book

Programming WCF Services, 2nd Edition

by Juval Lowy

November 2008

Intermediate to advanced

784 pages

23h 28m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Service Execution BoundariesWCF and location transparency
TCP AddressesHTTP AddressesIPC AddressesMSMQ AddressesPeer Network Addresses
The Service ContractApplying the ServiceContract attributeNames and namespaces
IIS 5/6 HostingUsing Visual Studio 2008The Web.Config fileSelf-HostingUsing Visual Studio 2008Self-hosting and base addressesAdvanced hosting featuresThe ServiceHost<T> classWAS HostingCustom Hosting in IIS/WAS
The Common BindingsFormat and encodingChoosing a BindingAdditional BindingsUsing a Binding
Administrative Endpoint ConfigurationUsing base addressesBinding configurationProgrammatic Endpoint ConfigurationBinding configuration
Enabling Metadata Exchange AdministrativelyEnabling Metadata Exchange ProgrammaticallyThe Metadata Exchange EndpointAdding MEX endpoints programmaticallyStreamlining with ServiceHost<T>The Metadata Explorer
Generating the ProxyGenerating the proxy using SvcUtilAdministrative Client ConfigurationBinding configurationGenerating the client config fileIn-proc configurationThe SvcConfigEditorWorking with the proxyClosing the proxyCall timeoutProgrammatic Client ConfigurationThe WCF-Provided Test Client
Host Architecture
The InProcFactory ClassImplementing InProcFactory<T>
Transport Session and BindingTransport Session Termination
Bindings, Reliability, and Ordered MessagesConfiguring ReliabilityRequiring Ordered Delivery
Client-Side Contract HierarchyRestoring the hierarchy on the client
Contract FactoringFactoring Metrics
Programmatic Metadata ProcessingThe MetadataResolver classThe MetadataHelper Class
.NET SerializationThe Serializable attributeThe NonSerialized attributeThe .NET formattersThe WCF FormattersData Contract via Serialization
Importing a Data ContractData Contracts and the Serializable AttributeInferred Data ContractsComposite Data ContractsData Contract EventsUsing the deserializing eventUsing the deserialized eventShared Data Contracts
Known TypesService Known TypesMultiple Known TypesConfiguring Known TypesObjects and Interfaces
Serialization Order
New MembersMissing MembersUsing the OnDeserializing eventRequired membersVersioning Round-TripSchema compatibility
Using Arrays Instead of TablesConverting legacy data tablesConverting new data tablesUsing LINQ to SQL
Concrete CollectionsCustom CollectionsThe CollectionDataContract AttributeReferencing a CollectionDictionaries
Benefits of Per-Call ServicesConfiguring Per-Call ServicesPer-Call Services and Transport SessionsDesigning Per-Call ServicesPer-call services and performanceCleanup operationsChoosing Per-Call Services
Configuring Private SessionsSessionMode.AllowedSessionMode.RequiredSessionMode.NotAllowedBindings, contracts, and service behaviorConsistent configurationSessions and ReliabilityThe Session IDSession Termination
Initializing a SingletonStreamlining with ServiceHost<T>Choosing a Singleton
Configuring with ReleaseInstanceMode.NoneConfiguring with ReleaseInstanceMode.BeforeCallConfiguring with ReleaseInstanceMode.AfterCallConfiguring with ReleaseInstanceMode.BeforeAndAfterCallExplicit DeactivationUsing Instance Deactivation
Durable Services and Instance Management ModesInitiating and terminatingInstance IDs and Durable StorageExplicit Instance IDsInstance IDs in HeadersContext Bindings for Instance IDsUsing the standard ID for context bindingAutomatic Durable BehaviorThe durable service behavior attributeThe durable operation behavior attributeProgrammatic instance managementPersistence providersCustom persistence providersThe SQL Server persistence provider
Configuring ThrottlingAdministrative throttlingProgrammatic throttlingStreamlining with ServiceHost<T>Reading throttle valuesThrottled Connections in the Binding
Configuring One-Way OperationsOne-Way Operations and ReliabilityOne-Way Operations and Sessionful ServicesOne-Way Operations and Exceptions
The Callback ContractClient Callback SetupDuplex proxiesService-Side Callback InvocationCallback reentrancyCallback Connection ManagementConnection management and instance modeThe Duplex Proxy and Type SafetyThe Duplex FactoryCallback Contract HierarchyCallbacks, Ports, and ChannelsAssigning a callback addressAssigning the callback address declaratively
I/O StreamsStreaming and BindingStreaming and TransportStream Management
Error MaskingChannel FaultingClosing the proxy and the using statementExceptions and instance management
Fault ContractsFault handlingFaults and channelsFault DebuggingIncluding exceptions declarativelyHost and exception diagnosticsException extractionFaults and CallbacksCallback debugging
Providing a FaultUsing ProvideFault( )Exception promotionHandling a FaultThe logbook serviceInstalling Error-Handling ExtensionsThe ErrorHandlerBehavior attributeThe Host and Error ExtensionsCallbacks and Error ExtensionsThe CallbackErrorHandlerBehavior attribute
Transactional ResourcesTransaction PropertiesThe atomic propertyThe consistent propertyThe isolated propertyThe durable propertyTransaction ManagementThe transaction management challengeDistributed transactionsThe two-phase commit protocolWCF Resource Managers
Transaction Flow and BindingsTransaction Flow and the Operation ContractTransactionFlowOption.NotAllowedTransactionFlowOption.AllowedTransactionFlowOption.MandatoryOne-Way Calls
Protocols and BindingsTransaction ManagersThe LTMThe KTMThe DTCTransaction Manager PromotionLTM promotionKTM promotionResources and promotion
The Ambient TransactionLocal Versus Distributed TransactionsThe local transaction identifierThe distributed transaction identifier
Setting the Ambient TransactionTransaction Propagation ModesClient/Service transaction modeRequiring transaction flowClient transaction modeService transaction modeNone transaction modeChoosing a service transaction modeVoting and CompletionDeclarative votingExplicit votingTerminating a transactionTransaction IsolationIsolation and transaction flowTransaction TimeoutTransaction flow and timeout
The TransactionScope ClassTransactionScope votingTransaction Flow ManagementVoting inside a nested scopeTransactionScopeOption.RequiredTransactionScopeOption.RequiresNewTransactionScopeOption.SuppressTransactionScope timeoutTransactionScope isolation levelNon-Service Clients
The Transaction Boundary
Per-Call Transactional ServicesThe transaction lifecyclePer-Session Transactional ServicesReleasing the service instanceDisabling releasing the service instanceState-aware per-session servicesStateful per-session servicesTransaction lifecycleConcurrent transactionsCompleting on session endTransactional affinityHybrid state managementTransactional Durable ServicesInstance ID managementTransactional BehaviorIn-proc transactionsTransactional Singleton ServiceStateful singleton serviceInstancing Modes and Transactions
Callback Transaction ModesIsolation and timeoutsCallback VotingUsing Transactional CallbacksOut-of-band transactional callbacksService transactional callbacks
ConcurrencyMode.SingleSynchronized access and transactionsConcurrencyMode.MultipleUnsynchronized access and transactionsConcurrencyMode.ReentrantDesigning for reentrancyReentrancy and transactionsCallbacks and reentrancy
Per-Call ServicesSessionful and Singleton Services
Deadlocked AccessDeadlock Avoidance
.NET Synchronization ContextsThe SynchronizationContext classWorking with the synchronization contextThe UI Synchronization ContextUI access and updatesSafe controls
Hosting on the UI ThreadAccessing the formMultiple UI threadsA Form As a ServiceThe FormHost<F> classThe UI Thread and Concurrency ManagementUI responsivenessThe UI thread and concurrency modes
The Thread Pool SynchronizerDeclaratively attaching a custom synchronization contextThread AffinityThe host-installed synchronization contextPriority Processing
Callbacks with ConcurrencyMode.SingleCallbacks with ConcurrencyMode.MultipleCallbacks with ConcurrencyMode.Reentrant
Callbacks and the UI Synchronization ContextUI thread callbacks and responsivenessUI thread callbacks and concurrency managementCallback Custom Synchronization ContextsCallback thread affinity
Requirements for an Asynchronous MechanismProxy-Based Asynchronous CallsAsynchronous InvocationThe IAsyncResult interfaceAsynchronous calls and transport sessionsPolling or Waiting for CompletionCompletion CallbacksCompletion callbacks and thread safetyPassing state informationCompletion callback synchronization contextOne-Way Asynchronous OperationsAsynchronous Error HandlingAsynchronous calls and timeoutsCleaning up after End<Operation>( )Asynchronous Calls and TransactionsSynchronous Versus Asynchronous Calls
Queued Calls ArchitectureQueued ContractsConfiguration and SetupWorkgroup installation and securityCreating the queueQueue purgingQueues, services, and endpointsExposing metadataWAS hosting
Delivery and PlaybackThe delivery transactionThe playback transactionService Transaction ConfigurationParticipating in the playback transactionIgnoring the playback transactionUsing a separate transactionNontransactional Queues
Per-Call Queued ServicesNontransactional clientsTransactional clientsPer-call processingSessionful Queued ServicesClients and transactionsServices and transactionsSingleton ServiceCalls and order
Throttling
The Dead-Letter QueueTime to LiveConfiguring the Dead-Letter QueueCustom DLQ verificationProcessing the Dead-Letter QueueDefining the DLQ serviceFailure propertiesImplementing a DLQ service
Poison MessagesPoison Message Handling in MSMQ 4.0Retry batchesReceiveErrorHandling.FaultReceiveErrorHandling.DropReceiveErrorHandling.RejectReceiveErrorHandling.MoveConfiguration samplePoison message servicePoison Message Handling in MSMQ 3.0
Requiring Queuing
Designing a Response Service ContractResponse address and method IDThe ResponseContext classClient-Side ProgrammingUsing ResponseClientBase<T>Queued Service-Side ProgrammingResponse Service-Side ProgrammingTransactionsUsing a new transactionResponse service and transactions
Designing the BridgeTransaction ConfigurationService-Side ConfigurationClient-Side Configuration
Transfer Security ModesNone transfer security modeTransport transfer security modeMessage transfer security modeMixed transfer security modeBoth transfer security modeTransfer Security Mode ConfigurationSpecific binding configurationsTransport Security and CredentialsMessage Security and Credentials
Securing the Intranet BindingsTransport security protection levelNetTcpBinding configurationNetNamedPipeBinding configurationNetMsmqBinding configurationConstraining Message ProtectionAuthenticationProviding alternative Windows credentialsIdentitiesThe IIdentity interfaceWorking with WindowsIdentityThe Security Call ContextImpersonationManual impersonationDeclarative impersonationImpersonating all operationsRestricting impersonationAvoiding impersonationAuthorizationThe security principalSelecting an authorization modeDeclarative role-based securityProgrammatic role-based securityIdentity ManagementCallbacks
Securing the Internet BindingsWSHttpBinding configurationWSDualHttpBinding configurationMessage ProtectionConfiguring the host certificateUsing the host certificateService certificate validationWorking with a test certificateAuthenticationUsing Windows CredentialsAuthorizationIdentity managementUsing the ASP.NET ProvidersThe credentials providersCredentials administrationShortcomings of Visual Studio 2008Credentials ManagerAuthenticationAuthorizationDeclarative role-based securityIdentity ManagementImpersonationCallbacks
Securing the Business-to-Business BindingsAuthenticationAuthorizationIdentity ManagementImpersonationCallbacksHost Security Configuration
Securing the Anonymous BindingsAuthenticationAuthorizationIdentity ManagementImpersonationCallbacks
Unsecuring the BindingsAuthenticationAuthorizationIdentity ManagementImpersonationCallbacks
The SecurityBehaviorAttributeConfiguring an intranet serviceConfiguring an Internet serviceConfiguring a business-to-business serviceConfiguring an anonymous serviceConfiguring a no-security serviceImplementing the SecurityBehavior attributeHost-Side Declarative SecurityClient-Side Declarative SecurityImplementing SecurityHelperThe SecureClientBase<T> classSecure channel factoryDuplex clients and declarative securityExtensions for the duplex factory
Configuring Security AuditsDeclarative Security Auditing
Object-OrientationComponent-OrientationOff-the-shelf plumbing
Benefits of Service-OrientationService-Oriented Applications
Practical PrinciplesOptional Principles
A Service-Oriented PlatformEvery class as a service
Client-Side Header InteractionService-Side Header InteractionEncapsulating the HeadersThe GenericContext<T> helper classStreamlining the ClientThe HeaderClientBase<T,H> proxy class
Client-Side Context Binding InteractionService-Side Context Binding InteractionStreamlining the ClientStreamlining the ServiceCreating a Custom Context BindingImplementing NetNamedPipeContextBinding
Subscriber Types
Managing Transient SubscriptionsManaging Persistent SubscribersEvent PublishingAdministering Persistent SubscribersSingleton subscriberQueued Publishers and SubscribersQueued publisherQueued subscriber
Client-Side DemandsSuppressing demands with PartialTrustClientBase<T>Raw WCF demands with PartialTrustClientBase<T>Structured demands with PartialTrustClientBase<T>Analyzing the demands of PartialTrustClientBase<T>.Invoke( )Implementing client-side structured demands
AppDomainHostImplementing AppDomainHost
Structured Host-Side Security DemandsImplementing structured host demandsAdditional aspects of AppDomainHost
The Generic InvokerInstalling the Interceptor
Security Call Stack Interceptor

Content preview from Programming WCF Services, 2nd Edition

Identity Stack Propagation

The second example of using the generic interceptor is about security identity propagation. As explained in Chapter 10, impersonation as a mechanism for identity propagation has many liabilities. Still, sometimes your service is required to pass the identity of the original caller (or all callers) down to the resources or other services with which it interacts. Instead of impersonating the callers or passing their identities as explicit parameters, you can pass the identities out-of-band, in the message headers, and use the generic interceptor to automate processing of those identities.

The first step is to define the stack of callers. To that end, I defined the SecurityCallFrame, which represents a single caller identity as well as some additional information about the caller, such as its address and the operation it invoked:

[DataContract]
public class SecurityCallFrame
{
   [DataMember(IsRequired = true)]
   public string Authentication
   {get;}

   [DataMember(IsRequired = true)]
   public string IdentityName
   {get;}

   [DataMember(IsRequired = true)]
   public string Address
   {get;}

   [DataMember(IsRequired = true)]
   public string Operation
   {get;}

   //More members
}

Next, I defined the security call stack:

[DataContract]
public class SecurityCallStack
{
   internal void AppendCall(  );

   public SecurityCallFrame OriginalCall
   {get;}

   public int Count
   {get;}

   public SecurityCallFrame[] Calls
   {get;}

   //More members
}

The implementation details of these types are irrelevant for this appendix. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9780596157210Supplemental Content Errata

Programming WCF Services, 2nd Edition

by Juval Lowy

Identity Stack Propagation

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Programming WCF Services

Programming WCF Services, 3rd Edition

Pro WCF 4: Practical Microsoft SOA Implementation, Second Edition

Professional WCF Programming: .NET Development with the Windows® Communication Foundation

Publisher Resources