Implementing HTTP Endpoints Chapter 10 When organizations need to make the data available to users spread across various locations, they implement Web applications. These Web applications make use of certain services, known as Web services that provide programming support and help the applications to interact with the database server. To allow communication between the Web services and the database server, you need to provide access through additional ports on the Internet firewall. This increases the security threat to the organization. SQL Server 2005 provides native Hypertext Transfer Protocol (HTTP) support that allows you to create Web services on the database server. These Web services expose Web methods that the Web applications can access by using the HTTP endpoints. This chapter introduces you to Web services. Next, it discusses the role of the HTTP endpoints in the Web service architecture. Further, it explains how to implement HTTP. In this chapter, you will learn to:  Define the Hypertext Transfer Protocol endpoints  Implement the Hypertext Transfer Protocol endpoints for Web services Objectives ¤NIIT Implementing HTTP Endpoints 10.3 Consider a scenario of a large-scale enterprise that has a number of sales executives. The management has decided to provide Personal Desktop Assistant (PDA) devices to the sales executives so that they can log the sales details online. In addition, the executives need to connect the PDA device to the database server. Providing direct access from a PDA device to the database server involves a high cost. Instead, the management can implement Web services through which each sales executive can log the sales details. A Web service is a collection of methods or functions where each method provides a specific functionality. When a client sends a request, a Web service accesses data on a predefined set of business logic from the server and returns the data to the client. SQL Server 2005 provides the native support for Web services through the database engine using HTTP. HTTP is the protocol used for communication over the Internet. With this feature, you can create Web services in the SQL Server. Further, you can create the HTTP endpoints to expose these services to the clients who can directly access these services over the Internet. The Web services are based on the Service-Oriented Architecture (SOA). Therefore, before you understand how the Web services are implemented in the SQL Server, it is essential to know about the SOA. SOA is an extension of distributed computing based on the request/reply design pattern. It follows the n-tier architecture where the business logic of an application is modularized and presented as services. The architecture involves two types of entities, service provider and service consumer. A service provider implements a set of services in the form of functions. In addition, the service provider exposes its functionality through an interface. A service consumer uses the interface to make requests to the service provider to use the services. Introduction to HTTP Endpoints Introduction to SO A 10.4 Implementing HTTP Endpoints ¤NIIT The service provider processes the request and sends a reply to the consumer, as shown in the following figure. The SOA Consider an example of a large business organization that has a number of clients using diverse hardware and software platform, such as a PDA, laptop, Linux, Tablet PC, or a mobile phone. In such a scenario, an architecture that enables communication between different types of clients and servers is required. SOA allows creating interoperable services that can be accessed from heterogeneous systems. Interoperability enables a service provider to host a service on any hardware or software platform that can be different from the platform on the consumer end. In addition, SOA provides the following benefits: 1. Enables better reusability of existing business logic in the enterprise and allows you to create applications that can be built on the new and existing applications. For example, a service provides logic to validate the identity of a customer. If you need to build two different business applications that need to validate identity of a customer, you can use the same service for that purpose. 2. Enables changes to applications while keeping clients or service consumers isolated from the changes. In the preceding example of a service that validates the identity of a customer, if you need to update the logic of this service, you can only update the service. You do not need to make any change in the business applications that use the service. A Web service is a set of functions that provide programmable logic used by client applications over the Internet. These services are based on the SOA and communicate through the Simple Object Access Protocol (SOAP). SOAP is an XML-based message envelop based on HTTP. The clients send and receive messages in the XML format and communicate with the service by using HTTP. Introduction to Web Services ¤NIIT Implementing HTTP Endpoints 10.5 For example, a Web service provides the latest stock details of a stock exchange. Various websites that need to display the stock details can use this service to get the latest updates. This service will use SOAP to communicate with the clients. A Web service is implemented in the Internet environment, as shown in the following figure. Web Services A Web service encapsulates the implementation of the functions and provides an interface through which the clients can call these functions. This interface is provided in the XML format in an industry standard called Web Services Definition Language (WSDL). WSDL is a document that is used by the Web clients to retrieve information about the names of the methods and their parameters. Each Web service needs to be published by using a protocol called Universal Description, Discovery and Integration (UDDI). UDDI helps the client applications locate the published Web services. Web services provide the following benefits:  Interoperability: A Web service communicates by using the HTTP protocol, which is the standard protocol followed by the industry. Therefore, a Web service can be used by any client application that can communicate through HTTP.  Multilanguage support: A Web service can be created by using any programming language. 10.6 Implementing HTTP Endpoints ¤NIIT Just a minute:  Reusability: A Web service created for a particular application can be reused in other applications as it follows the industry standards for implementation and communication. Web Services in SQL Server A Web service provides a programming logic to implement a business rule. It can also manipulate data in a database server. SQL Server 2005 provides the native HTTP support within the database engine that allows database developers to create Web services. This allows the database users to interact with the database over the Internet by using a Web service. When you use the native Web services of the SQL Server, you can send SOAP messaging requests to an instance of the SQL Server over HTTP to run the following:  Transact-SQL batch statements, with or without parameters.  Stored procedures and scalar-valued user-defined functions. Which of the following describes the Web services? 1. WSDL 2. SOAP 3. UDDI Answer: 1. WSDL ¤NIIT Implementing HTTP Endpoints 10.7 Just a minute: Which of the following helps in finding a Web service? 1. WSDL 2. SOAP 3. UDDI Answer: 3. UDDI To use the native XML Web services of the SQL Server, you need to establish an HTTP endpoint at the server. This endpoint is the gateway through which HTTP-based clients can send queries to the server. An HTTP endpoint listens and receives client requests on port 80. These requests are listened and routed to the endpoint by the Http.sys listener process. Identifying the Role of HTTP Endpoints in a Native Web Service Architecture 10.8 Implementing HTTP Endpoints ¤NIIT Just a minute: The following figure shows how the HTTP endpoint allows users to communicate with the Web services implemented on the SQL Server. The HTTP Endpoint Architecture After establishing an HTTP endpoint, you can create stored procedures or user-defined functions that can be made available to endpoint users. These procedures and functions are also called as Web methods. The Web methods together can be called a Web service. The SQL Server instance provides a WSDL generator that helps generate the description of a Web service in the WSDL format, which is used by the clients to send requests. On which of the following ports does the SQL Server listen for HTTP requests? 1. 80 2. 90 3. 70 Answer: 1. 80 ¤NIIT Implementing HTTP Endpoints 10.9 As a database developer, you can configure an instance of SQL Server 2005 as a Web service that can listen natively for HTTP SOAP requests. To perform this task, you need to create HTTP endpoints and define the properties and methods that an endpoint exposes. An HTTP endpoint opens the database to all the trusted users of your data. At times, you might need to restrict the access to the data to selected users only. Therefore, it is important to secure the HTTP endpoints by granting permissions to only selected users to access an HTTP endpoint. As a database developer, you need to create HTTP endpoints to allow users to access a Web service implement in the database engine. For example, for an organization, you need to allow the sales executives to add or update order details in a database. For this, you can create a Web service and an HTTP endpoint through which the users will execute the service. Before implementing an HTTP endpoint, you need to first create the database code that provides the functionality to the client applications. Creating the Required Database Code To provide access of data to various users on the net, you need to create stored procedures or functions which further will be converted into Web method. The code allows the users to perform data manipulations or generate reports that are further accessed from the Internet. Consider an example, where the database users need to frequently generate reports that display the aggregated sales data or to retrieve details of customers in a particular region of an organization. You can create stored procedures that generate the desired results. Creating an HTTP Endpoint Object After creating the database objects, you need to create an HTTP endpoint. This object provides the users with a connecting point through which they can access the implemented functions. When you create an HTTP endpoint, the SQL Server converts the database objects into Web methods. These Web methods return data that is compatible with the Web standards. These Web methods can be called from any client applications, regardless of the platform of the client applications, to access data. Implementing the HTTP Endpoints for Web Services Creating HTTP Endpoints 10.10 Implementing HTTP Endpoints ¤NIIT You can use the CREATE ENDPOINT statement to create an HTTP endpoint. The syntax of the CREATE ENDPOINT statement is: CREATE ENDPOINT endpoint_name STATE = { STARTED | STOPPED | DISABLED } AS HTTP ( AUTHENTICATION =( { BASIC | DIGEST | INTEGRATED | NTLM | KERBEROS }, PATH = 'url', PORTS = (CLEAR) ) FOR SOAP( [ { WEBMETHOD [ 'namespace' .] 'method_alias' ( NAME = 'database.owner.name' [ , SCHEMA = { NONE | STANDARD | DEFAULT } ] [ , FORMAT = { ALL_RESULTS | ROWSETS_ONLY } ]) } [ , n ] ] [ BATCHES = { ENABLED | DISABLED } ] [ , WSDL = { NONE | DEFAULT | 'sp_name' } ] where, Endpoint_name is the name of the endpoint that you want to create. STATE = { STARTED | STOPPED | DISABLED } specifies the state of the endpoint when it is created. AUTHENTICATION = ( { BASIC | DIGEST | NTLM | KERBEROS | INTEGRATED }) specifies the authentication method that will be used to verify the clients accessing the endpoint. This parameter accepts any of the following values:  BASIC: Basic authentication contains the user name and password in an encoded format separated by a colon. It can be useful when the endpoint needs to be accessed locally or on the server itself.  DIGEST: In digest authentication, the user name and password is hashed by using MD5, which is a one-way hashing algorithm. The username and password sent by using digest authentication must be mapped to a windows account. Digest authentication can be used for crucial data that needs to be accessed when required.  NTLM: This protocol uses encryption for secure transmission of passwords. It provides more security than Basic or Digest authentication.  KERBEROS: Kerberos authentication is an internet standard authentication. While using this mechanism, the SQL server must associate a Service Principal Name with the account accessing the endpoint.  INTEGRATED: Integrated authentication can use NTLM or Kerberos authentication to authenticate the client. Integrated authentication can authenticate the client with the type the client requests. [...]... accounts for the users who need to access the database 2 Grant permissions for any stored procedure or user-defined functions that the user or roles need to access by using the Web service: After allowing the users to access the database, you need to provide the execute permissions on the database objects that will be accessed by the endpoint 3 Grant permissions to allow users or roles to connect to the HTTP... AdventureWorks need to use the details of all the sales stores stored in the AdventureWorks database server The details include the name of the store, name of the store owner, and e-mail address of the owner As per the company’s security policy, access to company’s databases cannot be provided to any external entity As a database developer, how will you make the list available to the other organizations. .. locations spread across the globe According to the requirements, the users need to access the data of all the employees at various locations Users might also need to use PDAs or mobile phones to access these details As a database developer, you have decided to implement a Web service that allows the users to access the data using the Internet How will you implement this service inside the AdventureWorks database?... connect to the HTTP endpoints: To allow the users to execute the database objects over the Internet, you need to allow the users to connect to the endpoint through which the users will connect to the Web service 10.14 Implementing HTTP Endpoints NIIT Activity: Implementing HTTP Endpoints Problem Statement The database server of AdventureWorks, Inc is located at Bothell The organization has various offices... username and password to execute the code DataSet ds = hr.CallhrDetails();//executes the webmethod and stores the result in ds dataset grid1.DataSource = ds.Tables[0].DefaultView;//displays the dataset to the user The preceding code will get the data from the Web service and display it in the datagrid NIIT Implementing HTTP Endpoints 10.17 Note If you are unable to view the Web service in the Object Explorer... displays data on the Internet to trusted suppliers, customers, or business partners However, you need to ensure that only appropriate people gain access to a critical data Therefore, it is important to secure the HTTP endpoint NIIT Implementing HTTP Endpoints 10.13 To secure endpoints, you need to perform the following steps: 1 Create appropriate user accounts within the database: You need to create... attempting to register the endpoint 'hrDetails' One or more of the ports specified in the CREATE ENDPOINT statement may be bound to another process Attempt the statement again with a different port or use netstat to find the application currently using the port and resolve the conflict This error occurs when the port 8080 is being used by some other service and is not free to host any other service To resolve... reference to the WSDL document of the Web service running on http://localhost/AdventureWorks?wsdl location Next, you need to add a button and datagrid named but1 and grid1 to the user interface Next, you can write the following code in the click event of the button: Client.localhost.hrDetails hr = new hrDetails();// makes the object of the class hr.Credentials = CredentialCache.DefaultCredentials;//uses the. .. database? Solution To solve the preceding problem, you need to perform the following tasks: 1 Create a procedure 2 Create an HTTP endpoint for SOAP 3 Verify the creation of HTTP endpoint Task 1: Creating a Procedure To create a procedure that will display the details of all the employees, you need to perform the following steps: 1 Write the following statement in the Query Editor window of the Microsoft... You can view the hrDetails Web method listed under the SOAP node, as shown in the following figure hrDetails Endpoint Listed in the Object Explorer Window To verify the data being accessed by the endpoint, you need to create a client application You can write the client application in any of the NET supported language For example, if you create the client application using C#, you need to first add . permissions to allow users or roles to connect to the HTTP endpoints: To allow the users to execute the database objects over the Internet, you need to allow the users to connect to the endpoint. locations spread across the globe. According to the requirements, the users need to access the data of all the employees at various locations. Users might also need to use PDAs or mobile phones to. Database Code To provide access of data to various users on the net, you need to create stored procedures or functions which further will be converted into Web method. The code allows the users