book

Programming WCF Services

Name: Programming WCF Services
Author: Juval Lowy
ISBN: 9780596526993

by Juval Lowy

February 2007

Intermediate to advanced

634 pages

16h 1m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Programming WCF Services
Dedication
A Note Regarding Supplemental Files
Foreword
Preface
How This Book Is Organized
Some Assumptions About the Reader
What You Need to Use This Book
Conventions Used in This Book
Using Code Examples

How to Contact Us
Safari® Enabled
Acknowledgments
1. WCF Essentials
1.1. What Is WCF?
1.2. Services
1.2.1. Services’ Execution Boundaries1.2.1.1. WCF and location transparency
1.3. Addresses
1.3.1. TCP Addresses1.3.2. HTTP Addresses1.3.3. IPC Addresses1.3.4. MSMQ Addresses1.3.5. Peer Network Address
1.4. Contracts
1.4.1. The Service Contract1.4.1.1. Applying the ServiceContract attribute1.4.1.2. Names and namespaces
1.5. Hosting
1.5.1. IIS Hosting1.5.1.1. Using Visual Studio 20051.5.1.2. The Web.Config file1.5.2. Self-Hosting1.5.2.1. Using Visual Studio 20051.5.2.2. Self-hosting and base addresses1.5.2.3. Advanced hosting features1.5.2.4. The ServiceHost<T> class1.5.3. WAS Hosting
1.6. Bindings
1.6.1. The Standard Bindings1.6.2. Format and Encoding1.6.3. Choosing a Binding1.6.4. Using a Binding
1.7. Endpoints
1.7.1. Administrative Endpoint Configuration1.7.1.1. Using base addresses1.7.1.2. Binding configuration1.7.2. Programmatic Endpoint Configuration1.7.2.1. Binding configuration
1.8. Metadata Exchange
1.8.1. Enabling Metadata Exchange Programmatically1.8.2. The Metadata Exchange Endpoint1.8.2.1. Adding MEX endpoints programmatically1.8.2.2. Streamlining with ServiceHost<T>1.8.3. The Metadata Explorer
1.9. Client-Side Programming
1.9.1. Generating the Proxy1.9.2. Administrative Client Configuration1.9.2.1. Binding configuration1.9.2.2. Generating the client config file1.9.2.3. In-proc configuration1.9.2.4. The SvcConfigEditor1.9.3. Creating and Using the Proxy1.9.3.1. Closing the proxy1.9.3.2. Call timeout1.9.4. Programmatic Client Configuration
1.10. Programmatic Versus Administrative Configuration
1.11. WCF Architecture
1.11.1. Host Architecture
1.12. Working with Channels
1.12.1. The InProcFactory Class1.12.1.1. Implementing InProcFactory<T>
1.13. Reliability
1.13.1. Binding and Reliability1.13.2. Ordered Messages1.13.3. Configuring Reliability1.13.4. Requiring Ordered Delivery
2. Service Contracts
2.1. Operation Overloading
2.2. Contract Inheritance
2.2.1. Client-Side Contract Hierarchy2.2.1.1. Restoring the hierarchy on the client
2.3. Service Contracts Factoring and Design
2.3.1. Contract Factoring2.3.2. Factoring Metrics
2.4. Contract Queries
2.4.1. Programmatic Metadata Processing2.4.2. The MetadataHelper Class
3. Data Contracts
3.1. Serialization
3.1.1. .NET Serialization3.1.1.1. The Serializable attribute3.1.1.2. The .NET formatters3.1.2. The WCF Formatters3.1.3. Data Contract via Serialization
3.2. Data Contract Attributes
3.2.1. Importing a Data Contract3.2.2. Data Contract and the Serializable Attribute3.2.3. Composite Data Contracts3.2.4. Data Contract Events3.2.4.1. Using the deserializing event3.2.4.2. Using the deserialized event
3.3. Data Contract Hierarchy
3.3.1. Known Types3.3.2. Service Known Types3.3.3. Multiple Known Types3.3.4. Configuring Known Types3.3.5. Object and Interfaces
3.4. Data Contract Equivalence
3.4.1. Serialization Order
3.5. Versioning
3.5.1. New Members3.5.2. Missing Members3.5.2.1. Using the OnDeserializing event3.5.2.2. Required members3.5.3. Versioning Round-Trip3.5.3.1. Schema compatibility
3.6. Enumerations
3.7. Delegates and Data Contracts
3.8. Data Sets and Tables
3.8.1. Arrays Instead of Tables
3.9. Generics
3.10. Collections
3.10.1. Concrete Collections3.10.2. Custom Collections3.10.3. Collection Data Contract3.10.4. Referencing the Collection3.10.5. Client-Side Collection3.10.6. C# Iterators3.10.7. Dictionaries
4. Instance Management
4.1. Behaviors
4.2. Per-Call Services
4.2.1. Benefits of Per-Call Services4.2.2. Configuring Per-Call Services4.2.3. Designing Per-Call Services4.2.3.1. Per-call and performance4.2.3.2. Cleanup operations4.2.4. Choosing Per-Call Services
4.3. Per-Session Services
4.3.1. Configuring Private Sessions4.3.1.1. SessionMode.Allowed4.3.1.2. SessionMode.Required4.3.1.3. SessionMode.NotAllowed4.3.1.4. Binding, contract, and service behavior4.3.1.5. Consistent configuration4.3.2. Sessions and Reliability4.3.3. Session ID4.3.4. Session Termination
4.4. Singleton Service
4.4.1. Initializing a Singleton4.4.1.1. Streamlining with ServiceHost<T>4.4.2. Choosing a Singleton
4.5. Demarcating Operations
4.6. Instance Deactivation
4.6.1. Configuring with ReleaseInstanceMode.None4.6.2. Configuring with ReleaseInstanceMode.BeforeCall4.6.3. Configuring with ReleaseInstanceMode.AfterCall4.6.4. Configuring with ReleaseInstanceMode.BeforeAndAfterCall4.6.5. Explicit Deactivation4.6.6. Using Instance Deactivation
4.7. Throttling
4.7.1. Configuring Throttling4.7.1.1. Administrative throttling4.7.1.2. Programmatic throttling4.7.1.3. Streamlining with ServiceHost<T>4.7.1.4. Reading throttled values4.7.2. Throttled Connections in the Binding
5. Operations
5.1. Request-Reply Operations
5.2. One-Way Operations
5.2.1. Configuring One-Way Operations5.2.2. One-Way Operations and Reliability5.2.3. One-Way Operations and Sessionful Services5.2.4. One-Way Operations and Exceptions5.2.4.1. Per-call services and one-way exceptions5.2.4.2. Sessionful services and one-way exceptions
5.3. Callback Operations
5.3.1. Callback Contract5.3.2. Client Callback Setup5.3.2.1. Duplex proxy5.3.3. Service-Side Callback Invocation5.3.3.1. Callback reentrancy5.3.4. Callback Connection Management5.3.4.1. Connection management and instance mode5.3.5. Duplex Proxy and Type Safety5.3.6. Duplex Factory5.3.7. Callback Contract Hierarchy5.3.8. Callback, Ports, and Channels5.3.8.1. Assigning a callback address5.3.8.2. Assigning callback address declaratively
5.4. Events
5.5. Streaming
5.5.1. I/O Streams5.5.2. Streaming and Binding5.5.3. Streaming and Transport5.5.4. Stream Management
6. Faults
6.1. Errors and Exceptions
6.1.1. Exceptions and Instance Management6.1.1.1. Per-call service and exceptions6.1.1.2. Sessionful service and exceptions6.1.1.3. Singleton service and exceptions6.1.2. Faults
6.2. Fault Contracts
6.2.1. Fault Handling6.2.2. Unknown Faults6.2.3. Fault Debugging6.2.3.1. Declarative exceptions inclusion6.2.3.2. Host and exceptions diagnostics6.2.4. Faults and Callbacks6.2.4.1. Callbacks debugging
6.3. Error-Handling Extensions
6.3.1. Providing a Fault6.3.1.1. Using ProvideFault( )6.3.1.2. Exception promotion6.3.2. Handling a Fault6.3.2.1. The Logbook service6.3.3. Installing Error-Handling Extensions6.3.3.1. Error-Handling attribute6.3.4. Host and Error Extensions6.3.5. Callbacks and Error Extensions6.3.5.1. Callback error-handling attribute
7. Transactions
7.1. The Recovery Challenge
7.2. Transactions
7.2.1. Transactional Resources7.2.2. Transaction Properties7.2.2.1. The Atomic property7.2.2.2. The Consistent property7.2.2.3. The Isolated property7.2.2.4. The Durable property7.2.3. Transaction Management7.2.3.1. The transaction management challenge7.2.3.2. Distributed transactions7.2.3.3. The two-phase commit protocol7.2.4. WCF Resource Managers
7.3. Transaction Propagation
7.3.1. Transaction Flow and Binding7.3.2. Transaction Flow and Operation Contract7.3.2.1. TransactionFlowOption.NotAllowed7.3.2.2. TransactionFlowOption.Allowed7.3.2.3. TransactionFlowOption.Mandatory7.3.3. One-Way Calls
7.4. Transaction Protocols and Managers
7.4.1. Protocols and Bindings7.4.2. Transaction Managers7.4.2.1. The LTM7.4.2.2. The KTM7.4.2.3. The DTC7.4.3. Transaction Manager Promotion7.4.3.1. LTM promotion7.4.3.2. KTM promotion7.4.3.3. Resources and promotion
7.5. The Transaction Class
7.5.1. The Ambient Transaction7.5.2. Local Versus Distributed Transaction7.5.2.1. Local transaction identifier7.5.2.2. Distributed transaction identifier
7.6. Transactional Service Programming
7.6.1. Ambient Transaction Setting7.6.2. Transaction Propagation Modes7.6.2.1. Client/Service transaction7.6.2.2. Requiring transaction flow7.6.2.3. Client transaction7.6.2.4. Service transaction7.6.2.5. None transaction7.6.2.6. Choosing a service transaction mode7.6.3. Voting and Completion7.6.3.1. Declarative voting7.6.3.2. Explicit voting7.6.3.3. Terminating a transaction7.6.4. Transaction Isolation7.6.4.1. Isolation and transaction flow7.6.5. Transaction Timeout7.6.5.1. Transaction flow and timeout
7.7. Explicit Transaction Programming
7.7.1. The TransactionScope Class7.7.1.1. TransactionScope voting7.7.2. Transaction Flow Management7.7.2.1. Voting inside a nested scope7.7.2.2. TransactionScopeOption.Required7.7.2.3. TransactionScopeOption.RequiresNew7.7.2.4. TransactionScopeOption.Suppress7.7.2.5. TransactionScope timeout7.7.2.6. TransactionScope isolation level7.7.3. Nonservice Clients
7.8. Service State Management
7.8.1. Transaction Boundary7.8.2. State Identifier
7.9. Instance Management and Transactions
7.9.1. Per-Call Transactional Service7.9.1.1. Transaction life cycle7.9.2. Per-Session Transactional Service7.9.2.1. Releasing service instance7.9.2.2. Disabling releasing the service instance7.9.2.3. State-aware per-session service7.9.2.4. Stateful per-session service7.9.2.5. Transaction life cycle7.9.2.6. Concurrent transactions7.9.2.7. Completing on session end7.9.2.8. Transactional affinity7.9.2.9. Hybrid state management7.9.2.10. Choosing per-session transactional service7.9.3. Transactional Singleton7.9.3.1. Stateful singleton7.9.4. Instancing Modes and Transactions
7.10. Callbacks
7.10.1. Callback Transaction Modes7.10.1.1. Isolation and timeouts7.10.2. Callback Voting7.10.3. Using Transactional Callbacks7.10.3.1. Out-of-band transactional callbacks7.10.3.2. Service transactional callback
8. Concurrency Management
8.1. Instance Management and Concurrency
8.2. Service Concurrency Mode
8.2.1. ConcurrencyMode.Single8.2.1.1. Synchronized access and transactions8.2.2. ConcurrencyMode.Multiple8.2.2.1. Unsynchronized access and transactions8.2.3. ConcurrencyMode.Reentrant8.2.3.1. Designing for reentrancy8.2.3.2. Reentrancy and transactions8.2.3.3. Callbacks and reentrancy
8.3. Instances and Concurrent Access
8.3.1. Per-Call Services8.3.2. Sessionful and Singleton Services
8.4. Resources and Services
8.4.1. Deadlocked Access8.4.2. Deadlocked Avoidance
8.5. Resource Synchronization Context
8.5.1. .NET 2.0 Synchronization Contexts8.5.1.1. The SynchronizationContext class8.5.1.2. Working with the synchronization context8.5.2. UI Synchronization Context8.5.2.1. UI access and updates8.5.2.2. Safe controls
8.6. Service Synchronization Context
8.6.1. Hosting on the UI Thread8.6.1.1. Accessing the form8.6.1.2. Multiple UI threads8.6.2. Form As a Service8.6.2.1. The FormHost<F> class8.6.3. UI Thread and Concurrency Management8.6.3.1. UI responsiveness8.6.3.2. UI thread and concurrency modes
8.7. Custom Service Synchronization Context
8.7.1. Thread-Affinity Services8.7.2. Installing a Service Synchronization Context8.7.2.1. The ThreadAffinityBehavior attribute
8.8. Callbacks and Client Safety
8.8.1. Callbacks with ConcurrencyMode.Single8.8.2. Callbacks with ConcurrencyMode.Multiple8.8.3. Callbacks with ConcurrencyMode.Reentrant
8.9. Callbacks and Synchronization Context
8.9.1. Callbacks and UI Synchronization Context8.9.1.1. UI thread callbacks and responsiveness8.9.1.2. UI thread callbacks and concurrency management8.9.2. Callback Custom Synchronization Context8.9.2.1. The CallbackThreadAffinityBehaviorAttribute
8.10. Asynchronous Calls
8.10.1. Requirements for an Asynchronous Mechanism8.10.2. Proxy-Based Asynchronous Calls8.10.3. Asynchronous Invocation8.10.3.1. The IAsyncResult interface8.10.4. Polling or Waiting for Completion8.10.5. Completion Callbacks8.10.5.1. Completion callback and thread safety8.10.5.2. Passing state information8.10.5.3. Completion callback synchronization context8.10.6. One-Way Asynchronous Operations8.10.7. Asynchronous Error Handling8.10.8. Cleaning Up After End<Operation>8.10.9. Asynchronous Calls and Transactions8.10.10. Synchronous Versus Asynchronous Calls
9. Queued Services
9.1. Disconnected Services and Clients
9.2. Queued Calls
9.2.1. Queued Calls Architecture9.2.2. Queued Contracts9.2.3. Configuration and Setup9.2.3.1. Workgroup installation and security9.2.3.2. Creating the queue9.2.3.3. Queue purging9.2.3.4. Queues, services, and endpoints9.2.3.5. Exposing metadata
9.3. Transactions
9.3.1. Delivery and Playback9.3.1.1. Delivery transaction9.3.1.2. Playback transaction9.3.2. Service Transaction Configuration9.3.2.1. Participating in playback transaction9.3.2.2. Ignoring the playback transaction9.3.2.3. Using a separate transaction9.3.3. Nondurable Queues
9.4. Instance Management
9.4.1. Per-Call Queued Services9.4.1.1. Nontransactional clients9.4.1.2. Transactional clients9.4.1.3. Per-call processing9.4.2. Sessionful Queued Services9.4.2.1. Clients and transactions9.4.2.2. Services and transactions9.4.3. Singleton Service9.4.3.1. Calls and order
9.5. Concurrency Management
9.5.1. Throttling
9.6. Delivery Failures
9.6.1. The Dead-Letter Queue9.6.2. Time to Live9.6.3. Configuring the Dead-Letter Queue9.6.3.1. Custom DLQ verification9.6.4. Processing the Dead-Letter Queue9.6.4.1. Defining the DLQ service9.6.4.2. Failure properties9.6.4.3. Implementing a DLQ service
9.7. Playback Failures
9.7.1. Poison Messages9.7.2. Poison Messages Handling in MSMQ 4.09.7.2.1. Retry batches9.7.2.2. ReceiveErrorHandling.Fault9.7.2.3. ReceiveErrorHandling.Drop9.7.2.4. ReceiveErrorHandling.Reject9.7.2.5. ReceiveErrorHandling.Move9.7.2.6. Configuration sample9.7.2.7. Poison message service9.7.3. Poison Message Handling on MSMQ 3.0
9.8. Queued Versus Connected Calls
9.8.1. Requiring Queuing
9.9. Response Service
9.9.1. Designing a Response Service Contract9.9.1.1. Response address and method ID9.9.1.2. Using message headers9.9.1.3. The ResponseContext class9.9.2. Client-Side Programming9.9.3. Service-Side Programming9.9.4. Response Service-Side Programming9.9.5. Streamlining the Response Service9.9.5.1. Streamlining the client9.9.5.2. Streamlining the queued service9.9.5.3. Streamlining the response service-side9.9.6. Transactions9.9.6.1. Using a new transaction9.9.6.2. Response service and transactions
9.10. HTTP Bridge
9.10.1. Designing the Bridge9.10.2. Transaction Configuration9.10.3. Service-Side Configuration9.10.4. Client-Side Configuration
10. Security
10.1. Authentication
10.2. Authorization
10.3. Transfer Security
10.3.1. Transfer Security Modes10.3.1.1. None transfer security mode10.3.1.2. Transport security10.3.1.3. Message security10.3.1.4. Mixed transfer security10.3.1.5. Both transfer security10.3.2. Transfer Security Mode Configuration10.3.2.1. Specific bindings configuration10.3.3. Transport Security and Credentials10.3.4. Message Security and Credentials
10.4. Identity Management
10.5. Overall Policy
10.6. Scenario-Driven Approach
10.7. Intranet Application
10.7.1. Securing the Intranet Bindings10.7.1.1. Transport security protection level10.7.1.2. NetTcpBinding configuration10.7.1.3. NetNamedPipeBinding configuration10.7.1.4. NetMsmqBinding configuration10.7.2. Message Protection10.7.3. Authentication10.7.3.1. Providing alternative Windows credentials10.7.4. Identities10.7.4.1. The IIdentity interface10.7.4.2. Working with WindowsIdentity10.7.5. The Security Call Context10.7.6. Impersonation10.7.6.1. Manual impersonation10.7.6.2. Declarative impersonation10.7.6.3. Impersonating all operations10.7.6.4. Restricting impersonation10.7.6.5. Using impersonation10.7.7. Authorization10.7.7.1. Security principal10.7.7.2. Selecting authorization mode10.7.7.3. Declarative role-based security10.7.7.4. Programmatic role-based security10.7.8. Identity Management10.7.9. Callbacks
10.8. Internet Application
10.8.1. Securing the Internet Bindings10.8.1.1. WSHttpBinding configuration10.8.1.2. WSDualHttpBinding configuration10.8.2. Message Protection10.8.2.1. Configuring host certificate10.8.2.2. Using the host certificate10.8.2.3. Service certificate validation10.8.2.4. Working with a test certificate10.8.3. Authentication10.8.4. Using Windows Credentials10.8.4.1. Authorization10.8.4.2. Identity management10.8.5. Using the ASP.NET Providers10.8.5.1. The credentials providers10.8.5.2. Credentials administration10.8.5.3. Shortcomings of Visual Studio 200510.8.5.4. Credentials Manager10.8.5.5. Authentication10.8.5.6. Authorization10.8.5.7. Declarative role-based security10.8.6. Identity Management10.8.6.1. Impersonation10.8.7. Callbacks
10.9. Business-to-Business Application
10.9.1. Securing the Business-to-Business Bindings10.9.2. Authentication10.9.3. Authorization10.9.4. Identity Management10.9.4.1. Impersonation10.9.5. Callbacks10.9.6. Host Security Configuration
10.10. Anonymous Application
10.10.1. Securing the Anonymous Bindings10.10.2. Authentication10.10.3. Authorization10.10.4. Identity Management10.10.4.1. Impersonation10.10.5. Callbacks
10.11. No Security
10.11.1. Unsecuring the Bindings10.11.2. Authentication10.11.3. Authorization10.11.4. Identity Management10.11.4.1. Impersonation10.11.5. Callbacks
10.12. Scenarios Summary
10.13. Declarative Security Framework
10.13.1. The SecurityBehaviorAttribute10.13.1.1. Configuring intranet service10.13.1.2. Configuring Internet service10.13.1.3. Configuring business-to-business service10.13.1.4. Configuring Anonymous service10.13.1.5. Configuring No-Security service10.13.1.6. Implementing SecurityBehaviorAttribute10.13.2. Host and Declarative Security10.13.3. Client-Side Declarative Security10.13.3.1. Implementing SecurityHelper10.13.3.2. The SecureClientBase<T> class10.13.3.3. Secure channel factory10.13.3.4. Duplex client and declarative security10.13.3.5. The SecureDuplexChannelFactory<T,C> class
10.14. Security Auditing
10.14.1. Configuring Security Audits10.14.2. Declarative Security Audit
A. Introduction to Service-Orientation
A.1. A Brief History of Software Engineering
A.1.1. Object-OrientationA.1.2. Component-Orientation
A.2. Service-Orientation
A.2.1. Benefits of Service-OrientationA.2.2. Service-Oriented Applications
A.3. Tenets and Principles
A.3.1. Practical PrinciplesA.3.2. Optional Principles
B. Publish-Subscribe Service
B.1. The Publish-Subscribe Design Pattern
B.1.1. Subscriber Types
B.2. The Publish-Subscribe Framework
B.2.1. Managing Transient SubscriptionsB.2.2. Managing Persistent SubscribersB.2.3. Event PublishingB.2.4. Administering Persistent SubscribersB.2.5. Queued Publishers and SubscribersB.2.5.1. Queued publisherB.2.5.2. Queued subscriber
C. WCF Coding Standard
C.1. General Design Guidelines
C.2. Essentials
C.3. Service Contracts
C.4. Data Contracts
C.5. Instance Management
C.6. Operations and Calls
C.7. Faults
C.8. Transactions
C.9. Concurrency Management
C.10. Queued Services
C.11. Security
About the Author
Colophon
Copyright

Content preview from Programming WCF Services

Transfer Security

Both authentication and authorization deal with two local aspects of security—how (and to what extent) to grant access to the caller once the message was received by the service. In this respect WCF services are not much different from traditional client-server classes. But both authentication and authorization are predicated on secure delivery of the message itself. The transfer of the message from the client to the service has to be secure, and without it, both authentication and authorization are moot. Transfer security has three essential aspects to it, and all three aspects must be enforced to provide for secure services. Message integrity deals with how to ensure the message itself was not tampered with en route from the client to the service. A malicious party or intermediary could in practice intercept the message and modify its content; for example, providing wrong account numbers in case of a transfer operation in a banking service. Message privacy deals with ensuring the confidentiality of message, so that no third party can even read the content of the message. Privacy complements integrity. Without it, even if the malicious party does not tamper with the message, it can still cause harm by gleaning sensitive information such as account numbers from the message. Finally, transfer security must provide for mutual authentication; that is, ensuring the client that only the proper service is able to read the context of the message—in other words, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596526997Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills