book

Programming WCF Services

by Juval Lowy

February 2007

Intermediate to advanced

634 pages

16h 1m

English

O'Reilly Media, Inc.

Read now

Unlock full access

1.2.1. Services’ Execution Boundaries1.2.1.1. WCF and location transparency
1.3.1. TCP Addresses1.3.2. HTTP Addresses1.3.3. IPC Addresses1.3.4. MSMQ Addresses1.3.5. Peer Network Address
1.4.1. The Service Contract1.4.1.1. Applying the ServiceContract attribute1.4.1.2. Names and namespaces
1.5.1. IIS Hosting1.5.1.1. Using Visual Studio 20051.5.1.2. The Web.Config file1.5.2. Self-Hosting1.5.2.1. Using Visual Studio 20051.5.2.2. Self-hosting and base addresses1.5.2.3. Advanced hosting features1.5.2.4. The ServiceHost<T> class1.5.3. WAS Hosting
1.6.1. The Standard Bindings1.6.2. Format and Encoding1.6.3. Choosing a Binding1.6.4. Using a Binding
1.7.1. Administrative Endpoint Configuration1.7.1.1. Using base addresses1.7.1.2. Binding configuration1.7.2. Programmatic Endpoint Configuration1.7.2.1. Binding configuration
1.8.1. Enabling Metadata Exchange Programmatically1.8.2. The Metadata Exchange Endpoint1.8.2.1. Adding MEX endpoints programmatically1.8.2.2. Streamlining with ServiceHost<T>1.8.3. The Metadata Explorer
1.9.1. Generating the Proxy1.9.2. Administrative Client Configuration1.9.2.1. Binding configuration1.9.2.2. Generating the client config file1.9.2.3. In-proc configuration1.9.2.4. The SvcConfigEditor1.9.3. Creating and Using the Proxy1.9.3.1. Closing the proxy1.9.3.2. Call timeout1.9.4. Programmatic Client Configuration
1.11.1. Host Architecture
1.12.1. The InProcFactory Class1.12.1.1. Implementing InProcFactory<T>
1.13.1. Binding and Reliability1.13.2. Ordered Messages1.13.3. Configuring Reliability1.13.4. Requiring Ordered Delivery
2.2.1. Client-Side Contract Hierarchy2.2.1.1. Restoring the hierarchy on the client
2.3.1. Contract Factoring2.3.2. Factoring Metrics
2.4.1. Programmatic Metadata Processing2.4.2. The MetadataHelper Class
3.1.1. .NET Serialization3.1.1.1. The Serializable attribute3.1.1.2. The .NET formatters3.1.2. The WCF Formatters3.1.3. Data Contract via Serialization
3.2.1. Importing a Data Contract3.2.2. Data Contract and the Serializable Attribute3.2.3. Composite Data Contracts3.2.4. Data Contract Events3.2.4.1. Using the deserializing event3.2.4.2. Using the deserialized event
3.3.1. Known Types3.3.2. Service Known Types3.3.3. Multiple Known Types3.3.4. Configuring Known Types3.3.5. Object and Interfaces
3.4.1. Serialization Order
3.5.1. New Members3.5.2. Missing Members3.5.2.1. Using the OnDeserializing event3.5.2.2. Required members3.5.3. Versioning Round-Trip3.5.3.1. Schema compatibility
3.8.1. Arrays Instead of Tables
3.10.1. Concrete Collections3.10.2. Custom Collections3.10.3. Collection Data Contract3.10.4. Referencing the Collection3.10.5. Client-Side Collection3.10.6. C# Iterators3.10.7. Dictionaries
4.2.1. Benefits of Per-Call Services4.2.2. Configuring Per-Call Services4.2.3. Designing Per-Call Services4.2.3.1. Per-call and performance4.2.3.2. Cleanup operations4.2.4. Choosing Per-Call Services
4.3.1. Configuring Private Sessions4.3.1.1. SessionMode.Allowed4.3.1.2. SessionMode.Required4.3.1.3. SessionMode.NotAllowed4.3.1.4. Binding, contract, and service behavior4.3.1.5. Consistent configuration4.3.2. Sessions and Reliability4.3.3. Session ID4.3.4. Session Termination
4.4.1. Initializing a Singleton4.4.1.1. Streamlining with ServiceHost<T>4.4.2. Choosing a Singleton
4.6.1. Configuring with ReleaseInstanceMode.None4.6.2. Configuring with ReleaseInstanceMode.BeforeCall4.6.3. Configuring with ReleaseInstanceMode.AfterCall4.6.4. Configuring with ReleaseInstanceMode.BeforeAndAfterCall4.6.5. Explicit Deactivation4.6.6. Using Instance Deactivation
4.7.1. Configuring Throttling4.7.1.1. Administrative throttling4.7.1.2. Programmatic throttling4.7.1.3. Streamlining with ServiceHost<T>4.7.1.4. Reading throttled values4.7.2. Throttled Connections in the Binding
5.2.1. Configuring One-Way Operations5.2.2. One-Way Operations and Reliability5.2.3. One-Way Operations and Sessionful Services5.2.4. One-Way Operations and Exceptions5.2.4.1. Per-call services and one-way exceptions5.2.4.2. Sessionful services and one-way exceptions
5.3.1. Callback Contract5.3.2. Client Callback Setup5.3.2.1. Duplex proxy5.3.3. Service-Side Callback Invocation5.3.3.1. Callback reentrancy5.3.4. Callback Connection Management5.3.4.1. Connection management and instance mode5.3.5. Duplex Proxy and Type Safety5.3.6. Duplex Factory5.3.7. Callback Contract Hierarchy5.3.8. Callback, Ports, and Channels5.3.8.1. Assigning a callback address5.3.8.2. Assigning callback address declaratively
5.5.1. I/O Streams5.5.2. Streaming and Binding5.5.3. Streaming and Transport5.5.4. Stream Management
6.1.1. Exceptions and Instance Management6.1.1.1. Per-call service and exceptions6.1.1.2. Sessionful service and exceptions6.1.1.3. Singleton service and exceptions6.1.2. Faults
6.2.1. Fault Handling6.2.2. Unknown Faults6.2.3. Fault Debugging6.2.3.1. Declarative exceptions inclusion6.2.3.2. Host and exceptions diagnostics6.2.4. Faults and Callbacks6.2.4.1. Callbacks debugging
6.3.1. Providing a Fault6.3.1.1. Using ProvideFault( )6.3.1.2. Exception promotion6.3.2. Handling a Fault6.3.2.1. The Logbook service6.3.3. Installing Error-Handling Extensions6.3.3.1. Error-Handling attribute6.3.4. Host and Error Extensions6.3.5. Callbacks and Error Extensions6.3.5.1. Callback error-handling attribute
7.2.1. Transactional Resources7.2.2. Transaction Properties7.2.2.1. The Atomic property7.2.2.2. The Consistent property7.2.2.3. The Isolated property7.2.2.4. The Durable property7.2.3. Transaction Management7.2.3.1. The transaction management challenge7.2.3.2. Distributed transactions7.2.3.3. The two-phase commit protocol7.2.4. WCF Resource Managers
7.3.1. Transaction Flow and Binding7.3.2. Transaction Flow and Operation Contract7.3.2.1. TransactionFlowOption.NotAllowed7.3.2.2. TransactionFlowOption.Allowed7.3.2.3. TransactionFlowOption.Mandatory7.3.3. One-Way Calls
7.4.1. Protocols and Bindings7.4.2. Transaction Managers7.4.2.1. The LTM7.4.2.2. The KTM7.4.2.3. The DTC7.4.3. Transaction Manager Promotion7.4.3.1. LTM promotion7.4.3.2. KTM promotion7.4.3.3. Resources and promotion
7.5.1. The Ambient Transaction7.5.2. Local Versus Distributed Transaction7.5.2.1. Local transaction identifier7.5.2.2. Distributed transaction identifier
7.6.1. Ambient Transaction Setting7.6.2. Transaction Propagation Modes7.6.2.1. Client/Service transaction7.6.2.2. Requiring transaction flow7.6.2.3. Client transaction7.6.2.4. Service transaction7.6.2.5. None transaction7.6.2.6. Choosing a service transaction mode7.6.3. Voting and Completion7.6.3.1. Declarative voting7.6.3.2. Explicit voting7.6.3.3. Terminating a transaction7.6.4. Transaction Isolation7.6.4.1. Isolation and transaction flow7.6.5. Transaction Timeout7.6.5.1. Transaction flow and timeout
7.7.1. The TransactionScope Class7.7.1.1. TransactionScope voting7.7.2. Transaction Flow Management7.7.2.1. Voting inside a nested scope7.7.2.2. TransactionScopeOption.Required7.7.2.3. TransactionScopeOption.RequiresNew7.7.2.4. TransactionScopeOption.Suppress7.7.2.5. TransactionScope timeout7.7.2.6. TransactionScope isolation level7.7.3. Nonservice Clients
7.8.1. Transaction Boundary7.8.2. State Identifier
7.9.1. Per-Call Transactional Service7.9.1.1. Transaction life cycle7.9.2. Per-Session Transactional Service7.9.2.1. Releasing service instance7.9.2.2. Disabling releasing the service instance7.9.2.3. State-aware per-session service7.9.2.4. Stateful per-session service7.9.2.5. Transaction life cycle7.9.2.6. Concurrent transactions7.9.2.7. Completing on session end7.9.2.8. Transactional affinity7.9.2.9. Hybrid state management7.9.2.10. Choosing per-session transactional service7.9.3. Transactional Singleton7.9.3.1. Stateful singleton7.9.4. Instancing Modes and Transactions
7.10.1. Callback Transaction Modes7.10.1.1. Isolation and timeouts7.10.2. Callback Voting7.10.3. Using Transactional Callbacks7.10.3.1. Out-of-band transactional callbacks7.10.3.2. Service transactional callback
8.2.1. ConcurrencyMode.Single8.2.1.1. Synchronized access and transactions8.2.2. ConcurrencyMode.Multiple8.2.2.1. Unsynchronized access and transactions8.2.3. ConcurrencyMode.Reentrant8.2.3.1. Designing for reentrancy8.2.3.2. Reentrancy and transactions8.2.3.3. Callbacks and reentrancy
8.3.1. Per-Call Services8.3.2. Sessionful and Singleton Services
8.4.1. Deadlocked Access8.4.2. Deadlocked Avoidance
8.5.1. .NET 2.0 Synchronization Contexts8.5.1.1. The SynchronizationContext class8.5.1.2. Working with the synchronization context8.5.2. UI Synchronization Context8.5.2.1. UI access and updates8.5.2.2. Safe controls
8.6.1. Hosting on the UI Thread8.6.1.1. Accessing the form8.6.1.2. Multiple UI threads8.6.2. Form As a Service8.6.2.1. The FormHost<F> class8.6.3. UI Thread and Concurrency Management8.6.3.1. UI responsiveness8.6.3.2. UI thread and concurrency modes
8.7.1. Thread-Affinity Services8.7.2. Installing a Service Synchronization Context8.7.2.1. The ThreadAffinityBehavior attribute
8.8.1. Callbacks with ConcurrencyMode.Single8.8.2. Callbacks with ConcurrencyMode.Multiple8.8.3. Callbacks with ConcurrencyMode.Reentrant
8.9.1. Callbacks and UI Synchronization Context8.9.1.1. UI thread callbacks and responsiveness8.9.1.2. UI thread callbacks and concurrency management8.9.2. Callback Custom Synchronization Context8.9.2.1. The CallbackThreadAffinityBehaviorAttribute
8.10.1. Requirements for an Asynchronous Mechanism8.10.2. Proxy-Based Asynchronous Calls8.10.3. Asynchronous Invocation8.10.3.1. The IAsyncResult interface8.10.4. Polling or Waiting for Completion8.10.5. Completion Callbacks8.10.5.1. Completion callback and thread safety8.10.5.2. Passing state information8.10.5.3. Completion callback synchronization context8.10.6. One-Way Asynchronous Operations8.10.7. Asynchronous Error Handling8.10.8. Cleaning Up After End<Operation>8.10.9. Asynchronous Calls and Transactions8.10.10. Synchronous Versus Asynchronous Calls
9.2.1. Queued Calls Architecture9.2.2. Queued Contracts9.2.3. Configuration and Setup9.2.3.1. Workgroup installation and security9.2.3.2. Creating the queue9.2.3.3. Queue purging9.2.3.4. Queues, services, and endpoints9.2.3.5. Exposing metadata
9.3.1. Delivery and Playback9.3.1.1. Delivery transaction9.3.1.2. Playback transaction9.3.2. Service Transaction Configuration9.3.2.1. Participating in playback transaction9.3.2.2. Ignoring the playback transaction9.3.2.3. Using a separate transaction9.3.3. Nondurable Queues
9.4.1. Per-Call Queued Services9.4.1.1. Nontransactional clients9.4.1.2. Transactional clients9.4.1.3. Per-call processing9.4.2. Sessionful Queued Services9.4.2.1. Clients and transactions9.4.2.2. Services and transactions9.4.3. Singleton Service9.4.3.1. Calls and order
9.5.1. Throttling
9.6.1. The Dead-Letter Queue9.6.2. Time to Live9.6.3. Configuring the Dead-Letter Queue9.6.3.1. Custom DLQ verification9.6.4. Processing the Dead-Letter Queue9.6.4.1. Defining the DLQ service9.6.4.2. Failure properties9.6.4.3. Implementing a DLQ service
9.7.1. Poison Messages9.7.2. Poison Messages Handling in MSMQ 4.09.7.2.1. Retry batches9.7.2.2. ReceiveErrorHandling.Fault9.7.2.3. ReceiveErrorHandling.Drop9.7.2.4. ReceiveErrorHandling.Reject9.7.2.5. ReceiveErrorHandling.Move9.7.2.6. Configuration sample9.7.2.7. Poison message service9.7.3. Poison Message Handling on MSMQ 3.0
9.8.1. Requiring Queuing
9.9.1. Designing a Response Service Contract9.9.1.1. Response address and method ID9.9.1.2. Using message headers9.9.1.3. The ResponseContext class9.9.2. Client-Side Programming9.9.3. Service-Side Programming9.9.4. Response Service-Side Programming9.9.5. Streamlining the Response Service9.9.5.1. Streamlining the client9.9.5.2. Streamlining the queued service9.9.5.3. Streamlining the response service-side9.9.6. Transactions9.9.6.1. Using a new transaction9.9.6.2. Response service and transactions
9.10.1. Designing the Bridge9.10.2. Transaction Configuration9.10.3. Service-Side Configuration9.10.4. Client-Side Configuration
10.3.1. Transfer Security Modes10.3.1.1. None transfer security mode10.3.1.2. Transport security10.3.1.3. Message security10.3.1.4. Mixed transfer security10.3.1.5. Both transfer security10.3.2. Transfer Security Mode Configuration10.3.2.1. Specific bindings configuration10.3.3. Transport Security and Credentials10.3.4. Message Security and Credentials
10.7.1. Securing the Intranet Bindings10.7.1.1. Transport security protection level10.7.1.2. NetTcpBinding configuration10.7.1.3. NetNamedPipeBinding configuration10.7.1.4. NetMsmqBinding configuration10.7.2. Message Protection10.7.3. Authentication10.7.3.1. Providing alternative Windows credentials10.7.4. Identities10.7.4.1. The IIdentity interface10.7.4.2. Working with WindowsIdentity10.7.5. The Security Call Context10.7.6. Impersonation10.7.6.1. Manual impersonation10.7.6.2. Declarative impersonation10.7.6.3. Impersonating all operations10.7.6.4. Restricting impersonation10.7.6.5. Using impersonation10.7.7. Authorization10.7.7.1. Security principal10.7.7.2. Selecting authorization mode10.7.7.3. Declarative role-based security10.7.7.4. Programmatic role-based security10.7.8. Identity Management10.7.9. Callbacks
10.8.1. Securing the Internet Bindings10.8.1.1. WSHttpBinding configuration10.8.1.2. WSDualHttpBinding configuration10.8.2. Message Protection10.8.2.1. Configuring host certificate10.8.2.2. Using the host certificate10.8.2.3. Service certificate validation10.8.2.4. Working with a test certificate10.8.3. Authentication10.8.4. Using Windows Credentials10.8.4.1. Authorization10.8.4.2. Identity management10.8.5. Using the ASP.NET Providers10.8.5.1. The credentials providers10.8.5.2. Credentials administration10.8.5.3. Shortcomings of Visual Studio 200510.8.5.4. Credentials Manager10.8.5.5. Authentication10.8.5.6. Authorization10.8.5.7. Declarative role-based security10.8.6. Identity Management10.8.6.1. Impersonation10.8.7. Callbacks
10.9.1. Securing the Business-to-Business Bindings10.9.2. Authentication10.9.3. Authorization10.9.4. Identity Management10.9.4.1. Impersonation10.9.5. Callbacks10.9.6. Host Security Configuration
10.10.1. Securing the Anonymous Bindings10.10.2. Authentication10.10.3. Authorization10.10.4. Identity Management10.10.4.1. Impersonation10.10.5. Callbacks
10.11.1. Unsecuring the Bindings10.11.2. Authentication10.11.3. Authorization10.11.4. Identity Management10.11.4.1. Impersonation10.11.5. Callbacks
10.13.1. The SecurityBehaviorAttribute10.13.1.1. Configuring intranet service10.13.1.2. Configuring Internet service10.13.1.3. Configuring business-to-business service10.13.1.4. Configuring Anonymous service10.13.1.5. Configuring No-Security service10.13.1.6. Implementing SecurityBehaviorAttribute10.13.2. Host and Declarative Security10.13.3. Client-Side Declarative Security10.13.3.1. Implementing SecurityHelper10.13.3.2. The SecureClientBase<T> class10.13.3.3. Secure channel factory10.13.3.4. Duplex client and declarative security10.13.3.5. The SecureDuplexChannelFactory<T,C> class
10.14.1. Configuring Security Audits10.14.2. Declarative Security Audit
A.1.1. Object-OrientationA.1.2. Component-Orientation
A.2.1. Benefits of Service-OrientationA.2.2. Service-Oriented Applications
A.3.1. Practical PrinciplesA.3.2. Optional Principles
B.1.1. Subscriber Types
B.2.1. Managing Transient SubscriptionsB.2.2. Managing Persistent SubscribersB.2.3. Event PublishingB.2.4. Administering Persistent SubscribersB.2.5. Queued Publishers and SubscribersB.2.5.1. Queued publisherB.2.5.2. Queued subscriber

Content preview from Programming WCF Services

Transfer Security

Both authentication and authorization deal with two local aspects of security—how (and to what extent) to grant access to the caller once the message was received by the service. In this respect WCF services are not much different from traditional client-server classes. But both authentication and authorization are predicated on secure delivery of the message itself. The transfer of the message from the client to the service has to be secure, and without it, both authentication and authorization are moot. Transfer security has three essential aspects to it, and all three aspects must be enforced to provide for secure services. Message integrity deals with how to ensure the message itself was not tampered with en route from the client to the service. A malicious party or intermediary could in practice intercept the message and modify its content; for example, providing wrong account numbers in case of a transfer operation in a banking service. Message privacy deals with ensuring the confidentiality of message, so that no third party can even read the content of the message. Privacy complements integrity. Without it, even if the malicious party does not tamper with the message, it can still cause harm by gleaning sensitive information such as account numbers from the message. Finally, transfer security must provide for mutual authentication; that is, ensuring the client that only the proper service is able to read the context of the message—in other words, ...