Application Security Testing: An Integral Part of DevOps
Windows Communication Foundation (WCF) is poised to revolutionize how developers build distributed services on the Microsoft Windows platform. More than a new SOA foundation, the Microsoft Connected Systems Division (CSD) has targeted WCF to do what was once done by a disparate collection of technologies such as ASMX, .NET remoting, and COM+. It is set to become the platform for all .NET communication and therefore the underpinning for future versions of Microsoft products.
As a soldier in this upcoming revolution, you're probably wondering how you should begin to reconnoiter the WCF terrain. Because WCF is a huge frontier, studying it for the first time requires a starting point and a good guide. While plotting your WCF exploration, you should be asking yourself:
- How do I begin?
- How much terrain do I initially cover?
This article shows you where and how to begin your WCF travels. Although not a comprehensive explanation of WCF, it offers a guide for approaching the study of this new technology. It begins with a WCF orientation, then introduces some key WCF landmarks called channels and bindings, and finishes with some guidance to other WCF destinations.
The following are some critical WCF concepts you must grasp to follow WCF documentation:
- WCF is a framework for developing, configuring, exposing, and hosting services. As you read the resource links at the end of the article, think beyond the context of services as web services. Although WCF is designed around SOAP and web service ideas, as stated earlier, WCF is more than a SOA framework.
- WCF classes are grouped by two categories. Service model classes handle configuration and validation. Channel layer classes handle things such as communication and data transformation.
- WCF services expose functionality through one or more endpoints. Clients communicate with the service's endpoint.
- Configuring an endpoint requires three components: address, binding, and contract (ABC), which are interrelated. An address is roughly equivalent to an URL. Bindings tell the WCF runtime how your endpoint communicates. Contracts describe what your endpoint does. So, for example, contract configuration can influence the behavior of a binding.
- Addresses, bindings, and contracts are, roughly speaking, the configuration information in your endpoint. The WCF runtime interprets ABC and creates other specialized classes to handle communications and translations within your service.
- You can configure an endpoint using XML-based config information, programmatically using methods/properties, or with both XML config files and some coding. WCF includes multiple usability avenues. So, for example, you can use WCF out of the box with little or no coding or elect to build custom implementations for all aspects of your service.
- WCF leverages other features of the .NET framework including transactions, generics, attributes, and asynchronous calls.
With these concepts in mind, review the following materials:
- If you're looking for a quick jumpstart to the WCF architectural philosophy, look at the MSDN web cast: "Windows Communication Foundation Bindings and Channels". The web cast is short and requires little understanding of .NET code.
- "Learn the ABCs of Programming Windows Communication Foundation" and "Introduction to Building Windows Communication Foundation Services" are good introductions to WCF mechanics and coding conventions.
- "Windows Communication Foundation Architecture Overview" gives an architectural overview and illustrates how the WCF classes relate to one another.
- If you have access to the Microsoft SOA and BPM Conference 2006 materials, Craig McMurtry will take you from zero to some level of WCF understanding in less than an hour.
Once you're familiar with WCF architecture and coding, your next stop should be channels and binding.
The #1 Destination—Channels and Binding
As stated earlier, a binding is more or less the configuration information for channels, and channels handle things such as communication and data transformations. I do not want to diminish the value of addresses, contracts, or other groups of WCF classes. Nor do I want to imply that channels and bindings are more complicated than any other subject. However, because channels are what make your service "go," it's natural to start here.
Like in the orientation section, consider the following concepts as you review the resources below:
- As stated previously, the WCF runtime reads the binding to determine which channels to create.
- Channels are conduits for receiving and transforming data. Data goes in one end of the channel, the channel operates on the data, and new data is dumped out the back of the channel.
- Normally, more than one channel is expressed in the binding. The WCF runtime arranges the channels in a stack. So, for example, the first channel operates on some received data and the WCF runtime facilitates passing the data appearing out of the back of the channel onto the next channel and so on up the channel stack.
- Conceptually, there are two types of channels: protocal channels and transport channels. Transport channels handle communication outside of the service, and protocal channels handle things such as security, transactions, and transformations.
Of course, there is much more to WCF binding and channels than the ideas above. The resources at the end of the article are some excellent primers for studying channels and bindings further.
Now we'll look at some other destinations
Other Destinations and Further Reading
Once you depart from channels and bindings, you'll be familiar enough with WCF to explore other aspects of the framework such as behaviors, .NET attributes allowing you to control WCF, support for web service standards, communication patterns, and WCF security. The following articles and other resources cover all of these subjects:
- Microsoft has a site dedicated to WCF. Sample code and whitepapers abound on the site. One particularly helpful resource is the WCF Virtual labs. The labs walk you through each step to building a service in WCF.
- A number of WCF books are available and they appear to be good resources. Many of the articles and presentation authors presented in this article are also the book authors. One caveat, though, is that many of the books were written using the WCF beta.
- The Message class encapsulates the data passed between channels. "Service Station: WCF Messaging Fundamentals" is a good Message and message-encoding article.
- XML data is used throughout WCF. Serialization is used to translate XML data into and from a .NET class. "Service Station: Serialization in Windows Communication Foundation" is a good introduction to WCF serialization.
- This article glazed over the role of contracts (the "C" in ABC) in WCF and focused on channels and binding. To learn more about contracts, read "Programming Indigo: Contracts".
- Standing between the code you write in your contract and the WCF runtime is a construct WCF calls a proxy. How the proxy behaves greatly impacts how a client uses your service. "Discover Mighty Instance Management Techniques For Developing WCF Apps" discusses how you can control the behavior of the proxy.
This article was meant to answer some of your WCF questions, raise more questions, and point to good resources to answer those questions. WCF is an immense undertaking within Microsoft, consolidating much of the communication capabilities of the .NET Framework. Many future products will be built upon it. So, as you study WCF, pay attention to the landmarks explored in this article.