locked
DAL as Web Service RRS feed

  • Question

  • User-608879143 posted

    Hi,

    Have a few questions. I'm currently trying to work out the best way to build this web application, which will then be intergrated on other systems, such as WinForms, Intranets etc.

    We hope to include the usual layers i.e. DAL, BLL, BOL and UI but I have been experimenting with Entity Framework 4 and WCF Data Services and managed to get something in place where I was using WCF as a gateway to EF4.

    i.e. Adding a Service Reference to my project and then using the EF4 context and writing LINQ queries against the DB

    e.g.

    Uri _Uri = new Uri("http://www.example.com/service.svc");
    using (Entities context = new Entities(_Uri)
    {
    
    var Employees = from a in context.DBEmployees
    
    foreach(var Employee in Employees)
    {
    
    //Do Stuff
    
    }
    
    }


     

    Now with the current setup I would still need to write a DAL Class Library, that interacts with the Data Service, because as I said WCF Data Services only seems to be a gateway, I can't see where to put the code (above) in the Data Service and then how I could these methods. I assume I am using WCF wrongly.

    My questions are:

    1. How do I develop a WCF Data Service in such a way to allow this behaviour - I know how I could do it using ASMX web service, something like

    [WebMethod]
    public List<Object> GetObjects()
    {
    //Code to retrieve list of objects
    }

    2. If I am to use WCF Data Services, how is serialization handled (if at all) - again I know how to do something in ASMX web services

    3. Again, If I am to use WCF, how do I add Security and only allow my applications to access the web service - for obvious reasons

    4. Would it be possible / logical to also include the Business Logic Layer into the web service?

    Thanks in advance for any help

    Thursday, February 10, 2011 1:13 PM

Answers

  • User-952121411 posted

    I am actually using Forms authentication could I use the same logic and how do these credentials get checked on the WCF web service side
     

    I don't know exactly how to strip out the user's idenetity when not a windows user in the case of the CheckAccessCore() method.  You obviously will not be able to reverse engineer any kind of password credentials, so when using an impersonated forms authenticated user to call a WCF service you will be looking for the user's name. I believe the following line of code will get you this value:

                'Get the User Name of the primary identity, and determine if this user is allowed access to the service
                Dim UserName As String = operationContext.ServiceSecurityContext.PrimaryIdentity.Name

     

    The understanding is that you use the CheckAccessCore method to intercept the security context to approve/deny access to calling the methods at a top level for the service.  Instead of using the WindowsIdentity classes you will want to look at the ServiceSecurityContext classes that deal with non-Windows users. Some of the links below might help you:

    ServiceSecurityContext Class:

    http://msdn.microsoft.com/en-us/library/system.servicemodel.servicesecuritycontext.aspx

    Identity & ServiceSecurityContext in WCF:

    http://sankarsan.wordpress.com/2010/07/25/identity-securitycallcontext-in-wcf/

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 14, 2011 9:12 AM

All replies

  • User2063778947 posted

    Hi ,


        You Keep Busness Logic Things in one separate layer. And u have to call from your webmethod to related Busness Logic method


    Friday, February 11, 2011 2:20 AM
  • User-952121411 posted

    1. How do I develop a WCF Data Service in such a way to allow this behaviour - I know how I could do it using ASMX web service, something like

     

    You can write this same method in WCF. WCF is everything .asmx web services were and at least 10x more! Your WCF Interface would have a method called GetObjects() (or something more specefic possibly), and then your WCF Class that implements the WCF Interface defined in your binding would have the implemented code. With that "10x more" with WCF also comes more complexity, espcially at 1st. So if you don't feel comfortable writhing a basic WCF service, stop here and work through some entry level WCF tutorials on the MSDN 1st: http://msdn.microsoft.com/en-us/data/ee720180.aspx

    2. If I am to use WCF Data Services, how is serialization handled (if at all) - again I know how to do something in ASMX web services

    Well serialization as much as I know is handled pretty much the same at the coding level (not sure about underneath the covers). You still have to make sure the DataContracts your are building, method return values, etc are natively serializable.

    3. Again, If I am to use WCF, how do I add Security and only allow my applications to access the web service - for obvious reasons

    I use the following code which works really well:

    How To: Create an ASP.NET style Windows Authentication Policy for WCF Services:

    http://allen-conway-dotnet.blogspot.com/2010/01/how-to-create-aspnet-windows.html

    4. Would it be possible / logical to also include the Business Logic Layer into the web service?

    Absolutely. However you would more than likely place this in its own WCF representing its own layer just as you would if doing outside of WCF.

    Hope this helps!

    Friday, February 11, 2011 1:53 PM
  • User-608879143 posted

    Thanks Allen,

    And thanks for all the help. I've had a look at your blog and I was wondering about this section

    Dim wcfSecurityTest As New WindowsSecurityService.Service1Client
    'Obviously NEVER hardcode credentials like the example ONLY below
    wcfSecurityTest.ClientCredentials.Windows.ClientCredential = New System.Net.NetworkCredential("jsmith", "testpassword", "MyCompany")'Upon making the call below, the WCF will call the overriden CheckAccessCore() method to allow or reject authorization
    wcfSecurityTest.GetData(2)


    I am actually using Forms authentication could I use the same logic and how do these credentials get checked on the WCF web service side? Membership? 

    Thanks again for all your help

    Monday, February 14, 2011 5:10 AM
  • User-952121411 posted

    I am actually using Forms authentication could I use the same logic and how do these credentials get checked on the WCF web service side
     

    I don't know exactly how to strip out the user's idenetity when not a windows user in the case of the CheckAccessCore() method.  You obviously will not be able to reverse engineer any kind of password credentials, so when using an impersonated forms authenticated user to call a WCF service you will be looking for the user's name. I believe the following line of code will get you this value:

                'Get the User Name of the primary identity, and determine if this user is allowed access to the service
                Dim UserName As String = operationContext.ServiceSecurityContext.PrimaryIdentity.Name

     

    The understanding is that you use the CheckAccessCore method to intercept the security context to approve/deny access to calling the methods at a top level for the service.  Instead of using the WindowsIdentity classes you will want to look at the ServiceSecurityContext classes that deal with non-Windows users. Some of the links below might help you:

    ServiceSecurityContext Class:

    http://msdn.microsoft.com/en-us/library/system.servicemodel.servicesecuritycontext.aspx

    Identity & ServiceSecurityContext in WCF:

    http://sankarsan.wordpress.com/2010/07/25/identity-securitycallcontext-in-wcf/

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 14, 2011 9:12 AM