Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST, XML/JSON, Atom/RSS.
Download ReportTranscript Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST, XML/JSON, Atom/RSS.
Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST, XML/JSON, Atom/RSS Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST, XML/JSON, Atom/RSS System.ServiceModel.CommunicationException: The remote server returned an error: NotFound Binary XML “Silverlight-enabled WCF Service” - now Binary by default Using "typical" message payloads Web service requests/sec HP BL680c: 8 Intel EMT64 [email protected] Windows Server 2008 64-bit, IIS7 Text / HTTP 24% Binary / HTTP 7570 6122 71% 4615 2702 Your mileage may vary 20 objects 100 objects Message size Using large messages with arrays of "typical" data 40% Size reduction 34% 15% Your mileage may vary String Int Large object graph Attempt #1: Naïve Approach Attempt #2: Enable Debugging Error info still not in Silverlight! System.ServiceModel.CommunicationException: The remote server returned an error: NotFound HTTP 500 HTTP 200 http://code.msdn.com/SilverlightWS HTTP 200 With Silverlight 3 Faults Support Example with Cookies + Forms Auth E.g.: ASP.NET login Credentials User: Password: YourDomain.com Auth info (cookie) Service calls + Auth info Browser Login through Silverlight Call with credentials to ASP.NET Auth Service User: Password: Reply contains cookie Service calls + Auth info Browser YourDomain.com ASP.NET Auth Service Using Windows Authentication Windows login User: Password: YourDomain.com Service calls + Creds Browser Cross-Domain Threat MyBank.com Login User: Password: Credentials MyBank.com Auth info (e.g. cookie) Malicious call + Auth info Could steal or change data if protection wasn’t in place Malicious application EvilApps.com Identity managed by Silverlight, not the Browser YourDomain.com User: Password: Creds are added by Silverlight, not browser No creds EvilApps.com Browser [OperationContract] public decimal GetAccountBalance (int accountID, string userName, string password); <!-- WS-Security Header --> <!-- With UserName, Password, Timestamp --> <!-- Message Payload --> Default max skew is 5 minutes – may require changes (Client clock can’t be more that 5 minutes out of sync with server) sl Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST, XML/JSON, Atom/RSS EndpointAddress address = new EndpointAddress("http://example.com/Service1.svc"); CustomBinding binding = new CustomBinding( new PollingDuplexBindingElement(), new TextMessageEncodingBindingElement( MessageVersion.Soap12WSAddressing10, Encoding.UTF8), new HttpTransportBindingElement()); CallbackContract=… IsOneWay=true GetCallbackChannel Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST, XML/JSON, Atom/RSS HTML DOM + JavaScript XmlHttpRequest Proxied through a Service “Paste XML as Serializable Types” Simple Back-End Data Access WCF, SOAP “Data Push” (Server to Client) WCF Mashups (Using REST APIs) REST, XML/JSON, Atom/RSS Your feedback is important! © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. High-level components and User Code HttpWebRequest Browser Plugin APIs Restrictions Web Browser - Cookies - Authenticated sessions - Caching - Proxy server to use Windows/Mac Networking Layer Restrictions Client App Client Duplex Channel Any messages? 10-15sec No messages Server Duplex Channel Any messages? Message Message Message Any messages? Client Browser Server Server App