Creating and Consuming RESTful Web Services with WCF Ron Jacobs Sr. Technical Evangelist Platform Evangelism Microsoft Corporation
Agenda What is REST? Is REST SOA? Key REST principles Adventure Works REST API WCF Example Summary 71 Slides 5 Demos I must be insane!
Resources Leonard Richardson Sam Ruby www.ronjacobs.com Code Slides
“Representational state transfer (REST) is a style of software architecture for distributed hypermedia systems such as the World Wide Web.” http://en.wikipedia.org/wiki/Representational_State_Transfer What is rest?
HTTP What is REST? Application state and functionality are resources Every resource has a URI All resources share a uniform interface HTTP
Is REST SOA? “Protocol independence is a bug, not a feature”. - Mark Baker Is REST SOA?
IS REST SOA? SOAP REST WCF Test Client Notepad Internet Explorer REST is an architectural style that allows you to implement services with broad reach SOA is about services SOA is not about protocol, transport, format etc. SOAP REST WCF Test Client Notepad Internet Explorer 5 HTTP Messages 18,604 bytes “You entered: 1”
“The promise is that if you adhere to REST principles while designing your application, you will end up with a system that exploits the Web’s architecture to your benefit.” -Stefan Tilkov http://www.infoq.com/articles/rest-introduction Key rest principles
Key REST Principles Give every “thing” an ID Link things together Use standard methods Resources with multiple representations Communicate statelessly
Give every “thing” an ID Expose thing or collection things with a scheme that is ubiquitous Embrace the URI How to get it (http:// or net.tcp:// or net.msmq:// etc.) Where to get it (example.com) What to get (customer 1234)
Give every “thing” an ID An API like this Customer C = GetCustomer(1234); Can be represented like this http://example.com/customers/1234
Link Things Together Hypermedia as the engine of application state Just means that you should link things together People or apps can transition state by following links Links can be to the same app or to some other app
Link Things Together <CustomerData> <Self>http://adventure-works.com/customer/1</Self> <CompanyName>A Bike Store</CompanyName> <CustomerID>1</CustomerID> <EmailAddress>orlando0@adventure-works.com</EmailAddress> <FirstName>Orlando</FirstName> <LastName>Gee</LastName> <Orders>http://adventure-works.com/customer/1/orders</Orders> <RowID>3f5ae95e-b87d-4aed-95b4-c3797afcb74f</RowID> </CustomerData> http://search.live.com/results.aspx?q=Ron+Jacobs&first=11...
Use Standard Methods public class Resource { Resource(Uri u); Response Get(); Response Post(Request r); Response Put(Request r); Response Delete(); Response Head(); }
Shift to Resource Thinking Architect Connections Shift to Resource Thinking Operation SQL Command HTTP Verb Create a resource INSERT POST(a), PUT Read a resource SELECT GET Update a resource UPDATE PUT, POST(p) Delete a resource DELETE Query Metadata (Systables) HEAD SQL INSERT INTO CUSTOMERS (...) VALUES (...) REST (POST) http://example.com/customers <Customer>...</Customer> Updates will be available at http://www.devconnections.com/updates/Orlando_08/Architect
Shift to Resource Thinking Operation SQL Command HTTP Verb Create a resource INSERT POST Read a resource SELECT GET Update a resource UPDATE PUT (POST) Delete a resource DELETE Query Metadata (Systables) HEAD SQL SELECT FROM CUSTOMERS WHERE ID=567 REST (GET) http://example.com/customers/567
Resources as operations The result of an operation can be considered a resource API var result = CalculateShipping(“Redmond”, “NYC”); REST http://example.com/calculateShipping?from=“Redmond”&to=“NYC”
Content Negotiation Allow the client to ask for what they want “I want XML” “I want JSON” “I want …” (HTML, CSV, etc.) GET /customers/1234 HTTP/1.1 Host: example.com Accept: text/xml JSR 311 features the idea of extensions as a way to do content negotiation without the headers as in /customers.xml /customers.json GET /customers/1234 HTTP/1.1 Host: example.com Accept: text/json
Communicate Statelessly Stateless means that every request stands alone Session is not required Can be bookmarked Application State lives on the Client Everything that is needed to complete the request must be included in the request Resource State lives on the server(s) Stored in durable storage (typically) May be cached
adventure works REST API Implementation Time adventure works REST API
AdventureWorks Customer API URI Method Collection Operation /customers POST Customers Create /customers/{custId} GET Read PUT Update DELETE Delete /customers/{custId}/Orders Sales Read customer orders
“Remember that GET is supposed to be a “safe” operation, i. e “Remember that GET is supposed to be a “safe” operation, i.e. the client does not accept any obligations (such as paying you for your services) or assume any responsibility, when all it does is follow a link by issuing a GET.” -Stefan Tilkov http://www.infoq.com/articles/tilkov-rest-doubts HTTP GET
GET CUSTOMER DeMO http://rojacobsxps/AdventureWorksDev/api/customer/1 WebGet Attribute UriTemplate Query String Parameters GET CUSTOMER DeMO http://rojacobsxps/AdventureWorksDev/api/customer/1
WebGet Attribute WebGet Indicates you want to use an HTTP GET for this method Method name is resource name Arguments are query string parameters // GET a customer [OperationContract] [WebGet] CustomerData GetCustomer(string customerId); http://localhost/service.svc/GetCustomer?customerId=1
WebGet UriTemplate UriTemplate maps the URI to parameters in your method Using parameters in the Uri makes them mandatory, query string parameters are optional. // GET a customer [OperationContract] [WebGet(UriTemplate = "customer/{customerId}")] CustomerData GetCustomer(string customerId); http://localhost/service.svc/Customer/1
Making your first RESTful Service Create a WCF Service Library Add a reference / using System.ServiceModel.Web Decorate your method with WebGet Modify configuration Change the binding from wsHttpBinding to webHttpBinding Add the webHttp endpoint behavior to the endpoint Note: WCF will start up without this behavior though it is not very useful configuration
Gotcha! Testing the service with the WCF Test Client
Gotcha! Testing with the browser before setting the webHttp behavior What I wish they had said... Or better yet, don’t start up without webHttp if you have WebGet on an OperationContract. 'http://localhost/...' cannot be processed at the receiver, due to an AddressFilter mismatch at the EndpointDispatcher. Check that the sender and receiver's EndpointAddresses agree. 'http://localhost/...' cannot be processed at the receiver, due to an AddressFilter mismatch at the EndpointDispatcher. Did you forget the webHttp behavior on the endpoint?
Testing your first RESTful service Use a browser to test it http://(host):(port)/(service)/(method)?arg=value The default behavior is Method name is the resource Arguments are query strings Add a UriTemplate to modify the default behavior
Architect Connections Get Customers Returns a collection of customers from the database Issues Security – you can only see orders you are allowed to see Paging – stateless requests decide where to start REST API SOAP API http://adventure-works.com/customer Customer[] GetCustomers() Updates will be available at http://www.devconnections.com/updates/Orlando_08/Architect
Paging Allows clients to request a subset of the collection Use Query String parameters to specify start index and count http://adventure-works.com/customer?start=200&count=25
405 Method not allowed Gotcha! // GET customers [OperationContract] [WebGet(UriTemplate="customer?start={start}&count={count}")] CustomerGroupingData GetCustomers(int start, int count); // POST to customers [OperationContract] [WebInvoke(UriTemplate = "customer")] CustomerData AppendCustomer(CustomerData customer); http://adventure-works.com/customer 405 Method not allowed
Architect Connections Why? The template matching engine tries to find the best match The more specific a match is, the better When the URL contains just the resource “customer” The match for “customer” is a POST method Return 405 Method not allowed Updates will be available at http://www.devconnections.com/updates/Orlando_08/Architect
Why? Solution Don’t include the query string parameters in the UriTemplate Get them instead from the WebOperationContext.Current UriTemplate is now just “customer” for both GET and POST
200 Ok Solution // GET customers [OperationContract] [WebGet(UriTemplate = "customer")] CustomerGroupingData GetCustomers(int start, int count); // POST to customers [OperationContract] [WebInvoke(UriTemplate = "customer")] CustomerData AppendCustomer(CustomerData customer); http://localhost/AdventureWorksDev/api/customer 200 Ok
Query String Parameters private string GetQueryString(string argName) { UriTemplateMatch match = WebOperationContext.Current.IncomingRequest.UriTemplateMatch; try return match.QueryParameters[argName]; } catch (KeyNotFoundException) return null; Query String Parameters are found in here
Caching Use HttpRuntime.Cache to cache items on the server if it makes sense to do so // Check the cache CustomerData customerData = (CustomerData)HttpRuntime.Cache[requestUri.ToString()]; // Not found in the cache if (customerData == null) { // Try to get the customer data customerData = CustomersCollection.GetCustomer(custId); // Still not found outResponse.SetStatusAsNotFound(string.Format("Customer Id {0} not found", customerId)); } else // found // Set the headers outResponse.LastModified = customerData.LastModified; outResponse.ETag = customerData.ETag.ToString(); CacheCustomer(requestUri, customerData);
Client Caching Add Expires or Cache-Control headers to provide clients with hints on caching WCF Default: Cache-Control: private No caching of private results // Allow client to cache for 5 minutes outResponse.Headers.Add("Cache-Control", "300");
Conditional GET Headers used by clients to save bandwidth if they hold cached data If-Modified-Since: (Date) Return the data only if it has been modified since (Date)
Conditional GET If-None-Matches: (Etag) Return the data only if there are no records matching this tag If the data exists but has not been modified return 304 “Not Modified” The server still has to verify that the resource exists and that it has not changed
Supporting If-Modified-Since Your data should have a LastModified value Update it whenever the data is written // Set the headers outResponse.LastModified = customerData.LastModified;
Supporting If-None-Matches Your data should have a row version This data is returned in an Etag header as an opaque string // Set the headers outResponse.ETag = customerData.ETag.ToString();
Conditional GET Check Not Modified? Suppress body private static void CheckModifiedSince( IncomingWebRequestContext inRequest, OutgoingWebResponseContext outResponse, CustomerData customerData) { // Get the If-Modified-Since header DateTime? modifiedSince = GetIfModifiedSince(inRequest); // Check for conditional get If-Modified-Since if (modifiedSince != null) if (customerData.LastModified <= modifiedSince) outResponse.SuppressEntityBody = true; outResponse.StatusCode = HttpStatusCode.NotModified; } Not Modified? Suppress body Return 304 “Not Modified”
GET Response 200 OK 304 Not Modified 400 Bad Request 404 Not Found GET successful 304 Not Modified Conditional GET did not find new data 400 Bad Request Problem with the request of some kind 404 Not Found Resource was not found 500 Internal Server Error Everything else
“You can use it to create resources underneath a parent resource and you can use it to append extra data onto the current state of a resource.” - RESTful Web Services http post
HTTP POST POST is ambiguously defined in the HTTP spec POST is the second most used RESTful verb Often referred to as POST(a) for “Append” Posting to a collection means to append to that collection Allows the server to determine the ultimate URI
HTTP POST Problem Solutions How to detect duplicate POST requests? Use PUT (it’s Idempotent by nature) Schemes involving handshaking of some kind between the client and server Client generated identifier for POST
POST to Customers Appends a new customer to the collection Issues Security – Are you allowed to create a customer? Idempotency – is this a duplicate POST request? REST API SOAP API (POST) http://adventure-works.com/customers CustomerData AppendCustomer(CustomerData customer);
POST Example public CustomerData AppendCustomer(CustomerData customer) { OutgoingWebResponseContext outResponse = WebOperationContext.Current.OutgoingResponse; try CustomerData newCustomer = CustomersCollection.AppendCustomer(customer); if (newCustomer.CustomerID != 0) outResponse.SetStatusAsCreated( BuildResourceUri("customer", newCustomer.CustomerID.ToString())); } return newCustomer; catch (CustomerRowIDExistsException) outResponse.StatusCode = HttpStatusCode.Conflict; outResponse.StatusDescription = "RowID exists, it must be unique"; return null; catch (Exception ex) Log.Write(ex); throw;
POST(a) Response 200 OK 400 Bad Request 409 Conflict POST successful 400 Bad Request Problem with the request of some kind 409 Conflict Resource already exists 500 Internal Server Error Everything else
Testing POST Methods Fiddler – http://www.fiddler2.com HTTP proxy Use machine name instead of localhost in URI IIS hosting helps with this Build a request Drag a GET request to the Request Builder Open a GET in Visual Studio for easy formatting of XML Set the Request type to POST Set the request body to valid XML Set the Content-Type: text/xml
PUT is an idempotent way to create / update a resource http PUT
HTTP PUT Creates or Updates the resource Idempotent by design Completely replaces whatever was there before with the new content Update the cache with new resource Idempotent by design Creating or Updating record 123 multiple times should result in the same value Do NOT do some kind of relative calculation
PUT and IDs If you can allow the client to define an ID within a context that is unique, PUT can insert, otherwise PUT is used to update resources REST API SOAP API Note: the first arg comes from the URI, the customer data comes from the request body (PUT) http://adventure-works.com/customers/123 CustomerData PutCustomer(string customerId, CustomerData customer);
PUT Response 200 OK 201 Created 400 Bad Request 404 Not Found Update successful 201 Created Insert Successful 400 Bad Request Problem with the request of some kind 404 Not Found Resource to update was not found 500 Internal Server Error Everything else
DELETE is for uh... well... um... deleting things http DELETE
DELETE Used to delete a resource Issues Security – can you delete a resource Cache – need to remove it from the server cache
DELETE Response 200 OK 400 Bad Request 404 Not Found Delete successful 400 Bad Request Problem with the request of some kind 404 Not Found Resource to delete was not found 500 Internal Server Error Everything else
URI Mapping URI Method Maps To api/customer GET api.svc/customer POST api/customer/{ID} api.svc/customer/{ID} DELETE PUT HEAD
UriMapper HTTP Module RESTful people do not like ugly URIs ScottGu has Many ways to rewrite URIs HttpModules can rewrite the URIs as they come in Jon Flanders blog Using WCF WebHttpBinding and WebGet with nicer Urls Modified it a bit to support my scenario http://adventure-works.com/service.svc/customer/1
Gotchca! I installed my HttpModule in web.config under <system.web><httpModules> Not working Searched blogs to find out that for IIS 7 you must install under <system.webServer><modules> If your HttpModule does not rewrite the URL correctly you will get 404 errors and have a hard time understanding why
Content Negotiation Trend is toward an extension syntax Unfortunately you must specify the response format in the WebGet, WebInvoke attribute You can dynamically choose your format by making your service return a stream and then serializing your content directly to the stream http://adventure-works.com/customers.xhtml http://adventure-works.com/customers.xml http://adventure-works.com/customers.json
Two Services apixml.svc for XML apijson.svc for JSON UriMapper code looks for an extension on the resource and maps it to the appropriate service default is XML 2 .SVC files means two classes that implement 2 different contracts
Class Diagram
URI Mapping URI Method Maps To api/customer GET apixml.svc/customer POST api/customer/{ID} apixml.svc/customer/{ID} DELETE PUT HEAD api/customer.json apijson.svc/customer api/customer/{ID}.json apijson.svc/customer/{ID}
Content Negotiation Demo http://rojacobsxps/AdventureWorksDev
Consuming a RESTful Service Use WCF or HttpWebRequest Need a ServiceContract interface Copy from service Build from scratch Build UriTemplates that will match up to the service
Data Contract Schema Export Schema from Assembly svcutil foo.dll /dconly Generate data contracts from xsd files svcutil *.xsd /dconly
a scope to access the context Using WCF on the Client public CustomerData GetCustomer(string customerId, Guid? eTag, DateTime? modifiedSince) { using (var factory = new WebChannelFactory<IAdventureWorksServiceXml>("AdventureWorks")) IAdventureWorksServiceXml service = factory.CreateChannel(); using (OperationContextScope scope = new OperationContextScope( (IContextChannel)service)) OutgoingWebRequestContext request = WebOperationContext.Current.OutgoingRequest; if (eTag != null) request.IfNoneMatch = eTag.ToString(); if (modifiedSince != null) DateTimeFormatInfo formatInfo = CultureInfo.InvariantCulture.DateTimeFormat; // RFC1123Pattern request.IfModifiedSince = modifiedSince.Value.ToString("r", formatInfo); } return service.GetCustomer(customerId); You must create a scope to access the context
Summary RESTful services extend the reach of HTTP to your SOA RESTful design is harder than you might think Implementation has some tricky issues to overcome