book

Programming WCF Services, 3rd Edition

by Juval Lowy

August 2010

Intermediate to advanced

908 pages

26h 22m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Service Execution BoundariesWCF and Location Transparency
TCP AddressesHTTP AddressesIPC AddressesMSMQ AddressesService Bus Addresses
The Service ContractApplying the ServiceContract attributeNames and namespaces
IIS 5/6 HostingUsing Visual Studio 2010The Web.Config fileSelf-HostingUsing Visual Studio 2010Self-hosting and base addressesAdvanced hosting featuresThe ServiceHost<T> classWAS HostingCustom Hosting in IIS/WASWindows Server AppFabricChoosing a Host
The Common BindingsFormat and encodingChoosing a BindingAdditional BindingsUsing a Binding
Administrative Endpoint ConfigurationUsing base addressesBinding configurationDefault bindingProgrammatic Endpoint ConfigurationBinding configurationDefault EndpointsProtocol mapping
Metadata over HTTP-GETEnabling metadata exchange administrativelyEnabling metadata exchange programmaticallyThe Metadata Exchange EndpointStandard endpointsAdding MEX endpoints programmaticallyStreamlining with ServiceHost<T>The Metadata Explorer
Generating the ProxyGenerating the proxy using SvcUtilAdministrative Client ConfigurationBinding configurationGenerating the client config fileIn-proc configurationThe SvcConfigEditorWorking with the proxyClosing the proxyCall timeoutProgrammatic Client ConfigurationThe WCF-Provided Test Client
Host Architecture
The InProcFactory ClassImplementing InProcFactory<T>The WcfWrapper
Transport Session and BindingTransport Session Termination
Bindings, Reliability, and Ordered MessagesConfiguring ReliabilityRequiring Ordered Delivery
Client-Side Contract HierarchyRestoring the hierarchy on the client
Contract FactoringFactoring Metrics
Programmatic Metadata ProcessingThe MetadataResolver classThe MetadataHelper Class
.NET SerializationThe Serializable attributeThe NonSerialized attributeThe .NET formattersThe WCF FormattersData Contract via Serialization
Importing a Data ContractData Contracts and the Serializable AttributeInferred Data ContractsComposite Data ContractsData Contract EventsUsing the deserializing eventUsing the deserialized eventShared Data Contracts
Known TypesService Known TypesMultiple Known TypesConfiguring Known TypesData Contract ResolversInstalling the data contract resolverThe generic resolverInstalling the generic resolverGenericResolver and ServiceHost<T>Generic resolver attributeObjects and Interfaces
Serialization Order
New MembersMissing MembersUsing the OnDeserializing eventRequired membersVersioning Round-TripSchema compatibility
Concrete CollectionsCustom CollectionsThe CollectionDataContract AttributeReferencing a CollectionDictionaries
Benefits of Per-Call ServicesConfiguring Per-Call ServicesPer-Call Services and Transport SessionsDesigning Per-Call ServicesPer-call services and performanceCleanup operationsChoosing Per-Call Services
Configuring Private SessionsSessionMode.AllowedSessionMode.RequiredSessionMode.NotAllowedBindings, contracts, and service behaviorConsistent configurationSessions and ReliabilityThe Session IDSession Termination
Initializing a SingletonStreamlining with ServiceHost<T>Choosing a Singleton
Configuring with ReleaseInstanceMode.NoneConfiguring with ReleaseInstanceMode.BeforeCallConfiguring with ReleaseInstanceMode.AfterCallConfiguring with ReleaseInstanceMode.BeforeAndAfterCallExplicit DeactivationUsing Instance Deactivation
Durable Services and Instance Management ModesInitiating and terminatingInstance IDs and Durable StorageExplicit Instance IDsInstance IDs in HeadersContext Bindings for Instance IDsUsing the standard ID for context bindingAutomatic Durable BehaviorThe durable service behavior attributeThe durable operation behavior attributeProgrammatic instance managementPersistence providersCustom persistence providersThe SQL Server persistence provider
Configuring ThrottlingAdministrative throttlingProgrammatic throttlingStreamlining with ServiceHost<T>Reading throttle values
Configuring One-Way OperationsOne-Way Operations and ReliabilityOne-Way Operations and Sessionful ServicesOne-Way Operations and Exceptions
The Callback ContractClient Callback SetupDuplex proxiesService-Side Callback InvocationCallback reentrancyCallback Connection ManagementConnection management and instance modeThe Duplex Proxy and Type SafetyThe Duplex FactoryCallback Contract Hierarchy
I/O StreamsStreaming and BindingStreaming and Transport
Error MaskingChannel FaultingClosing the proxy and the using statementExceptions and instance management
Fault ContractsFault handlingFaults and channelsFault DebuggingIncluding exceptions declarativelyHost and exception diagnosticsException extractionFaults and CallbacksCallback debugging
Providing a FaultUsing ProvideFault()Exception promotionHandling a FaultThe logbook serviceInstalling Error-Handling ExtensionsThe ErrorHandlerBehaviorThe Host and Error ExtensionsCallbacks and Error ExtensionsThe CallbackErrorHandlerBehavior attribute
Transactional ResourcesTransaction PropertiesThe atomic propertyThe consistent propertyThe isolated propertyThe durable propertyTransaction ManagementThe transaction management challengeDistributed transactionsThe two-phase commit protocolResource Managers
Transaction Flow and BindingsTransaction Flow and the Operation ContractTransactionFlowOption.NotAllowedTransactionFlowOption.AllowedTransactionFlowOption.MandatoryOne-Way Calls
Protocols and BindingsTransaction ManagersThe LTMThe KTMThe DTCTransaction Manager PromotionLTM promotionKTM promotionResources and promotion
The Ambient TransactionLocal Versus Distributed TransactionsThe local transaction identifierThe distributed transaction identifier
Setting the Ambient TransactionTransaction Propagation ModesClient/Service transaction modeRequiring transaction flowClient transaction modeService transaction modeNone transaction modeChoosing a service transaction modeVoting and CompletionDeclarative votingExplicit votingTerminating a transactionTransaction IsolationIsolation and transaction flowTransaction TimeoutTransaction flow and timeout
The TransactionScope ClassTransactionScope votingTransaction Flow ManagementVoting inside a nested scopeTransactionScopeOption.RequiredTransactionScopeOption.RequiresNewTransactionScopeOption.SuppressTransactionScope timeoutTransactionScope isolation levelNon-Service Clients
The Transaction Boundary
Per-Call Transactional ServicesThe transaction lifecyclePer-Session Transactional ServicesReleasing the service instanceDisabling releasing the service instanceState-aware per-session servicesStateful per-session servicesTransaction lifecycleConcurrent transactionsCompleting on session endTransactional affinityHybrid state managementTransactional Durable ServicesInstance ID managementTransactional BehaviorIn-proc transactionsTransactional Singleton ServiceStateful singleton serviceInstancing Modes and Transactions
Callback Transaction ModesIsolation and timeoutsCallback VotingUsing Transactional CallbacksOut-of-band transactional callbacksService transactional callbacks
ConcurrencyMode.SingleSynchronized access and transactionsConcurrencyMode.MultipleUnsynchronized access and transactionsConcurrencyMode.ReentrantDesigning for reentrancyReentrancy and transactionsCallbacks and reentrancy
Per-Call ServicesSessionful and Singleton Services
Deadlocked AccessDeadlock Avoidance
.NET Synchronization ContextsThe SynchronizationContext classWorking with the synchronization contextThe UI Synchronization ContextUI access and updatesSafe controls
Hosting on the UI ThreadAccessing the formMultiple UI threadsA Form as a ServiceThe FormHost<F> classThe UI Thread and Concurrency ManagementUI responsivenessThe UI thread and concurrency modes
The Thread Pool SynchronizerDeclaratively attaching a custom synchronization contextThread AffinityThe host-installed synchronization contextPriority Processing
Callbacks with ConcurrencyMode.SingleCallbacks with ConcurrencyMode.MultipleCallbacks with ConcurrencyMode.Reentrant
Callbacks and the UI Synchronization ContextUI thread callbacks and responsivenessUI thread callbacks and concurrency managementCallback Custom Synchronization ContextsCallback thread affinity
Requirements for an Asynchronous MechanismProxy-Based Asynchronous CallsAsynchronous InvocationThe IAsyncResult interfaceAsynchronous calls and transport sessionsPolling or Waiting for CompletionCompletion CallbacksCompletion callbacks and thread safetyPassing state informationCompletion callback synchronization contextOne-Way Asynchronous OperationsAsynchronous Error HandlingAsynchronous calls and timeoutsCleaning up after End<Operation>()Asynchronous Calls and TransactionsSynchronous Versus Asynchronous Calls
Queued Calls ArchitectureQueued ContractsConfiguration and SetupWorkgroup installation and securityCreating the queueQueue purgingQueues, services, and endpointsExposing metadataWAS hosting
Delivery and PlaybackThe delivery transactionThe playback transactionService Transaction ConfigurationParticipating in the playback transactionIgnoring the playback transactionUsing a separate transactionNontransactional Queues
Per-Call Queued ServicesNontransactional clientsTransactional clientsPer-call processingSessionful Queued ServicesClients and transactionsServices and transactionsSingleton ServiceCalls and order
Throttling
The Dead-Letter QueueTime to LiveConfiguring the Dead-Letter QueueCustom DLQ verificationProcessing the Dead-Letter QueueDefining the DLQ serviceFailure propertiesImplementing a DLQ service
Poison MessagesPoison Message Handling in MSMQ 4.0Retry batchesReceiveErrorHandling.FaultReceiveErrorHandling.DropReceiveErrorHandling.RejectReceiveErrorHandling.MoveConfiguration samplePoison message servicePoison Message Handling in MSMQ 3.0
Requiring Queuing
Designing a Response Service ContractResponse address and method IDThe ResponseContext classClient-Side ProgrammingUsing ClientResponseBase<T>Queued Service-Side ProgrammingResponse Service-Side ProgrammingTransactionsUsing a new transactionResponse service and transactions
Designing the BridgeTransaction ConfigurationService-Side ConfigurationClient-Side Configuration
Transfer Security ModesNone transfer security modeTransport transfer security modeMessage transfer security modeMixed transfer security modeBoth transfer security modeTransfer Security Mode ConfigurationSpecific binding configurationsTransport Security and CredentialsMessage Security and Credentials
Securing the Intranet BindingsTransport security protection levelNetTcpBinding configurationNetNamedPipeBinding configurationNetMsmqBinding configurationConstraining Message ProtectionAuthenticationProviding alternative Windows credentialsIdentitiesThe IIdentity interfaceWorking with WindowsIdentityThe Security Call ContextImpersonationManual impersonationDeclarative impersonationImpersonating all operationsRestricting impersonationAvoiding impersonationAuthorizationThe security principalSelecting an authorization modeDeclarative role-based securityProgrammatic role-based securityIdentity ManagementCallbacks
Securing the Internet BindingsWSHttpBinding configurationMessage ProtectionConfiguring the host certificateUsing the host certificateService certificate validationWorking with a test certificateAuthenticationUsing Windows CredentialsAuthorizationIdentity managementUsing the ASP.NET ProvidersThe credentials providersCredentials administrationShortcomings of Visual Studio 2010Credentials ManagerAuthenticationAuthorizationDeclarative role-based securityIdentity ManagementImpersonation
Securing the Business-to-Business BindingsAuthenticationAuthorizationIdentity ManagementImpersonationHost Security Configuration
Securing the Anonymous BindingsAuthenticationAuthorizationIdentity ManagementImpersonationCallbacks
Unsecuring the BindingsAuthenticationAuthorizationIdentity ManagementImpersonationCallbacks
The SecurityBehaviorAttributeConfiguring an intranet serviceConfiguring an Internet serviceConfiguring a business-to-business serviceConfiguring an anonymous serviceConfiguring a no-security serviceImplementing the SecurityBehavior attributeHost-Side Declarative SecurityClient-Side Declarative SecurityImplementing SecurityHelperThe SecureClientBase<T> classSecure channel factoryDuplex clients and declarative securityExtensions for the duplex factory
Configuring Security AuditsDeclarative Security Auditing
The Windows Azure AppFabric Service Bus
Relay Service AddressExtracting the service namespaceThe Service Bus RegistryThe Service Bus Explorer
The TCP Relay BindingAdding default endpointsConnection modesTCP relayed modeTCP hybrid modeDuplex callbacksThe WS 2007 Relay BindingThe One-Way Relay BindingFire-and-forget semanticsThe Event Relay BindingEvents publishing
Buffers Versus QueuesWorking with BuffersThe buffer policyAdministering the bufferStreamlining administrationSending and Retrieving MessagesBuffered ServicesBuffered service hostBuffered client baseResponse ServiceClient sideService sideResponse service
Configuring AuthenticationShared Secret AuthenticationProviding the credentials on the host sideProviding the credentials on the client sideProviding credentials in config fileNo AuthenticationMetadata over the Service BusClient-side metadata processing
Transport SecurityMessage SecurityMessage security and credentialsTCP Relay Binding and Transfer SecurityAnonymous Message securityMessage security with credentialsMixed securityWS Relay Binding and Transfer SecurityMessage security and Mixed securityOne-Way Relay Binding and Transfer SecurityAnonymous callsBindings and Transfer ModesStreamlining Transfer SecurityDeclarative service securityStreamlining the client
Object OrientationComponent OrientationOff-the-shelf plumbing
Benefits of Service OrientationService-Oriented Applications
Practical PrinciplesOptional Principles
A Service-Oriented PlatformEvery class as a service
Client-Side Header InteractionService-Side Header InteractionEncapsulating the HeadersThe GenericContext<T> helper classStreamlining the ClientThe HeaderClientBase<T,H> proxy class
Client-Side Context Binding InteractionService-Side Context Binding InteractionStreamlining the ClientStreamlining the ServiceCreating a Custom Context BindingImplementing NetNamedPipeContextBinding
Service ConfigurationDynamic endpoint addressesEnabling discoveryClient-Side StepsScopesAssigning scopesUsing scopesStreamlining DiscoveryDiscovery cardinalitySingle endpointBinding discoveryDiscovery factoryCreating discoverable hostThe Metadata ExplorerOngoing Discovery
Announcing EndpointsAutomatic announcementsReceiving AnnouncementsStreamlining AnnouncementsThe announcements sink
Solution ArchitectureDiscoverable HostDiscovery ClientMore client-side helper classesAnnouncementsService-side announcementsReceiving announcementsThe Metadata Explorer
Subscriber Types
Managing Transient SubscriptionsManaging Persistent SubscribersEvent PublishingAdministering Persistent SubscribersSingleton subscriberQueued Publishers and SubscribersQueued publisherQueued subscriber
The Event Relay BindingThe ServiceBusEventsHostThe ServiceBusEventsClientBase
The DiscoveryPublishService<T> ClassThe PublisherThe SubscriberMore on DiscoveryPublishService<T>
The Generic InvokerInstalling the Interceptor
Security Call Stack Interceptor

Content preview from Programming WCF Services, 3rd Edition

Security

Always protect the message and provide for message confidentiality and integrity.
In an intranet, you can use Transport security as long as the protection level is set to EncryptAndSign.
In an intranet, avoid impersonation. Set the impersonation level to TokenImpersonationLevel.Identification.
When using impersonation, have the client use TokenImpersonationLevel.Impersonation.
Use the declarative security framework and avoid manual configuration.

Never apply the PrincipalPermission attribute directly on the service class:

//Will always fail:
[PrincipalPermission(SecurityAction.Demand,Role = "...")]
public class MyService : IMyContract
{...}

Avoid sensitive work that requires authorization at the service constructor.

Avoid demanding a particular user, with or without demanding a role:

//Avoid:
[PrincipalPermission(SecurityAction.Demand,Name = "John")]
public void MyMethod()
{...}

Do not rely on role-based security in the client’s callback operations.
With Internet clients, always use Message security.
Allow clients to negotiate the service certificate (the default).
Use the ASP.NET providers for custom credentials.
When developing a custom credentials store, develop it as a custom ASP.NET provider.
Validate certificates using peer trust.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Programming WCF Services, 4th Edition

Juval Lowy, Michael Montgomery

Programming WCF Services, 2nd Edition

Juval Lowy

Programming WCF Services

Juval Lowy

Programming .NET Security

Adam Freeman, Allen Jones

Publisher Resources

ISBN: 9781449382476Supplemental Content Errata Page