[ Pobierz całość w formacie PDF ]
.Pooling is therefore a technique thatminimizes the use of system resources, improves performance, and helps s ystem scalability.Missing in MTS, object pooling is a nice feature in COM+ that allows you to pool objects that supporttransactions but are expensive to create.Similar to providing support for transactions, if you want tosupport object pooling in a.N ET class, you need to derive from ServicedComponent, override any ofthe Activate( ), Deactivate( ), and CanBePooled( ) methods, and specify the object-poolingrequirements in an ObjectPooling attribute, as shown in the following example:[12][12]Mixing transactions and object pooling should be done with care.See Juval Lowy's COM+ Services (O'Reilly, 2001).using System;using System.Reflection;using System.EnterpriseServices;[assembly: ApplicationName(".NET Essentials CRM")][assembly: ApplicationActivation(ActivationOption.Library)][assembly: AssemblyKeyFile("originator.key")][assembly: AssemblyVersion("1.0")][Transaction(TransactionOption.Required)][ObjectPooling(MinPoolSize=1, MaxPoolSize=5)]public class Customer : ServicedComponent{public Customer( ){Console.WriteLine("Some expensive object construction.");}[AutoComplete]public void Add(string strName){Console.WriteLine("Add customer: {0}", strName);// Add the new customer into the system,// and make appropriate updates to// several databases.}override public void Activate( ){Console.WriteLine("Activate");// Pooled object is being activated.// Perform the appropriate initialization.}override public void Deactivate( ){Console.WriteLine("Deactivate");// Object is about to be returned to the pool.// Perform the appropriate clean up.}override public bool CanBePooled( ){77 Console.WriteLine("CanBePooled");return true; // Return the object to the pool.}}Take advantage of the Activate( ) and Deactivate( ) methods to perform appropriate initialization andcleanup.The CanBePooled( ) method lets you tell COM+ whether your object can be pooled when thismethod is called.You need to provide the expensive object-creation functionality in the constructor, asshown in the constructor of this class.Given this Customer class that supports both transaction and object pooling, you can write thefollowing client-side code to test object pooling.For brevity, we will create only two objects, but youcan change this number to anything you like so that you can see the effects of object pooling.Just toensure that you have the correct configuration, delete the current.NET Essentials CRM COM+application from the Component Services Explorer before running the following code:for (int i=0; i144.NET Framework Essentials213-46-8915Both the SOAP request and response messages are packaged within a Body inside an Envelope.With the previously specified request, the response SOAP message looks like this:BU1032The Busy Executive's Database GuideBU2075You Can Combat Computer Stress!213-46-8915GreenMarjorie415 986-7020309 63rd St.#411OaklandCA94618TrueFigure 6-8 shows the result of the test form after invoking the GetBooksByAuthor web method usingthe SOAP proto col.Figure 6-8.VB client form after calling GetBooksByAuthor145The XSL stylesheet used for transformation of the resulting XML to HTML is included here for yourreference.Notice that since GetBooksByAuthor returns two tables in the dataset, author and books,we can display both the author information and the books that this author wrote.A list of books.hdr { background-color=#ffeedd; font-weight=bold; }List of books written by(,)TitleTypePriceNotesAs you can see, we can easily have any type of web service clients accessing.NET web services.Theclients to the web services need to know how to communicate only in HTTP and understand the WebServices Description Language (WSDL) to communicate with the server.By the same token, we canalso develop web services in any language and on any platform as long as we adhere to thespecification of WSDL.6.5 Web Services and SecurityThis section demonstrates how to incorporate security into your web service.We will do so in twoways: system security and application security.System -level security allows for restricting access tothe web services from unauthorized clients.It is done in a declarative fashion, whereas application -level security is more flexible.With system-level security, you will most likely have the list of authorizedclients' IP addresses that you will let access your web service through the use of some configuration-146.NET Framework Essentialsmanagement tools.With application-level security, you will incorporate the authentication into yourweb service, thus providing a more flexible configuration.6.5.1 System SecurityBecause web services communication is done through HTTP, you can apply system -level security onweb services just as you do for other web pages or resources on your web site.There are a number of different ways you can secure your web services.For a B2B solution, you canuse the IIS Administration Tool to restrict or grant permission to a set of IP addresses, using theInternet Protocol Security (IPSec) to make sure that the IP address in the TCP/IP header isauthenticated.When you rely only on the client to provide the IP in the TCP/IP header, hackers canstill impersonate other host IPs when accessing your web services.IPSec authenticates the hostaddresses using the Kerberos authentication protocol.You can also use a firewall to restrict access toyour web services for your partner companies.For a business-to -consumer (B2C) scenario, you cantake advantage of the authentication features of the HTTP protocol.To show how to use the authentication feature of the HTTP protocol to secure your web services, let'srevisit the example web service we have in this chapter, PubsWS.All we have to do to securePubsWS web service is go to the IIS Admin Tool and choose to edit the File Security propertiesfor the PubsWS.asmx
[ Pobierz całość w formacie PDF ]