Lecture 15 Introduction to Web Services Web Service Applications

Web services are server-side programs that listen for messages from client applications and return specific information. There are several different types of Web services that carry out different functions: Some provide information specific to a particular industry such as manufacturing or healthcare;

Web services give you the capability to combine, share, exchange, or plug in separate services from various vendors and developers to form entirely new services or custom applications created on-the-fly to meet the requirements of the client.there are portal services that use services from different providers to offer information on a specific theme;

there are services specific to single applications, and

building block services that can be used by many different applications.Introduction

What was around before Web ServicesProgramming with the sockets API, the client had to initiate a connection to the servers and then send and receivedata. To call some operations on the server to get results, additional protocols are needed to describe request and response codes. Example of such so-called application protocols are:

Later the Remote Procedure Call (RPC) protocol was developed to simplify the use of the sockets API and the TCP/IP protocol. One of the oldest and still most popular RPC protocols is DCE-RPC (Distributed Computing Environment Remote Procedure Call) from what is now called the Open Group (www.opengroup.org).TCP/IP - the original machine to machine communication protocolFile Transfer Protocol (FTP) - used to move files to and from the serverTelnet - originally designed to provide a terminal access to a computerHypertext Transfer Protocol (HTTP).- supports file transfer and Web-based formats

Other Services Protocols and Communcations ArchitecturesCORBA - Object Management Group (OMG) initiated CORBA (Common Object Request Broker Architecture) to provide object-orientation to network programming.

DCOM - Microsot extened the DCE-RPC rptotcol with OOP features. The Distributed COM (DCOM) protocol made it possible to call COM components across the network and is used in COM+ applications.

RMI - Sun Microsystems took a different route with its Java technologies. The Remote Method Invocation (RMI) protocol can be used to call objects remotely.

SOAP - The Simple Object Access Protocol (SOAP) uses XML-based format to describe methods and parameters to make remote calls across the network.

Client Application TypesThe client of a Web service can be a Windows application created using Windows Forms, or an ASP.NET applications using Web Forms.

The client that uses the Web service can be running ona Windows PC, a UNIX/Linux system, or a pocket PC

With the .NET Framework, Web services can be consumed in every applications type-Windows, Web, or console.

DevicesBrowsersASP.NETApplicationLocal WebServicesWindowsApplicationsPortalServicesApp SpecificWeb ServicesBuilding BlockWeb ServicesApplication ArchitectureDevices and browsers are connected through the Internet to an ASP.NET application developed with Web Forms. This ASP.NET application uses both local and remotely accessed Web services as shown.Portal Web Services: Offer services from different sources (e.g. diff. companies)Application-specific Web Services: created for a single specific application.Building block Web Services: can be used in multiple applications

WSDL is an XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information. The operations and messages are described abstractly, and then bound to a concrete network protocol and message format to define an endpoint. Related concrete endpoints are combined into abstract endpoints (services). WSDL is extensible to allow description of endpoints and their messages regardless of what message formats or network protocols are used to communicate.Web Services Definition Language (WSDL)http://www.w3.org/TR/wsdlhttp://servicemix.apache.org/5-jbi.html

Web Services ArchitectureWeb services make use of the platform-independent SOAP protocol. Typically a service description is created with a WSDL document that can be designed in a way to be independent of new versions of the Web service, and therefore the client needn't be changed.A WSDL document has the information about the methods a Web service supports and how they can be called, parameter types passed to the service, and parameter types returned from the service.Since the WSDL document can be generated dynamically, it is not necessary to deal with this information directly.The WSDL document, in turn, is used to create a client proxy with the same methods and arguments. With this proxy, the client application has the advantage that it only needs to call the methods as they are implemented in the server, because the proxy converts them to SOAP calls to make the call across the network.A SOAP message is the basic unit of communication between a client and a server. It includes an evelope, which wraps all the SOAP information in a single block. The SOAP evelope consists of a header and a body. The header is optional and tells how the client and server should process the body.The SOAP server sends back the return values in the body of a SOAP message.

Example WSDL Generated from ASP.NET RuntimeWROX Beginning Programming Microsoft Visual C# 2008

SOAP and FirewallsA common question is, "Does the SOAP protocol break the security boundaries of the firewalls?" Actually there are no more security issues with SOAP than there are with interaction with a Web browser connected to a remote server. In other words, there is a limited, but non-zero risk.An poorly designed or improperly implemented Web service could leak confidential data or even crash the server. Such problems are common to all server-side applications whether they are traditional Web pages, server-side business objects, or Web services.If security issues are paramount, the firewall's system administrator can filter the communication to remove or deny SOAP calls with an HTTP request.

Communication ProtocolsTCP/IPFile Transfer Protocol (FTP)TelnetHypertext Transfer Protocol (HTTP)

Remote Procedure Call (RPC)

Distributed Computing Environment RPC(DCE-RPC)

Other Services

CORBADCOMRMISOAP

Web Services Definition Language (WSDL)

Security Issues - SOAP and FirewallsSummary