Chapter 10 ASP.NET Security

Download Report

Transcript Chapter 10 ASP.NET Security 

Chapter 15
Remoting
Yingcai Xiao
ASP.NET
•
•
.
•
ASP.NET is for building traditional thinclient applications (Web applications).
Such applications rely on browsers to
display HTML generated on servers.
Benefits:
1.
2.
3.
4.
shorter development cycles
more scalable
more maintainable
more robust
XML Web Services
Client 1
Proxy of Interface 2
UDDI Registry 2
SOAP
UDDI Registry 1
Client 2
Proxy of Interface 1
SOAP
Application 1
WSDL Interface 1
Application 2
WSDL Interface 2
WEB
WS Class, Contract, Registry, Proxy.
XML/HTML: inefficient communication, limited representation power.
Remoting
.
• Remoting is for closely coupled applications with a tighter
coupling of client and server.
• Such applications have their own client programs and don’t
depend on browsers to communicate with the servers. They are
“rich-client” applications and distributed applications.
• Better suited for two-way communication between clients and
servers than are conventional Web applications.
• Closely coupled applications utilize network bandwidth more
efficiently because they can use lean binary protocols in lieu
of HTTP.
• “Rich-clients” can use Windows forms to better overcome the
limitations of HTML.
• Close coupling facilitates stateful connections between clients
and servers, which in turn simplifies the task of building stateful
applications.
Remoting
• Closely coupled applications building tools:
– DCOM (Distributed Component Object Model),
– CORBA (Common Object Request Broker Architecture),
– Java RMI (Remote Method Invocation).
.
• .NET Remoting: System.Runtime.Remoting is for building
closely coupled rich-client applications without the hassles that
come with COM programming—apartments, IDL (Interface
Definition Language), reference counting, lack of exception
handling, incompatible languages and data types, and so on.
• .NET remoting is a better COM than COM.
Basics
 Remoting begins with the class or classes you want to remote.
 A remotable class can be used by clients in other application
domains, which can mean other application domains in the
client’s process, application domains in other processes, or
application domains on other machines.
 To write a remotable class, all you have to do is derive from
System.MarshalByRefObject.
 Both client and server are applications in their own
domains.
Basics
 When a client creates a remote instance of RemotableClass,
the .NET Framework creates a proxy in the client’s application
domain.
 The proxy looks and feels like the real object. Calls received by
the proxy, however, are transmitted to the remote object through
a channel connecting the two application domains.
 We say that an object served by a proxy has been marshaled by
reference because the object isn’t copied to the client’s
application domain; the client merely holds a reference to the
object. That reference is the proxy.
 A remote object needs a server process register the
remotable class so that it can be activated from another
application domain.
Remoting Architecture
Example
A simple remote class.
ClockServer.cs
using System;
public class Clock : MarshalByRefObject
{
public string GetCurrentTime ()
{
return DateTime.Now.ToLongTimeString ();
}
}
Communication
 Client and server communicate usually through a TCP channel.
 Each TCP channel is identified by an IP address and a port
number.
winserv1.cs.uakron.edu:1234
 Each open channel needs to be registered on the server to
accept port calls.
 Binding also needs to be registered to specify which program to
on the server handles the calls.
 Binary communication, more efficient than HTTP.
 The communicate channel can be HTTP too.
 The other possible type of channel is named pipes.
Example
A simple remoting server: TimeServer.cs
using System;
using System.Runtime.Remoting;
using System.Runtime.Remoting.Channels;
using System.Runtime.Remoting.Channels.Tcp;
class MyApp
{
static void Main ()
{
//Create and register a channel
TcpServerChannel channel = new TcpServerChannel (1234);
ChannelServices.RegisterChannel (channel);
Example
//Set the “Clock” class to be used remotely
RemotingConfiguration.RegisterWellKnownServiceType
(typeof (Clock), "Clock", WellKnownObjectMode.SingleCall);
Console.WriteLine ("Press Enter to terminate...");
Console.ReadLine ();
}
}
Example
A simple client: TimeClient.cs
using System;
using System.Runtime.Remoting;
using System.Runtime.Remoting.Channels;
using System.Runtime.Remoting.Channels.Tcp;
class MyApp
{
static void Main ()
{
//Create a channel to connect to the server
TcpClientChannel channel = new TcpClientChannel ();
ChannelServices.RegisterChannel (channel);
Example
//Get the “Clock” class to be used.
RemotingConfiguration.RegisterWellKnownClientType
(typeof (Clock), "tcp:/winserv1.cs.uakron.edu:1234/Clock");
//Create and use a “Clock” object as if it was local.
Clock clock = new Clock ();
Console.WriteLine (clock.GetCurrentTime ());
}
}
Example
Build and run the example.
csc /t:library clockserver.cs
csc /r:clockserver.dll timeserver.cs
csc /r:clockserver.dll timeclient.cs
Start TimeServer first (in a console window)
Run TimeClient (in another console window).
.NET 3.0, 3.5, 4.0
WCF, WPF, WF, CardSpace,
LINQ,
Task Parallel
Windows Communication
Foundation
(WCF)
WCF: Windows Communication Foundation
• For distributed applications.
• Using service oriented architecture (SOA).
• Clients can consume multiple services; Services can be consumed by
multiple clients. (M:M)
• Services have WSDL interface.
• WCF examples: WSS (Web Services Security, extension to SOAP to
apply security to web services), WS-Discovery (Web Services
Dynamic Discovery, a multicast discovery protocol to locate
services),
WCF: Windows Communication Foundation
• Endpoints: client connects to a WCF service at an Endpoint, each
service exposes its contract via endpoints.
• End point ABC: address, binding, contract
• WCF endpoints use SOAP envelope to communicate with clients
(for platform independence).
• Behaviors allow the developer to customize how the
messages are handled.
Windows Presentation Foundation
(WPF)
WCF: Windows Presentation Foundation
•
•
•
•
•
•
•
Graphical subsystem.
Based on DirectX
2D and 3D graphics, vector graphics and animation
Remote or standalone
Safe remote view with IE.
Uses XAML to define UI elements.
XAML: eXtensible Application Markup Language
Windows Workflow Foundation
(WF)
WF: Windows Workflow Foundation
•
•
•
•
•
Workflow: a series of distinct programming steps.
An activity at each step.
Workflow Designer in Visual Studio.
Workflow engine: scheduling, managing, tracking workflows.
To create applications that execute an ordered business
process (UA curriculum proposal approval system).
Windows CardSpace
Windows CardSpace
• Identification metasystem.
• Resistance to phishing attacks
• Follow the “7 laws of identity” (User Control and Consent,
Minimal Disclosure for a Constrained Use, Justifiable Parties,
Directed Identity, Pluralism of Operators and Technologies,
Human Integration, Consistent Experience Across Contexts)
• To be replaced by U-Prove.
LINQ
Language Integrated Query
Embedded SQL in C# as strings
StringBuilder builder = new StringBuilder ();
builder.Append ("select count(*) from users " +
"where username = \'");
builder.Append (username);
builder.Append ("\' and pwd = \'");
builder.Append (password);
builder.Append ("\';");
MySqlCommand command = new MySqlCommand (builder.ToString (), connection);
Int64 count = (Int64) command.ExecuteScalar ();
LINQ: Language Integrated Query
var results = from c in SomeCollection
where c.SomeProperty < 10
select new {c.SomeProperty};
foreach (var result in results) Console.WriteLine(result);
Task Parallel
Parallel Extensions
•
•
•
•
•
Managed concurrency library
TPL: Task Parallel Library
PLINQ: Parallel LINQ
Multithreading based.
Take advantages of muti-core (Intel) and many core (Nvidia GPU)
That’s all. Folks.