Application Security Testing: An Integral Part of DevOps
Buying and selling is the basic thing a company would do to run its business. A company buys raw material from its suppliers, refines it, and sells it to the customers.
If a company buys some material from its supplier, it places a purchase order and the supplier supplies the material based on the requirement in the purchase order. Almost all the companies prefer to use anelectronic PO these days because it saves effort, tracking, and money.
The scenario is as follows:
- Supplier creates/gets a BizTalk schema for PO from buyer.
- Supplier publishes the schema as a Web service because Web services are loosely coupled and available on the Internet.
- Buyer consumes this Web service in his Application and creates a PO.
- Web service sends the PO to supplier's BizTalk via SOAP.
- BizTalk routes the PO to the appropriate application.
We will implement this scenario in five steps.
- Create and Deploy PO Schema
- Publish Schema as a Web service
- Create a subscriber for the PO in BizTalk
- Create a buyer application
- Test the scenario
Create and Deploy a PO Schema
Create a BizTalk project (WS_Schema in my solution) and add a new schema (PO.xsd) to it. I have promoted PONum node as a property to facilitate content-based routing. When we create a subscriber, we will use value of PONum to consume the PO.
Build and deploy the schema. After successful deployment, you should be able to see WS_Schema.dll in the BizTalk Explorer -> Assemblies section. See Figure 2.
Publish the Schema as a Web Service
Go to tools-> BizTalk Web Services Publishing Wizard and click Next. See Figure 3.
Select Publish schemas as Web services and click Next. See Figure 4.
Rename the Web service name as WS_Schema. Create a one way Web method and name it SubmitPO. Rename the message to PO. The Web service description should look like Figure 5.
Right click and select Select Schema Type. Select WS_Schema.dll from the bin directory of the WS_Schema project. Click Ok and Next. See Figure 6.
Specify target namespace, SOAP header, and so forth if required. In our scenario, we won't select anything to keep it simple. Click Next. See Figure 7.
Specify the project location as WS_Schema. Check anonymous access to allow IIS to execute this Eeb service without any authentication.
Check create BizTalk receive location to create a BizTalk receive location when we publish this Web service. Otherwise, you can create receive locations manually. Click Next. See Figure 8.
Click Create and finish to publish the Schema as a Web service. See Figure 9.
Click on Biztalk explorer -> Receive Ports to check whether the receive location is created or not. A receive location named WebService_WS_Schema/WS_Schema should be created. See Figure 10.
Edit this receive location. Change the receive pipeline to Microsoft.BizTalk.DefaultPipelines.XMLReceive. Select the Transport Type as SOAP and Address (URI) to /WS_Schema/WS_Schema.asmx (this is the schema we created as a Web service). See Figure 11.
Create a Subscriber for the PO in BizTalk
I will create a file send port as the subscriber of our PO. Create a new File Send Port and enter all the configurations.
Because I am using content-based routing here, I will specify a filter, WS_Schema.PONum=PO101, to fetch our PO and send it to a file location. See Figure 12.
Create a Buyer Application
We will create a VB.NET client application in our scenario; it will consume this Web service and send the PO to the supplier's BizTalk.
Create a Windows application. See Figure 13.
For simplicity, I will create a form and a button. Once the button is clicked, it will send the PO to the supplier.
Add a Web reference in the buyer project. Select the WS_Schema Web service and click add reference. See Figure 14.
It will add a WS_Schema Web reference to the buyer application. Add the following code to the Button Click event.
Private Sub txtSendPO_Click(ByVal sender As System.Object, _ ByVal e As System.EventArgs) _ Handles txtSendPO.Click Dim objPO As New localhost.PO Dim objPOBilling As New localhost.POBillingAddress Dim objPOShipping As New localhost.POShippingAddress Dim objPOItems As New localhost.POItems Dim objPOItem As New localhost.POItemsItem Dim objPOSubmit As New localhost.WS_Schema objPO.PONum = "PO101" objPO.Date = "15-Jul-2004 objPOBilling.Street = "Corwell Lane" objPOBilling.City = "Uxbridge" objPOBilling.ZipCode = "UB8 3DE" objPO.BillingAddress = objPOBilling objPOShipping.Street = "Corwell Lane" objPOShipping.City = "Uxbridge" objPOShipping.ZipCode = "UB8 3DE" objPO.ShippingAddress = objPOShipping objPOItem.Code = "I101" objPOItem.Description = "Sony DVD Writer" objPOItem.Quantity = "20" objPOItem.Rate = "150" objPOItems.Item = objPOItem objPO.Items = objPOItems objPO.Total = "3000" objPOSubmit.SubmitPO(objPO) MsgBox("PO Sent to the Supplier") End Sub
Test the Scenario
Run the buyer application and click the SubmitPO button. It will create a PO with the values defined in our function and send it to the Supplier's BizTalk receive location. The receive location will pass the message to MessageBox and our subscriber will fetch the PO from MessageBox and send the XML to a file location.
Figure 15 shows the screen snapshot of Health and activity tracking before our subscriber consumed the PO.
Open the PO, delivered to a file location, and it will look like the following.
<?xml version="1.0" encoding="utf-8"?> <PO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://WS_Schema.PO"> <PONum xmlns="">PO101</PONum> <Date xmlns="">15-Jul-2004</Date> <ShippingAddress xmlns=""> <Street>Corwell Lane</Street> <City>Uxbridge</City> <ZipCode>UB8 3DE</ZipCode> </ShippingAddress> <BillingAddress xmlns=""> <Street>Corwell Lane</Street> <City>Uxbridge</City> <ZipCode>UB8 3DE</ZipCode> </BillingAddress> <Items xmlns=""> <Item> <Code>I101</Code> <Description>Sony DVD Writer</Description> <Rate>150</Rate> <Quantity>20</Quantity> </Item> </Items> <Total xmlns="">3000</Total> </PO>
We have seen a simple scenario to create and consume a Schema as a Web Service with minimum effort. It hardly takes a few minutes to create the entire scenario. Once I publish and consume the Web service in my buyer application, I need not use any XML DOM. All I need is to create an object of consumed Web Service and use it. The method automatically creates and submits the XML for you.