6. Design Patterns in Service Layer
Remote Façade Pattern
A set of methods that modify the granularity existing operations
already implemented elsewhere.
A service is already a remote façade over the business layer
Data Transfer Object Pattern
Object that carries data across an application’s boundaries
ex: XML file as input format for ChangeGrade()
Adapter Pattern
Converts the interface of one class into another interface that a
client expects
ex: UCSD GPA system takes in % points also
Proxy Pattern
Client will create a proxy, and proxy will communicate with the
service
7. WCF - windows communication foundation
A set of .NET libraries
An SDK for developing and deploying services on
Windows
A WCF Service
is a unit of functionality exposed to the world
can be local or remote, developed by multiple parties
using any technology
A WCF Client
is merely the party consuming a service's functionality
can be literally anything:
ASP.NET (MVC)
JAVA app
Mobile apps
9. ABC of WCF
This was an interview question
A - Address
Every service is associated with a unique address.
Where are you?
B - Binding SSL, call-backs, encryption-key
A binding is a consistent set of choices regarding the transport
protocol, message encoding, communication pattern, reliability,
security, transaction propagation, and interoperability
How should I talk with you?
C - Contract
The contract is a platform-neutral and standard way of describing
what the service does.
What am I giving/getting from you.
10. WCF ABC - Address
Every service is associated with a unique address. The
address provides two important elements
(1) the location of the service
IP address
URL
(2) transport protocol or transport schema used to communicate
with the service
http
net.tcp
Examples
net.tcp://localhost:8002/MyService
http://www.wcf.org:8001
net.pipe://localhost/MyPipe
net.msmq://localhost/MyService
11. WCF ABC - Binding
Basic Binding - expose a WCF service as a legacy
ASMX web service
TCP Binding - Offered by the NetTcpBinding class,
this uses TCP for cross-machine communication on
the intranet. It supports a variety of features, including
reliability, transactions, and security, and is optimized
for WCF-to-WCF communication
Web Service binding - Offered by the WSHttpBinding
class, this uses HTTP or HTTPS for transport, and is
designed to offer a variety of features such as
reliability, transactions, and security over the Internet
IPC Binding - Same-machine communication
Others (skip) : MSMQ, Duplex WS, etc
12. WCF ABC - Contract
The contract is a platform-neutral and standard
way of describing what the service does
Service contracts (method definition)
Describe which operations the client can perform on
the service
Data contracts (parameter types)
Define which data types are passed to and from the
service.
WCF defines implicit contracts for built-in types such
as int and string, but you can easily define explicit opt-
in data contracts for custom types.
14. WCF Operation
Focus on the client side
(1) Request & Reply (for CSE 136)
Most common calls - If no response, client gives up
always put try/catch in the client code
(2) One-way
Send and forget
(3) Call-back (not for CSE 136)
The service is the client and the client becomes the service
HTTP cannot be used for callbacks
TCP and the IPC protocols support duplex communication
Observer Design Pattern
15. WCF Instance
Focus on the server side
Applications differ in their needs for scalability, performance,
throughput, transactions, and queued calls
(1) per-call
services allocate (and destroy) a new service instance per client request
This is the default behavior
(2) session
allocate a service instance per client connection.
[ServiceContract(SessionMode = SessionMode.Required)]
(3) Singleton
all clients share the same service instance across all connections and
activations
[ServiceBehavior(InstanceContextMode=InstanceContextMode.Single)
16. RESTful Services
CRUD : Create, Read, Update, and Delete
RESTFul : using http methods
Get - Read
Post - Create
Put - Update
Delete - Delete
REST stands for “Representational State
Transfer”
Skip for 136
17. WCF Security (authentication)
Verifying that the caller of a service is indeed
who the caller claims to be
Windows authentication
Username and password
X509 certificate
Custom mechanism & other 3rd parties
No authentication (CSE 136)
18. Business Logic Layer Security
User-based Security
Authorization deals with what the caller (user) is
allowed to do.
Callers are mapped to logical roles. (Role ex:
Faculty, Staff, or Student)
Code-based Security
Authenticate the code source
Authorize code for access
Enforce the code access
21. BBL Security : Code-identity-based 1
Authenticate code identity
Information about the origin of a piece of code (such as the
URL where it is run from) are collected and presented to
the authorization layer
Ex: Tourist visa from China
Authorize code, not users, to access resources
All trust decisions to access protected resources are made
for particular pieces of code, based on security settings
evolving around information about the origin of code
Ex: Tourism visa from China can visit, not work and study
Enforce the authorization
The granularity of enforcement functions on the level of
individual pieces of code (such as individual assemblies)
.NET CLR enforces the security
Ex: Employer checking for U.S. Visa
22. BBL Security : Code-identity-based 2
Authenticate code identity
Authenticates assemblies exe & dll
By collecting evidence about the assembly
Ex: assembly's URL or strong name Signed by Microsoft
Authorize code, not users, to access resources
Authorizes assemblies
By granting assemblies a set of permissions to access
protected resources (such as the file system or
registry)
Enforce the authorization
By checking that all assemblies calling to a protected
resource have the appropriate permission to access
that resource (.NET CLR)
23. .NET code-based Security : Evidence
• Publisher
• Site (url)
• Zone (where on the
computer)
• Strong name (signed key)
24. .NET code-based Security : Policy
Similar to homeland security policy Visitors with “Iraq
visa” (membership)
has limited access to
certain “government
buildings"
(permission set)
27. .NET code-based Security : Example
Ex: immigration
document type
Visa, Diplomatic ID,
birth-certificate
Ex: Chinese Visa
28. Regular Expressions 1
What is regular expression
pattern describing a certain amount of text
a series of letters, digits, dots, underscores, signs
and hyphens
What are its common usages
Formatting
Validating
Parsing
31. Review question
Difference between macro and micro services?
What design patterns exist in the services layer?
What .NET libraries does 136 use to implement the service
layer?
What is the ABC of WCF?
Difference between authenticate and authorize?
What is security policy? (rules defined)
What are the four levels of .NET policies?
What is code group? (groups of code in a policy)
What is membership? (identify a group of code)
What is permission set? (set of permissions assigned to a
group of code)
32. Your assignment
Due Next Thursday
Create a Service Layer project Just a wrapper project
Continue development of your BLL
Continue development of unit tests for your
BLL