Professional Documents
Culture Documents
Microsoft Silverlight 3
Eugene Osovetsky
Program Manager
Microsoft Corporation
We'll Cover 3 Scenarios:
Simple Back-End Data Access
WCF,
SOAP
WCF
REST,
XML/JSON,
Atom/RSS
Simple Back-End Data Access
WCF,
SOAP
WCF
REST,
XML/JSON,
Atom/RSS
Back-End Data Access: Silverlight 2 Recap
WCF
Server:
“Add New Item…” “Silverlight-enabled
WCF Service”
Or any BP SOAP service…
Client:
“Add Service Reference”
demo
Product Catalog –
Accessing Server Data
from Silverlight
Common Pain Points
WCF
Performance
SOAP / XML “bloat”
Security
No automated way to send user credentials (if cannot rely on browser)
Biggest gains
Arrays, Numbers, Complex type graphs,
Byte Arrays (binary blobs)
Not optimized
Very small messages
Strings
Even repeated strings - Difference from netTcpBinding
24%
HP BL680c: 8 Intel EMT64 cores@2.4GHz
Windows Server 2008 64-bit, IIS7
Text / HTTP
71% Binary / HTTP
7570
6122
4615
2702
Message size
Binary XML: Message Size Reduction
Using large messages with arrays of "typical" data
Size reduction
40%
34%
15%
WCF
Server
Sends HTTP 500 Error Code (SOAP standard)
Not supported by browser plugins (like Silverlight)
How?
WCF Sample (“Message Inspector Sample”) at
http://code.msdn.com/SilverlightWS
Looking into a better solution after Beta1
Why No Error Info in Silverlight?
WCF
Client:
No support for faults in Silverlight 2
Even with HTTP 200
Supported in Silverlight 3
ExceptionDetail
FaultException<T>
Etc …
demo
Fault / Error Handling and Debugging
Browser-Based (Automatic)
Examples
Windows Authentication
Cookies
Message-Based (Manual)
Examples
URL parameters
SOAP headers with Username/Password
Browser-Based Authentication
Example with Cookies + Forms Auth
Browser
Browser-Based Authentication
Login through Silverlight
Browser
Browser-Based Authentication
Using Windows Authentication
Windows login
User:
YourDomain.com
Password:
Browser
Browser-Based Authentication:
Cross-Domain Threat
MyBank.com Login
Credentials
User:
MyBank.com
Password:
Auth info (e.g. cookie)
Could steal or
change data
Malicious call + Auth info if protection
wasn’t in place
Malicious application
EvilApps.com
Cross-domain access blocked by default
Can enable with “cross-domain policy file”
YourDomain.com
User:
Password:
Creds are added by
Silverlight, not browser
No
creds
EvilApps.com
Browser
Enabling In-Message Auth:
Option 1: Change the Contract
[OperationContract]
public decimal GetAccountBalance
(int accountID, string userName, string password);
Option 3:
Built-in Support in Silverlight 3
demo
Securing Services with
Message Credentials
Transport With Message Credential Mode
<soap:Envelope>
<soap:Header>
<!-- WS-Security Header -->
<!-- With UserName, Password, Timestamp -->
</soap:Header>
<soap:Body><!-- Message Payload --></soap:Body>
</soap:Envelope>
WCF,
SOAP
WCF
REST,
XML/JSON,
Atom/RSS
Pushing Messages to Silverlight
Useful for real-time interaction (e.g. chat),
monitoring (e.g. stock ticker), etc.
WCF,
SOAP
WCF
REST,
XML/JSON,
Atom/RSS
Recap: REST in Silverlight 2
Making requests:
HttpWebRequest
WebClient
WCF,
SOAP
WCF
REST,
XML/JSON,
Atom/RSS
More Information
Team Blog:
http://blogs.msdn.com/SilverlightWS
My Blog:
http://eugeneos.blogspot.com
Client Side:
proxy.ClientCredentials.UserName.UserName = …
proxy.ClientCredentials.UserName.Password = …
HTTP Requests in Silverlight
High-level components and User Code
HttpWebRequest
Web Browser
- Cookies
- Authenticated sessions Restrictions
- Caching
- Proxy server to use
Windows/Mac
Networking Layer
How Duplex Works
“Smart Polling” over HTTP
Simplified explanation:
Client Client Any messages? Server Server
App Duplex Duplex App
Channel 10-15sec Channel
No messages
Any messages?
Message
Message Message
Any messages?