Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 38 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
38
Dung lượng
335,46 KB
Nội dung
268 </overviewURL> </overviewDoc> </instanceDetails> </tModelInstanceInfo> <tModelInstanceInfo tModelKey= "uuid:b31cff85-8b1b-4502-bce1-92229f579238"> <description xml:lang="en">This document describes the workflow encompassing the PurchaseOrder and Invoice Web service. </description> <instanceDetails> <overviewDoc /> </instanceDetails> </tModelInstanceInfo> </tModelInstanceDetails> </bindingTemplate> </bindingTemplates> </businessService> </businessServices> </businessEntity> </businessDetail> Searching for Contoso Motor Company Now that Contoso Motor Company is registered, a supplier can obtain information about the registered services by querying the UDDI registry. To facilitate this, the UDDI API exposes a set of get_ and find_ methods. The find_ methods are used to perform general queries. The information returned is typically enough to display a meaningful result set to the user. You can then use the get_ methods to retrieve the full information about a particular entry. The following example retrieves the businessDetail entry listed in the previous section: // Search for all businesses that have the name Contoso Motor Company. FindBusiness findBusiness = new FindBusiness(); findBusiness.Name = "Contoso Motor Company "; BusinessList businessList = findBusiness.Send(); // Get the businessDetail for the first entry in the result set. GetBusinessDetail getBusinessDetail = new GetBusinessDetail(); getBusinessDetail.BusinessKeys.Add(businessList.BusinessInfos[0].Bus inessKey); BusinessDetail businessDetail = getBusinessDetail.Send(); Console.WriteLine 269 ("The resulting businessDetail message received from the registry:"); Console.WriteLine(businessDetail.ToString()); I first search for all businessEntity entries with the name Contoso Motor Company. By default, UDDI performs leftmost name matching and is not case sensitive. For example, the search strings CONTOSO, Contoso Motor, and Contoso Motor Co will all locate the entry I published in the previous section. You can modify the behavior of a query by specifying a qualifier within the FindBusiness.FindQualifiers property. Table 9-3 describes the find qualifiers that a UDDI registry must support. In addition, individual registries can support an extended set of qualifiers. Table 9-3: UDDI Registry Find Qualifiers Value Description exactNameMatch Specifies that the entire string must match the name. By default, it is case insensitive. caseSensitiveMatch Specifies that case is relevant within the specified search string. sortByNameAsc Specifies that the result set should be sorted alphabetically in ascending order. sortByNameDesc Specifies that the result set should be sorted alphabetically in descending order. sortByDateAsc Specifies that the result set should be sorted by the date last updated in ascending order. sortByDateDesc Specifies that the result set should be sorted by the date last updated in descending order. Obviously, sortByNameAsc and sortByNameDesc are mutually exclusive, as are sortByDateAsc and sortByDateDesc. However, any other combination of the find qualifiers is allowed. If more than one find qualifier is specified, the following order of precedence is applied: 1. exactNameMatch and caseSensitiveMatch 2. sortByNameAsc and sortByNameDesc 3. sortByDateAsc and sortByDateDesc Once I obtain my search results, I use the getBusinessDetail object to get the details of the first record returned in my search results. The businessDetail returned contains the information necessary for a supplier to establish an e-business relationship with Contoso. Items of importance include the businessEntity UUID, the bindingTemplate access point, and the UUIDs for the tModel objects. Registering the Supplier When a supplier registers itself in the UDDI directory, registering just the name, address, and phone number is not sufficient. It must register in such a way that Contoso and other potential customers can find it. 270 UDDI provides a way to categorize entries within the directory using well- known taxonomies. The supported taxonomies include the North American Industry Classification System (NAICS - 1997), the Universal Standard Products and Services Codes (UNSPSC - 3.01), the Standard Industrial Classification (SIC - 1987), and the GeoWeb geographic classification (August 2000). I used a taxonomy earlier in this chapter when I specified the www-contoso-com:Invoice and www-contoso-com:PurchaseOrder tModel entities. Here is the portion of the code I used to register the tModel entities: saveTModel.TModels[0].Name = "www-contoso-com:Invoice"; // Set additional properties saveTModel.TModels[0].CategoryBag.Add("uddi-org:types", "wsdlSpec", "uuid:c1acf26d-9672-4404-9d70- 39b756e62ab4"); The preceding code uses the UDDI Type Taxonomy to categorize the tModel as one that references a WSDL document. A taxonomy is itself defined by a tModel definition. This is the other primary use of tModel entities besides representing a technical specification. In the preceding example, the third parameter of the CategoryBag.Add method references the tModel that defines the UDDI Type Taxonomy. The UDDI Type Taxonomy is used to categorize the type of data a tModel references. The taxonomy is hierarchical in nature, as shown in the following figure. Table 9-4 lists the valid values defined by the taxonomy. 271 Table 9-4: UDDI Type Taxonomy Values ID Description tModel The root branch of the taxonomy hierarchy. End-user categorization on this value is not allowed. identifier Specifies that the tModel represents a taxonomy of unique identifiers. The DUNS number uniquely identifies a company and is an example of an identifier tModel. namespace Specifies that the tModel represents a scoping constraint. This value is synonymous with XML namespaces and is used to avoid naming collisions. categorization Specifies that the tModel represents a method of categorization. The NAICS and UNSPSC—and even the UDDI Type Taxonomy—are all examples of categorization tModel entities. 272 Table 9-4: UDDI Type Taxonomy Values ID Description specification Specifies that the tModel references a contract that defines the interaction with a particular service. COM and RPC services are examples of specification tModel entities. xmlSpec Specifies that the tModel references a contract that defines the interaction with a particular service using XML. Examples of xmlSpec tModel entities include a DTD and an XML Schema schema. soapSpec Specifies that the tModel references a contract that defines an interaction with a particular service using SOAP. The schema for the Inquire UDDI API is an example of a soapSpec tModel. wsdlSpec Specifies that the tModel references a WSDL document that defines an interaction with a particular service. The www- contoso-com:Invoice tModel is an example of a wsdlSpec tModel. protocol Specifies that the tModel references a particular protocol for interacting with a particular service. transport Specifies that the tModel references a particular transport protocol for interacting with a particular service. HTTP and FTP are examples of transport tModel entities. signatureComponent Specifies that the tModel does not represent the complete specification for a Web service. An example would be an individual step in a business process. You can create your own taxonomies by creating a tModel that contains a categorization entry in its category property bag. However, to help ensure that potential purchasers can find Fabrikam when they are looking for a wing nuts manufacturer, I use a taxonomy that is core to UDDI. (The taxonomies that are essential to UDDI are listed at http://www.uddi.org/taxonomies/Core_Taxonomy_OverviewDoc.htm .) Specifically, I categorize Fabrikam Wing Nuts using the UNSPSC. The UNSPSC is defined by the Electronic Commerce Code Management Association (ECCMA) and can be browsed at http://eccma.org/unspsc/browse/ . The following console application registers Fabrikam Wing Nuts in the UDDI directory: using System; using Microsoft.Uddi.Api; using Microsoft.Uddi; using Microsoft.Uddi.Business; using Microsoft.Uddi.ServiceType; using Microsoft.Uddi.Service; using Microsoft.Uddi.Binding; 273 class Application { static void Main(string[] args) { // Initialize the publisher parameters. Publish.Url = "http://localhost/uddi/publish.asmx"; Publish.User = "udditest"; Publish.Password = ""; // Create a new businessEntity. SaveBusiness saveBusiness = new SaveBusiness(); BusinessEntity fabrikam = new BusinessEntity(); saveBusiness.BusinessEntities.Add(fabrikam); fabrikam.Name = "Fabrikam Wing Nuts"; fabrikam.Descriptions.Add("", "Just a bunch of wing nuts."); // Add the UNSPSC code for wing nut manufacturer. fabrikam.CategoryBag.Add("unspsc-org:unspsc", "31.16.17.17.00", "uuid:CD153257-086A-4237-B336-6BDCBDCC6634"); // Contact information The preceding code creates a businessEntity for Fabrikam Wing Nuts and categorizes it using the UNSPSC taxonomy. The code for wing nut manufacturers is 31.16.17.17.00. (Yes, there actually is a code defined for wing nut manufacturers.) If Fabrikam decides to diversify its product line, it can add more entries to the category property bag. // Add a businessService for the Web services // related to supply chain management. BusinessService scmService = new BusinessService(); fabrikam.BusinessServices.Add(scmService); scmService.Name = "Supply Chain Management Web Service"; scmService.Descriptions.Add("", "Web services for conducting e-commerce with suppliers."); // Add the binding template for the PurchaseOrder Web service. BindingTemplate purchaseOrderBinding = new BindingTemplate(); scmService.BindingTemplates.Add(purchaseOrderBinding); purchaseOrderBinding.Descriptions.Add("", "The Web service for submitting purchase orders to Fabrikam Wing Nuts."); 274 purchaseOrderBinding.AccessPoint.Text = "http://fabrikam.com/PurchaseOrder.asmx"; purchaseOrderBinding.AccessPoint.URLType = URLTypeEnum.Http; // Add a reference to the www-contoso-com:PurchaseOrder tModel. TModelInstanceInfo purchaseOrder = new TModelInstanceInfo(); purchaseOrderBinding.TModelInstanceDetail.TModelInstanceInfos.Add (purchaseOrder); purchaseOrder.TModelKey = "uuid:2a1109ff-5d31-4df1-86f6- b8fcff797030"; Console.WriteLine("The save_Business message sent to the registry:"); Console.WriteLine(saveBusiness.ToString()); BusinessDetail businessDetail = saveBusiness.Send(); Console.WriteLine ("The resulting businessDetail message received from the registry:"); Console.WriteLine(businessDetail.ToString()); } } I register the Invoice Web services that are compliant with Contoso’s www-contoso- com:PurchaseOrder tModel, and then I save the businessEntity to the registry. Searching for the Supplier When Contoso Motor Company needs to replenish its supply of wing nuts, it can search the UDDI directory for potential suppliers. The following code searches the UDDI directory for suppliers. Inquire.Url = "http://test.uddi.microsoft.com/inquire"; FindBusiness findBusiness = new FindBusiness(); findBusiness.CategoryBag.Add("unspsc- org:unspsc", "31.16.17.17.00", "uuid:CD153257-086A-4237-B336- 6BDCBDCC6634"); findBusiness.TModelKeys.Add("uuid:2a1109ff-5d31-4df1-86f6- b8fcff797030"); BusinessList businessList = findBusiness.Send(); Console.WriteLine(businessList); 275 The preceding code searches for all businessEntity entries that are categorized as wing nut manufacturers and also expose the PurchaseOrder Web service. Because Fabrikam meets these criteria, it will be included in the resulting businessList. The ability to search for potential suppliers in a centralized directory offers a couple of advantages. First, suppose Contoso already has an established relationship with another wing nut supplier. If, for some reason, this supplier cannot accommodate Contoso’s orders, Contoso can search the directory for other potential suppliers. Another advantage of a centralized directory is that companies other than Contoso can locate Fabrikam in the UDDI directory. For example, if Billy’s Rocking Horse Manufacturing is putting together a new line that requires wing nuts, it can locate Fabrikam by performing a search of the UDDI directory. Visual Studio .NET Integration Visual Studio .NET supports UDDI. The two primary points of integration are the Visual Studio .NET Start page and the Add Web Reference Wizard. The Visual Studio .NET Start page lets you register Web services as well as search for Web services registered in the UDDI directory. This functionality is available through the XML Web Services page, which serves as a portal to a registrar customized for Visual Studio .NET. This Web page is hosted on the Internet, so it is subject to change. As of this writing, it has three tabs: Getting Started, Find A Service, and Register A Service. The latter two tabs are used to register and locate Web services in the Microsoft test and production UDDI registry. The Find A Service tab presents a simple search screen for finding Web services that have been categorized using the VSCATEGORY taxonomy. You can easily add each resulting entry to the current project by clicking on the link provided. The Register A Service tab provides a simple three-step UI for registering a Web service. On the first screen, you log in with your Passport credentials. The next screen gives you the option to publish against the Microsoft test or production registry. Here is the final screen, where you enter information about the Web service: The information provided is used to create a businessService with an associated bindingTemplate. The Web Service Name and Description fields set the name and 276 description of the businessService, respectively. The .asmx URL, .wsdl URL, and Service Category are used to set the appropriate properties on the bindingTemplate. The Visual Studio .NET registrar also registers a tModel on your behalf. The following is the businessService entity that is created as a result of the above registration: <businessService serviceKey="3a4d24a1-9722-4499-87bb-ed7cb39d01a5" businessKey="c2a5e253-a10d-431c-a167-016d057f8890"> <name>Test Web Service</name> <description xml:lang="en">This is only a test.</description> <bindingTemplates> <bindingTemplate serviceKey="3a4d24a1-9722-4499-87bb- ed7cb39d01a5" bindingKey="bcbdd1a4-3605-4950-bc83-46ddb17e51dc"> <description xml:lang="en">This is only a test.</description> <accessPoint URLType="http">http://test/test.asmx</accessPoint> <tModelInstanceDetails> <tModelInstanceInfo tModelKey="uuid:e4fe05d6-2691-430a-bbfd- 81d6e5491b91"> <description xml:lang="en">WSDL Web Service Interface (Added by VS) </description> <instanceDetails> <description xml:lang="en">WSDL Web Service Interface (Added by VS) </description> <overviewDoc> <overviewURL>http://test/test.asmx?wsdl</overviewURL> </overviewDoc> </instanceDetails> </tModelInstanceInfo> </tModelInstanceDetails> </bindingTemplate> </bindingTemplates> <categoryBag> <keyedReference tModelKey="uuid:4c1f2e1f-4b7c-44eb-9b87- 6e7d80f82b3e" keyName="VSCATEGORY" keyValue="14" /> </categoryBag> </businessService> In addition to using the Find A Service tab on the Visual Studio .NET Start page, you can also search for Web services registered in UDDI using the Add Web Reference Wizard. The wizard allows you to search for all Web services published by a particular businessEntity. 277 The following is the result of a search for all Web services published by the GotDotNet businessEntity: Only entries that reference tModel objects in the wsdlSpec category are listed. To add a reference to a Web service, click on the link to its WSDL interface and then click the Add Reference button. DISCO The mere name generates visions of John Travolta strutting his stuff in a polyester leisure suit. DISCO, which is short for Discovery, is yet another technology that you can use to advertise and discover Web services. The DISCO protocol was developed by Microsoft, which currently has no formal plans for submitting the DISCO specification to a standards body. So, if we have UDDI, why DISCO? Recall that UDDI is a structured, centrally managed directory service. Its ability to discover Web services is company-centric. It is difficult to query UDDI to determine what Web services are exposed by a particular server. For this type of query, you need a more decentralized mechanism for locating Web services. DISCO allows you to discover the Web services running on a particular computer by providing a browse paradigm for locating a particular Web service. In some respects, DISCO is similar to the hyperlink navigation popularized by HTML. You can advertise a top-level index that contains references to specific Web services or to other DISCO files. Because DISCO supports a browse paradigm, it is well suited to development environments. And because DISCO does not require you to formally register with UDDI, you can quickly expose your Web services to other developers. Developers can browse your development server to discover the URL of a particular Web service that they need to code against. Visual Studio .NET and DISCO By default, the Visual Studio .NET Add Web Reference Wizard uses DISCO files to locate Web services. However, you will probably want something other than a DISCO file to serve as the default page of your Web server. [...]... submits the form If the application authenticates the request by performing a database or XML file lookup, the user is granted access Forms-based authentication uses HTML pages, so it is not supported by Web services because Web services have no UI However, ASP.NET does support forms-based authentication .NET Passport Authentication NET Passport is a centralized authentication service provided by Microsoft. .. Deploy the Web service Visual Studio NET will deploy to the Web server the newly compiled DLL and any other files that have changed You can deploy the Web service by using Microsoft FrontPage Server Extensions or by using a file share that is mapped to the underlying file system hosting the Web service 302 3 Launch the asmx page within the browser This will cause the ASP.NET worker process to load the Web. .. Windows authentication by adding the following code to the web. config file: You can also force ASP.NET to impersonate the calling user with the following web. config configuration entry: You can then get the name of the calling user by using the following code in your Web service: using System.Security.Principal;... the Web site hosts only Web services, the default page will probably contain HTML documentation Therefore, during the installation of Visual Studio NET, a link HTML tag is placed within the default page of the Web server Here is an example: Welcome to my Web site! If the default page of the Web. .. determine whether the server can correctly decrypt random data provided by the client after it is encrypted with the site’s public key from the certificate If the site can decrypt the blob, the site must have the protected private key associated with the public key in the certificate Also, the date validity is verified in the certificate If all these steps succeed, the server is authenticated and the user knows... mechanism for discovering Web services It is used primarily for development by the Visual Studio NET IDE Visual Studio NET automatically creates the necessary DISCO files The DISCO file for a particular server is created at installation time; the DISCO file for a particular Web service is created along with the Visual Studio NET project in which it is contained 280 Chapter 10: Building Secure Web Services. .. SOAP data, remember that there are two aspects to both technologies The first aspect is securing the channel between the client and the Web service, and the second is securing the SOAP payload or data within the payload— not only as it travels from the client to the Web service and vice versa, but also when the data is persisted to some form of persistent data storage The former scenario is well understood... and how it applies to building secure Web services I then discuss security technologies provided by Microsoft Internet Information Services (IIS) 5 and 6, and I also discuss important XML- based security technologies such as XML Signatures and XML Encryption and how the Microsoft NET Framework supports them Finally I look at common security mistakes people make when building Web services and how you... the line that calls to the Web service via a proxy, you can press F11 to step into the implementation of the Web service method Visual Studio NET will intercept the call to the Web service, attach to the process, and then set a breakpoint at the beginning of the method This feature is referred to as causality To facilitate causality, the Web service client must have appropriate security rights If the. .. in the way of security features As of this writing, the primary communication protocol used by Web services, SOAP, does not define security protocols; it relies on the Web server, and potentially the client application, to provide those services The main reason for this is that SOAP is transport independent; Web services use HTTP as a transport, but other SOAP-based services might use SMTP or other . of your Web server. 2 78 Even if the Web site hosts only Web services, the default page will probably contain HTML documentation. Therefore, during the installation of Visual Studio .NET, a. the Visual Studio .NET Start page, you can also search for Web services registered in UDDI using the Add Web Reference Wizard. The wizard allows you to search for all Web services published. DISCO file for a particular Web service is created along with the Visual Studio .NET project in which it is contained. 281 Chapter 10: Building Secure Web Services By nature, many Web services