XML Web-Services

Sergey Baidachni

MCT, MCSD, MCDBA

Overview

Introduction How it work? What about Java? Performance Security Global Architecture

Introduction

Road №80 Unix, Windows or … Formats war XML Web Services

Road №80 Where in the wall can I make a hole?

Unix, Windows or …

Conveniences for the clients Conveniences for the administrators Who will think about programmers?

Formats War

DVD or VHS?

XML Web Services

What is this? URL-addressable set of functionality exposed

over a network Advantage

HTTP: Stateless and text XML: Standard format Any platform and language

How does it work?

Overview to XML Web Services Simple Web Services SOAP – a protocol or another document

XML? WSDL – a method of service application XSD – How do I look like? DISCO, UDDI – How am I found? Proxy Class

Overview to XML Web Services

Service BrokerService Broker

Service ProviderService ProviderService ConsumerService Consumer

Publish Find

Bind

Simple Web Services

What can be even simpler?public class MyService : System.Web.Services.WebService{

[WebMethod]public string Hello(string Name){

return "Hello "+Name;}

}

Testing in browser Create simple .NET Client

SOAP – Is it a protocol or another documents XML? SOAP – Universal means of

communication

<?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-

instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body>

<Hello xmlns="http://tempuri.org/"> <Name>string</Name>

</Hello> </soap:Body>

</soap:Envelope>

SOAP – Where?

UDDIUDDI

Any ClientAny Client

SOAP SOAP

SOAP

IISIIS

Web ServiceWeb Service

WSDL – A method of service usage What’s the content of the service? What parameters are to be transmitted? WSDL Elements

types message portType binding service

Demonstration

XSD – What do I look like?

Schema Definition Language – description of complex types

Demonstration

<xsd:complexType name="MyType">

<xsd:sequence>

<xsd:element minOccurs="0" maxOccurs="1" name="Name" type="s:string" />

</xsd:sequence>

</xsd:complexType>

DISCO, UDDI – How am I found? Static discovery Dynamic discovery Locating disco.exe [options] url Programmatic discovery

System.Web.Services.Discovery DiscoveryDocument DiscoveryReferenceCollection DiscoveryClientProtocol DiscoveryClientResult

DISCO, UDDI – How am I found? What is UDDI? Benefits Information provided by UDDI Programming UDDI

(Microsoft.UDDI.dll) Problem with UDDI uddi.microsoft.com

Proxy Class Proxies and WSDL Generating Proxies Using Wsdl.exe

Add Web Reference Explicit call

Configuring Proxies

Web Service ConsumerWeb Service ConsumerWeb ServiceWeb Service

What about Java?

How to install IIS on Unix? Sun Java SDK, Tomcat, AXIS Java и .NET – impossible? It works for real!

Performance Testing

What is Application Center Test? Record simple scenario Custom scenario

CreateConnection CreateRequest Send

How generate SOAP in ACT?

Security

Threats definition– model STRIDE Selection of techniques Selection of technologies Best Practices

STRIDE – Threats modulation Spoofing identity Tampering with data Repudiation Information disclosure Denial of services Elevation of privilege

Best Practices

Do not use an administrator’s accounting record

Store secret data in a safe place Do not use lines concatenation when making

queries

Global Architecture

It is always lacking, or maybe there are problems of Web services?

WS-* Specifications

WS-Routing

WS-Referral

WS-Inspection

WS-Security

WS-Attachments

WS-Coordination

WS-Transaction

WS-Policy

WS-Trust

WS-SecureConversation

WS-SecurePolicy