOut"><message name="HelloWorldSoapOut"> <part name="parameters" element="s0:HelloWorldResponse" /><part name="parameters" element="s0:HelloWorldResponse" /> </message></message> <portType name="Service1Soap"><portType name="Service1Soap"> <operation name="HelloWorld"><operation name="HelloWorld"> <input message="s0:HelloWorldSoapIn" /><input message="s0:HelloWorldSoapIn" /> <output message="s0:HelloWorldSoapOut" /><output message="s0:HelloWorldSoapOut" /> </operation></operation> </portType></portType> <binding name="Service1Soap" type="s0:Service1Soap"><binding name="Service1Soap" type="s0:Service1Soap"> <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /><soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /> <operation name="HelloWorld"><operation name="HelloWorld"> <soap:operation soapAction="urn:this-serviceHelloWorld" style="document" /><soap:operation soapAction="urn:this-serviceHelloWorld" style="document" /> <input><input> <soap:body use="literal" /><soap:body use="literal" /> </input></input> <output><output> <soap:body use="literal" /><soap:body use="literal" /> </output></output> </operation></operation> </binding></binding> <service name="Service1"><service name="Service1"> <port name="Service1Soap" binding="s0:Service1Soap"><port name="Service1Soap" binding="s0:Service1Soap"> <soap:address location="http://localhost/WebService2/Service1.asmx" /><soap:address location="http://localhost/WebService2/Service1.asmx" /> </port></port> </service></service></definitions></definitions> System.Web.Services.DescriptionSystem.Web.Services.Description
<types><types><types><types>
<message><message><message><message>
<portType><portType><portType><portType>
<binding><binding><binding><binding>
<service><service><service><service>
<definitions><definitions><definitions><definitions>
<import><import><import><import>
ImportsImportsImportsImports
BindingsBindingsBindingsBindings
MessagesMessagesMessagesMessages
PortTypesPortTypesPortTypesPortTypes
ServicesServicesServicesServices
TypesTypesTypesTypes
Importers
Importers are globally installed classes<soapExtensionImporterTypes> in machine.config
Derived from ServiceDescriptionImporter
Called for every [WebMethod]"Add Web Reference" or wsdl.exe (extends VS.NET)
Allow you to:Modify the proxy code (!) in any .NET language
Uses the CodeDOM
Add properties, methods to the proxy
Add attributes to the proxy methodsAllows to automatically hook in client-side SoapExtensions
Resources
Demo code for this talk:http://www.newtelligence.com/teched-us/
Clemens' Webloghttp://radio.weblogs.com/0108971
Summary
ASP.NET Web Services let you do more than you think….
Intercept and inspect messages
Manipulate content
Manipulate WSDL
Manipulate Proxies
WSE takes this further …Transport independent pipeline
Host yourself for any non-HHTP protocol
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
evaluationsevaluations
© 2003 newtelligence AG. All rights reserved.© 2003 newtelligence AG. All rights reserved.This presentation is for informational purposes only. MICROSOFT AND NEWTELLIGENCE MAKE NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS This presentation is for informational purposes only. MICROSOFT AND NEWTELLIGENCE MAKE NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.SUMMARY.
