Application Security Testing: An Integral Part of DevOps
When it comes to interoperability, Internet standards rule. Representational State Transfer (REST) is a Web Service construction philosophy built on some of the original ideas behind sharing documents on the web and it's emerging as a popular way to implement Web Services inside the firewall.
Like other software companies, Microsoft has adopted many Internet standards in their products. It was unsurprising to hear Microsoft embrace REST; first by adding more "RESTful" features to WCF, imbuing products like Azure with a REST philosophy, and then upping the ante with the "Microsoft REST Starter Kit". I'm going show how you can more easily embrace REST using the Microsoft REST Starter Kit.
A complete introduction to REST is beyond the scope of this article. So I'll be brief. Most REST introductions begin with the "REST Philosophy" and then move into how the technology implements the philosophy. I think it's important to immerse yourself in the philosophy if you think you want to build a "production" REST Web Service, but if you're simply tinkering with technology think of REST as being three things:
- Web Services, the part of the Internet consumed by software rather than viewed by humans.
- Resources expressed as URLs, for example, http://www.RESTService.com/ResourceHere.
- HTTP verbs
POST, GET, PUT, DELETEperforming
Create, Read, Update, and
Deleteon the Resources.
A more complete introduction can be found in the "Sources" section at the end of the article.
Starter Kit Overview
The mission of the .NET Framework is to make Windows programming available to the widest possible audience of developers. As I mentioned earlier making REST easier in WCF was the first step, now it looks like Microsoft is circling back with more REST features.
You'll find the REST Starter Kit Preview 2 on Codeplex http://weblogs.asp.net/cibrax/archive/2009/03/13/ httpclient-in-the-wcf-rest-starter-kit-preview-2.aspx. The Kit is built on top of WCF, so if you have WCF experience, you'll be familiar with many of the kit's conventions. The kit also includes all of the source code files behind the Starter Kit components.
The REST Starter Kit works with Visual Studio 2008. Once installed you'll notice a new set of templates highlighted in the picture below:
Click here for larger image
Figure 1: REST Templates in Visual Studio
Like many of the Visual Studio templates, the REST templates give you a simple working application shell that you fill with your own code. Each template is a REST service with a different flavor. The templates give you a quick way to "REST" server-side, client-side will require some coding. Rather than leveraging the templates, I wanted to show that you can use the Kit outside of the templates to build your server side parts.
Self Hosted Service
My REST service is a "Self Hosted" Console application exposing three endpoints:
The Uri ending with "Help" is automatically supplied by the REST Starter Kit components and best viewed by a Web Browser since the service response is in HTML. Below is part of the "Help" resource's HTML rendered in the browser.
Click here for larger image
Figure 2: Help resource in the browser.
Microsoft.ServiceModel.Web contains much of the Starter Kit Server side functionality, so references to it have been added to the project.
The host setup code appears below:
WebServiceHost2 host; Uri baseAddresses = new Uri; Console.WriteLine("Initiating host communication..."); baseAddresses = new Uri("http://localhost:8000/TestServiceHost"); host = new WebServiceHost2(typeof(PlainXML), false, baseAddresses); host.Open();
Aside from the WebServiceHost2 class the server setup is boilerplate WCF. PlainXML, the Service Type, requires some more detailed exploration.