Developing Web Services Developing Web Services Using ASP.NET and WSE Using ASP.NET and WSE That Interoperate with the That Interoperate with the Windows Communications Windows Communications Foundation ("Indigo")Foundation ("Indigo")
Mark FussellMark FussellCOM432COM432Lead Program ManagerLead Program ManagerMicrosoft CorporationMicrosoft Corporation
2
AgendaAgenda
Interoperability between .NET Web Interoperability between .NET Web servicesservices
Build an ASP.NET Web service that is Build an ASP.NET Web service that is Basic Profile 1.1 (BP) CompliantBasic Profile 1.1 (BP) Compliant
Secure an ASP.NET Web service with Secure an ASP.NET Web service with WSE 3.0 using message securityWSE 3.0 using message security
Build WCF clients that interoperate Build WCF clients that interoperate with ASP.NET and WSE Web services with ASP.NET and WSE Web services using standard and custom bindingsusing standard and custom bindings
3
.NET Web Services.NET Web ServicesASP.NET Web services implementation in ASP.NET Web services implementation in the .NET Frameworkthe .NET Framework
Supports WS-I Basic Profile (BP) 1.1 for simple Supports WS-I Basic Profile (BP) 1.1 for simple services with metadata supportservices with metadata supportDoesn’t implement WS-* specificationsDoesn’t implement WS-* specifications
WSE is an add-on to the .NET FrameworkWSE is an add-on to the .NET FrameworkImplements several WS-* specsImplements several WS-* specsAdds message security to ASP.NET Web services Adds message security to ASP.NET Web services and supports the Basic Security Profile (BSP) 1.0and supports the Basic Security Profile (BSP) 1.0WSE 3.0 to be released in Q4 2005WSE 3.0 to be released in Q4 2005
Windows Communication Foundation (WCF) is Windows Communication Foundation (WCF) is the next-generation implementation of Web the next-generation implementation of Web servicesservices
Provides a unified programming model for WS-* Provides a unified programming model for WS-* protocols, messaging, queuing, transactions, etc.protocols, messaging, queuing, transactions, etc.
4
Web Services ArchitectureWeb Services ArchitectureASP.NET Web ServicesASP.NET Web Services
Foundation
Applications & ApplicationInfrastructure
Transports
Connected Applications Managemen
t
BusinessProcess
…
Security
Messaging
XML
Meta
data
HTTP
TCP Custom
…
Reliability
Transactions
5
.NET Framework v2.0 Web .NET Framework v2.0 Web ServicesServicesWS-I Basic Profile Conformance WS-I Basic Profile Conformance
WebServiceBinding attributeWebServiceBinding attribute
[WebServiceBinding(ConformsTo=WsiProfiles.BasicProfile1_1, [WebServiceBinding(ConformsTo=WsiProfiles.BasicProfile1_1, EmitConformanceClaims=true)]EmitConformanceClaims=true)][WebService(Namespace="Microsoft.PDC.WebServices")][WebService(Namespace="Microsoft.PDC.WebServices")]public class BPConformance_asmx public class BPConformance_asmx { { [WebMethod] [WebMethod] public string HelloWorldBP() public string HelloWorldBP() {{
string message = "'Hello World' from a Basic Profilestring message = "'Hello World' from a Basic Profile compliant (BP-compliant) Web Service.";compliant (BP-compliant) Web Service.";
return message;return message; } } }}
6
ASP.NET Web services and Basic ASP.NET Web services and Basic Profile (BP) ConformanceProfile (BP) Conformance
7
ASP.NET Web Services to ASP.NET Web Services to WCF Interoperability WCF Interoperability GuidanceGuidance
EmbraceEmbraceBasic Profile (BP) conformanceBasic Profile (BP) conformance
.NET 2.0 is BP conformant by default.NET 2.0 is BP conformant by default
Use SOAP 1.1Use SOAP 1.1
KISS - Keep Interoperable Schemas KISS - Keep Interoperable Schemas SimpleSimple
AvoidAvoidrpc/encoded as not BP compliantrpc/encoded as not BP compliant
SOAP Extensions - harder to migrateSOAP Extensions - harder to migrate
8
Web Services ArchitectureWeb Services ArchitectureWeb Services Enhancements (WSE) 2.0 and 3.0Web Services Enhancements (WSE) 2.0 and 3.0
Foundation
Applications & ApplicationInfrastructure
Transports
Connected Applications Managemen
t
BusinessProcess
…
Security
Reliability
Transactions
Messaging
XML
Meta
data
HTTP
TCP Custom
…
9
WSE 3.0 Turnkey Security WSE 3.0 Turnkey Security ScenariosScenariosBased on industry best practicesBased on industry best practices
UsernameOverCertificateUsernameOverCertificate
AnonymousOverCertificateAnonymousOverCertificate
UsernameOverTransportUsernameOverTransport
Kerberos (Windows)Kerberos (Windows)
MutualCertificate andMutualCertificate andCertificateMutualAuthenticationProfileCertificateMutualAuthenticationProfile
10
Example Turnkey Security Example Turnkey Security ScenarioScenarioUsername Credentials with Server Certificate for Username Credentials with Server Certificate for ProtectionProtection
Application Application ServerServer
InternetInternet IntranetIntranet
Authenticate Authenticate username/ username/ PasswordPassword
Confidential, signedConfidential, signedrequest using a client keyrequest using a client keyprotected with theprotected with theserver certificateserver certificate
Confidential, signedConfidential, signedresponse using response using the supplied client keythe supplied client key
Username/Password Username/Password for Authenticationfor Authentication
11
Securing a Web service using Securing a Web service using WSE 3.0 Security PolicyWSE 3.0 Security Policy
12
WSE 3.0: The Road to WCFWSE 3.0: The Road to WCFWire level interoperable with WCFWire level interoperable with WCF
Support for interoperable security scenariosSupport for interoperable security scenarios
WSE turnkey policy security assertions are WSE turnkey policy security assertions are aligned with WCF security bindingaligned with WCF security binding
WSE 3.0 runs side-by-WSE 3.0 runs side-by-
side with WCFside with WCF
Migration and interoperabilityMigration and interoperability
guidance will beguidance will be
provided from WSE 3.0 provided from WSE 3.0
to WCFto WCF
13
WSE to WCF Interoperability WSE to WCF Interoperability GuidanceGuidanceEmbraceEmbrace
The ASMX guidanceThe ASMX guidance
Use WSE 3.0 for wire level interoperability Use WSE 3.0 for wire level interoperability with WCFwith WCF
HTTP transportHTTP transport
Turnkey Security Scenarios and policy (WSE Turnkey Security Scenarios and policy (WSE 3.0)3.0)
MTOM (WSE 3.0)MTOM (WSE 3.0)
AvoidAvoidTCP transport for interoperabilityTCP transport for interoperability
Custom transportsCustom transports
DIME (WSE 2.0)DIME (WSE 2.0)
14
Web Services ArchitectureWeb Services ArchitectureWCF Web ServicesWCF Web Services
Foundation
Applications & ApplicationInfrastructure
Transports
Connected Applications …
Security
Reliability
Transactions
Messaging
XML
Meta
data
HTTP
TCP Custom
…
Management
Business Process
15
Address Binding Contract
Address, Binding, & Address, Binding, & ContractContract
ServiceServiceClientClient
EndpointEndpoint
EndpointEndpoint
EndpointEndpoint
EndpointEndpoint MessageMessage
Where? How? What?
A B C
A B C
A B C
A B C
16
WCF Security ModelWCF Security ModelCapabilitiesCapabilities
Secure Transfer of Secure Transfer of MessagesMessages
ConfidentialityConfidentiality
IntegrityIntegrity
AuthenticationAuthentication
Access Control for Access Control for resourcesresources
AuthorizationAuthorization
Audit Security EventsAudit Security Events
Programming levelsProgramming levelsSimple turnkey modelSimple turnkey model
Advanced custom modelAdvanced custom model
WSE 3.0WSE 3.0
WSE 3.0WSE 3.0
17
WCF Interoperable Standard WCF Interoperable Standard BindingsBindings
WCFWCF
BindingsBindings
SpecificationsSpecifications
.NET.NET
Web serviceWeb service
ImplementatioImplementationn
basicHttpBindinbasicHttpBindingg
SOAP 1.1SOAP 1.1
Basic Profile 1.1Basic Profile 1.1
WS-Security 1.0WS-Security 1.0
Basic Security Profile Basic Security Profile 1.01.0
MTOMMTOM
ASP.NET 1.1ASP.NET 1.1
ASP.NET 2.0ASP.NET 2.0
WSE 2.0WSE 2.0
WSE 3.0WSE 3.0
wsHttpBindingwsHttpBinding SOAP 1.2SOAP 1.2
WS-Security 1.1 (CR)WS-Security 1.1 (CR)
MTOMMTOM
WSE 3.0WSE 3.0
18
WSE to WCF Security WSE to WCF Security MappingMapping
WSE 3.0 Turnkey WSE 3.0 Turnkey Policy Security Policy Security AssertionsAssertions
WCF basicHttpBinding Security WCF basicHttpBinding Security ConfigurationConfiguration
UsernameOverTransportUsernameOverTransport<usernameOverTransportSecurit<usernameOverTransportSecurity />y />
<security <security mode="TransportWithMessageCredential">mode="TransportWithMessageCredential">
<message <message clientCredentialType=“Username"/>clientCredentialType=“Username"/>
</security></security>
CertificateMutualCertificateMutual
AuthenticationProfileAuthenticationProfile<CertificateMutualAuthenticatio<CertificateMutualAuthenticationn
ProfileSecurity />ProfileSecurity />
<security mode="Message"><security mode="Message">
<message <message clientCredentialType=“Certificate" clientCredentialType=“Certificate" negotiateServiceCredential="false"/>negotiateServiceCredential="false"/>
</security></security>
WCF standard bindings mapped to WCF standard bindings mapped to WSE policy security assertionsWSE policy security assertions
19
WSE 3.0 Turnkey WSE 3.0 Turnkey Policy Security Policy Security AssertionsAssertions
WCF wsHttpBinding Security WCF wsHttpBinding Security ConfigurationConfiguration
AnnonymousOverCertificatAnnonymousOverCertificatee <anonymousOverCertificateSecu<anonymousOverCertificateSecurity rity establishSecurityContext=“true“ establishSecurityContext=“true“ />/>
<security mode="Message"><security mode="Message">
<message <message clientCredentialType=“None" clientCredentialType=“None" negotiateServiceCredential="false"/>negotiateServiceCredential="false"/>
</security></security>
UsernameOverCertificateUsernameOverCertificate <usernameOverCertificateSecurit<usernameOverCertificateSecurity y establishSecurityContext=“true“ establishSecurityContext=“true“ />/>
<security mode="Message"><security mode="Message">
<message <message clientCredentialType=“UserName" clientCredentialType=“UserName" negotiateServiceCredential="false"/>negotiateServiceCredential="false"/>
</security></security>
Kerberos (Windows)Kerberos (Windows) <anonymousOverCertificateSecu<anonymousOverCertificateSecurity rity establishSecurityContext=“true“ establishSecurityContext=“true“ />/>
<security mode="Message"><security mode="Message">
<message <message clientCredentialType="Windows" clientCredentialType="Windows" negotiateServiceCredential="false"/>negotiateServiceCredential="false"/>
</security></security>
MutualCertificateMutualCertificate <mutualCertificateSecurity <mutualCertificateSecurity establishSecurityContext=“true“ establishSecurityContext=“true“ />/>
<security mode="Message"><security mode="Message">
<message <message clientCredentialType=“Certificate" clientCredentialType=“Certificate" negotiateServiceCredential="false"/>negotiateServiceCredential="false"/>
</security></security>
WSE to WCF Security WSE to WCF Security MappingMapping
20
Building WCF Clients for ASP.NET Building WCF Clients for ASP.NET and WSE 3.0 Web servicesand WSE 3.0 Web services
21
Turnkey Security Scenario Turnkey Security Scenario MappingMappingWSE 3.0 turnkey policy security WSE 3.0 turnkey policy security
assertions map to WCF custom assertions map to WCF custom security bindingssecurity bindings
<customBinding><customBinding> <binding name=“MyBinding"><binding name=“MyBinding"> <security <security authenticationMode=“UsernameForCertificate" authenticationMode=“UsernameForCertificate"
MessageProtectionOrder="SignBeforeEncrypt“MessageProtectionOrder="SignBeforeEncrypt“requireDerivedKeys="true”/>requireDerivedKeys="true”/>
</binding></binding></customBinding></customBinding>
<policies><policies> <policy name=“MyPolicy"><policy name=“MyPolicy"> <usernameForCertificateSecurity<usernameForCertificateSecurityprotectionOrder="SignBeforeEncrypt" protectionOrder="SignBeforeEncrypt" deriveKeys="true“/>deriveKeys="true“/> </policy></policy></policies></policies>
22
WCF Custom Security BindingWCF Custom Security Bindingand Custom WSE Bindingand Custom WSE Binding
23
SummarySummaryWrite connected applications today Write connected applications today and achieve interoperability for a and achieve interoperability for a lifetimelifetime
Download the WSE 3.0 Beta from Download the WSE 3.0 Beta from MSDNMSDN
http://msdn.microsoft.com/webservices/building/wse/
Install WinFx and Windows Vista Install WinFx and Windows Vista
Enjoy WSE 3.0 and WCF Hands on Enjoy WSE 3.0 and WCF Hands on LabsLabs
24
ResourcesResourcesmailto: [email protected]
blog: http://blogs.msdn.com/mfussell
Web services forum:http://forums.microsoft.com/msdn/
WS-Security roadmaphttp://msdn.microsoft.com/webservices/
understanding/gxa/default.aspx?pull=/library/en-us/dnwssecur/html/securitywhitepaper.asp
25
Your FeedbackYour Feedbackis Important!is Important!
Please Fill Out a SurveyPlease Fill Out a Survey
© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.