Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino.

Published byEdgardo Poll Modified over 9 years ago

Similar presentations

Presentation on theme: "Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino."— Presentation transcript:

1 Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino

2 Session Objectives & Prerequisites Objectives WCF & WF Overview Messaging using Workflow Services Identity Metasystem Securing WCF with CardSpace Prerequisites Experience with either WF or WCF in.NET 3.0 Application Security basis Some experience with the other

3 Agenda Introduction to: WCF WF Better Together: Workflow Services Service Communications Identity Metasystem: CardSpace STS

4 { WCF }

5 Rhetorical Question WHAT IS A SERVICE? Some functionality exposed via a structured messaging scheme…

6 Windows Communication Foundation The Swiss-Army Chainsaw of service platforms Unified programming model Great manageability features Tracing, message logging, threading controls, DOS remediation, WMI integration, configurability, etc. Introduced in.NET 3.0, enhanced in.NET 3.5

7 Clients, Services & Endpoint Client Service Endpoint CBA CBA A BC CBA Address Where? Contract What? Binding How? Endpoint

8 WCF Gross Anatomy <endpoint name=“MyService” address=“http://MyServer:6666/MyService” binding=“basicHttpBinding” contract=“IMyInterface”/> [ServiceContract] public interface IMyInterface { [OperationContract] void MyMethod(String arg); } [ServiceBehavior(InstanceContextMode= InstanceContextMode.Single] public class MyService: IMyInterface { public void MyMethod(String arg){…} } Service Contract Definition Address Binding Contract Service Type

9 { WF }

10 Windows Workflow Foundation What is Workflow? What’s the value of Workflow? Workflow is the organization of work Long Running Logic Flexibility Transparency Visual Studio Designer A Workflow Activity

11 Workflow Services Approaches Service implemented as Workflow Leverage Workflow development experience Allows long-running, durable Services Workflow hosted as Service ServiceContract provides typed interface for integrating with the Workflow Messages enforce by-value, serializable data Workflows can be message-activated

12 { DEMO } Workflow Services

13 Workflow Services Architecture Workflow Runtime ServiceHostServiceHost ServiceDescriptionServiceDescription ServiceBehaviorServiceBehavior OperationBehaviorOperationBehavior Workflow.cs or Workflow.xoml App.config Service Runtime OperationInvokerOperationInvoker OperationSelectorOperationSelector InstanceProviderInstanceProvider MessageInspectorMessageInspector ListenerChannelListenerChannel Service Instance Operation 1 Operation 2 WorkflowServiceHostWorkflowServiceHost WorkflowServiceBehaviorWorkflowServiceBehavior WorkflowOperationBehaviorWorkflowOperationBehavior WorkflowOperationInvokerWorkflowOperationInvoker DurableInstanceProviderDurableInstanceProvider MessageContextInspectorMessageContextInspector ContextChannelContextChannel Workflow Instance ReceiveActivity 1 ReceiveActivity 2 WF Persistence DB Service.cs

14 Context Exchange Transport model for exchange will not work in long-running process Manage at application or process layer Need to agree upon a protocol to exchange context

15 Context Exchange Protocol ServiceService ReceiveReceive ReceiveReceive ClientClient SendSend SendSend op x response {instanceId}{instanceId} op x params op y params {instanceId}{instanceId} op y response Context repository (your choice) op y params {instanceId}{instanceId} op y response {instanceId}{instanceId}

16 Duplex Communication Cannot rely on a duplex channel Model this via two contracts (inside two WorkflowServiceHost’s) Explicitly provide “client” context in the initiating message to the “server”

17 Duplex Message Flow ClientClient ServiceService {no context} ClientIdClientId BeginWorkflow {ServiceId}{ServiceId} BodyBody BeginWorkItem {ServiceId}{ServiceId} BodyBody {ServiceId}{ServiceId} BodyBody ContinueWorkItem CompleteWorkItem {ServiceId}{ServiceId} BodyBody WorkItemComplete {ClientId}{ClientId} BodyBody SendRequestSendRequest ReceiveResposeReceiveRespose SendSend SendSend SendSend ReceiveReceive ReceiveRequestReceiveRequest ReceiveReceive ReceiveReceive ReceiveReceive SendSend

18 { EXAMPLE } Duplex Messaging

19 { IDENTITY }

20 Identity on the Internet Today Passwords Not a secure option with today’s computing power Too easy to attack, long passwords hard to remember We need stronger options! Identity silos How many user accounts do you have on the web? Each requires its own password or other credential Expensive and painful to manage Today’s “solution” Most users have one password they use everywhere!

21 Information Card From the user's perspective Data about myself Name, phone, address… Data about a relationship with some entity Frequent Flyer -> Airline Credit card holder -> Bank Citizen of X -> Government I may have to “do” something for using the card Insert smartcard Be on my company’s network Perception: I send this card so that the service provider will recognize me and use the information I disclose.

22 Information Card From the computer's perspective Token Format SAML, Kerberos… STS Information Address Metadata Policy Authentication factor type & hints Thumbprint for certificates Card ID for self issued A card represent the ability of obtaining a token of a certain format, containing certain claims, requesting it from a certain STS following a certain policy

23 A Token ClaimName 1 : Value 1 ClaimName n : Value n S … Issuer’s signature [optional] key material Claims collection E Encryption for the intended audience

24 Windows CardSpace Windows CardSpace is an identity selector for the metasystem Represents digital identities graphically Gets the user more highly involved in authentication Designed to be difficult to spoof (helps mitigate phishing attacks) Makes identity feel real Each identity represented as a card

25 { DEMO }

26 Externalizing Authentication Embedding identity management code in the app codebase is a Bad Idea Competence Maintenance Robustness/Flexibility The technical details of authentication should be abstracted away from the application developer

27 S+S Trust IP Resources R-STS User’s PC

28 Identity Flow SAML User’s PC Website Identity Provider Token Policy Cards Store STS Identities Store SAML Get Login Page Read Policies Pass Policies to Identity Selector Filter the list based on policies Pass card to STS The IP authenticates RST… If successful, builds & signs the requested token The website authenticates the token The IP sends back the token The application posts the token to the website

29 { DEMO }

30 Zermatt Framework for implementing claims-based identity in your applications Set of.NET Framework 3.5 classes Federated Authentication HttpModule IIdentity -> IClaimsIdentity IPrincipal -> IClaimsPrincipal Information Card Design Control Passive Sign In Design Control Still Beta…

31 SUMMARY WCF provides numerous extension points and configuration parameters Workflow Services provide a natural way to build services. With an understanding of context, advanced communication patterns can be implemented across many parties. Identity Management Frameworks provide great opportunities to drive security implementations targeting the future of software architecture.

32 Related Contents Community site, samples, news http://cardspace.nefx3.com www.dinnernow.net MSDN Forum http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=784&SiteID=1 MSDN Home Page http://msdn.microsoft.com/identity

33 Any questions ? Feel Free to meet during the break Or contact us: Gaetan.holderbeke@pragmaconsult.lu Xavier.pellegrino@pragmaconsult.lu www.pragmaconsult.lu

34 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Building applications that combine WCF, WF and Cardspace in the.NET Framework 3.5 Gaëtan Holderbeke Xavier Pellegrino."

Similar presentations

Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)

Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)
Feature: Identity Management - Login © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Feature: Identity Management - Login © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
steve plank “planky” microsoft Lest we forget windows azure appfab

steve plank “planky” microsoft Lest we forget windows azure appfab
 Jan Alexander Program Manager Microsoft Corporation BB43.

 Jan Alexander Program Manager Microsoft Corporation BB43.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,

Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,
 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.

 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.
Vittorio Bertocci Sr. Architect Evangelist Microsoft Corporation ARC204.

Vittorio Bertocci Sr. Architect Evangelist Microsoft Corporation ARC204.
dev311 matt winkler – technical evangelist wf

dev311 matt winkler – technical evangelist wf
 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.

 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.
Windows Forms in Visual Studio 2005: An Overview Saurabh Pant Program Manager Microsoft Corporation.

Windows Forms in Visual Studio 2005: An Overview Saurabh Pant Program Manager Microsoft Corporation.
Christian Weyer thinktecture.

Christian Weyer thinktecture.
Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
vdir2 Web. config Echo. svc A A B B C C vdir2 vdir1.

vdir2 Web. config Echo. svc A A B B C C vdir2 vdir1.
Session 1.

Session 1.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
WEB 304 An Overview of ASP.NET and Windows Workflow Foundation Kashif Alam Program Manager Developer Division Microsoft Corporation.

WEB 304 An Overview of ASP.NET and Windows Workflow Foundation Kashif Alam Program Manager Developer Division Microsoft Corporation.
Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel: 0403809914

Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:

Similar presentations

Ads by Google