Throughout the history of computing, networking operations were largely handled by the operating system. UNIX, the networking host of early computing, featured a body of shell operations that provided remarkable user control over network operations. Personal computing was slower to catch up: Microsoft and Apple software didn't inherently support networking protocols until the mid-1990s. Third-party add-ons by Novell and Banyan were available earlier, but they were only an adjunct to the operating system. The concept of the network being the computer did not fully infiltrate the development community until the expansion of the World Wide Web.

Let's break away from networking for a minute and look at how application development evolved until now. Early time-sharing operating systems enabled several people to use the same application with its built-in data. These single-tier systems didn't allow for growth in the system's size, and data redundancy became the standard, with nightly batch jobs to synchronize the data becoming commonplace through the 1970s and early '80s.

Eventually, the opportunity presented by networks became the overriding factor in systems development, and enterprise network developers began offering the loosely termed Object Request Brokers (ORBs) on their systems: Microsoft's Transaction Server (MTS), Common Object Request Broker Architecture (CORBA), and the like. These ORBs enabled the separation of the user interface from the business logic using tightly coupled method pooling. This three-tier architecture brings you to the present in development terms, so let's step back and let networking catch up.

The HTTP protocol was born in 1990. There were several other information delivery protocols before, such as Gopher, but HTTP was different because of the extensibility of the related language, HTML, and the flexibility of the transport layer, TCP/IP. Suddenly, movement of many formats of data was possible in a stateless, distributed way. Software as a service was born.

Over the next decade, low-level protocols supported by network systems and the Internet became a staple in applications, with SMTP and FTP providing file and information transfer among distributed servers. Remote procedure calls (RPCs) took things to the next level, but they were platform specific, with UNIX implementations in CORBA and Microsoft's Distributed COM (DCOM) leading the pack.

Enterprise development took a clue from the emerging technologies in wide area network (WAN) networking and personal computing, and development for these large-scale business systems began to mature. As usage of networks grew, developers began to solve problems of scalability, reliability, and adaptability with the traditional flat-format programming model. Multi-tier development began to spread the data, processing, and user interface of applications over several machines connected by local area networks (LANs).

This made applications more scalable and reliable by accommodating growth and providing redundancy. Gradually, vendor compliance and the Java programming language provided adaptability, enabling applications to run in a variety of circumstances on a variety of platforms.

However, there was a dichotomy between the capabilities of the network and the features of the programming environment. Specifically, after the introduction of XML, there still existed no "killer app" using its power. XML is a subset of Standard Generalized Markup Language (SGML), an international standard that describes the relationship between a document's content and its structure. It enables developers to create their own tags for hierarchical data transport in an HTML-like format. With HTTP as a transport and SOAP as a protocol, still needed was an interoperable, ubiquitous, simple, broadly supported system for the execution of business logic throughout the world of Internet application development.

The hunt began with a look at the existing protocols. As had been the case for years, the Microsoft versus Sun Alliance debate was heating up among RPC programmers. CORBA versus DCOM was a source of continuing debate for developers using those platforms for distributed object development. After Sun added Remote Method Invocation to Java with Java-RMI, there were three distributed object protocols that fit none of the requirements.

Because DCOM and RMI are manufacturer-specific, it makes sense to start with those. CORBA is centrally managed by the Object Management Group, so it is a special case and should be considered separately.

RMI and DCOM provide distributed object invocation for their respective platforms — extremely important in this era of distributed networks. Both accommodate enterprisewide reuse of existing functionality, which dramatically reduces cost and time-to-market. Both provide encapsulated object methodology, preventing changes made to one set of business logic from affecting another. Finally, similar to ORB-managed objects, maintenance and client weight are reduced by the simple fact that applications using distributed objects are by nature multi-tier.

CORBA uses the Internet Inter-ORB Protocol to provide remote method invocation. It is remarkably similar to Java Object Serialization in this regard. Because it is only a specification, though, it is supported by a number of languages on diverse operating systems. With CORBA, the ORB does all the work, such as finding the pointer to the parent, instantiating it so that it can receive remote requests, carrying messages back and forth, and disputing arbitration and garbage collecting. The CORBA objects use specially designed sub-ORB objects called basic (or portable) object adapters to communicate with remote ORBs, giving developers more leeway in code reuse.

At first glance, CORBA would seem to be your ace in the hole. Unfortunately, it doesn't actually work that way. CORBA suffers from the same problem web browsers do — poor implementations of the standards — which causes lack of interoperability between ORBs. With IE and Netscape, minor differences in the way pages are displayed is written off as cosmetic. When there is a problem with the CORBA standard, however, it is a real problem. Not only is appearance affected, but also network interactions, as if there were 15 different implementations of HTTP.

The principal problem of the DCOM/CORBA/RMI methods is complexity of implementation. The transfer protocol of each is based on manufacturers' standards, generally preventing interoperability. In essence, the left hand has to know what the right hand is doing. This prevents a company using DCOM from communicating with a company using CORBA.

First, there is the problem of wire format. Each of these three methods uses an OS-specific wire format that encompasses information supplied only by the operating system in question. This means two diverse machines cannot usually share information. The benefit is security: Because the client and server can make assumptions about the availability of functionality, data security can be managed with API calls to the operating system.

The second problem is the number of issues associated with describing the format of the protocol. Apart from the actual transport layer, there must be a schema, or layout, for the data that moves back and forth. Each of the three contemporary protocols makes numerous assumptions between the client and server. DCOM, for instance, provides ADO/RDS for data transport, whereas RMI has JDBC. While we can endlessly debate the merits of one over the other, we can at least agree that they don't play well together.

The third problem is knowing where to find broadly available services, even within your own network. We have all faced the problem of having to call up the COM + MMC panel so that we could remember how to spell this component or that method. When the method is resident on a server ten buildings away and you don't have access to the MMC console, the next step is digging through the text documentation, if there is any.

On a path to providing these services, we stumble across a few other technologies. While Java applets and Microsoft's client-side ActiveX technically are not distributed object invocations, they do provide distributed computing and provide important lessons. Fortunately, we can describe both in the same section because they are largely the same, with different operating systems as their backbone.

Applets and client-side ActiveX are both attempts to use the HTTP protocol to send thick clients to the end user. In circumstances where a user can provide a platform previously prepared to maintain a thicker-than-HTML client base to a precompiled binary, the ActiveX and applet protocols pass small applications to the end user, usually running a Web browser. These applications are still managed by their servers, at least loosely, and usually provide custom data transmission, utilizing the power of the client to manage the information distributed, as well as display it.

This concept was taken to the extreme with Distributed Applet-Based Massively Parallel Processing, a strategy that used the power of the Internet to complete processor-intense tasks, such as 3-D rendering or massive economic models, with a small application installed on the user's computer. If you view the Internet as a massive collection of parallel processors, sitting mostly unused, you have the right idea. An example of this type of processing is provided by United Devices (www.ud.com).

In short, HTTP can provide distributed computing. The problem is that the tightly coupled connection between the client and server has to go, given the nature of today's large enterprises. The HTTP angle did show developers that using an industry-recognized transport method solved problem number one, wire format. Using HTTP meant that regardless of the network, the object could communicate. The client still had to know a lot about the service being sent, but the network did not.

The goal? Distributed Object Invocation meets the World Wide Web. The problems are wire format, protocol, and discovery. The solution is a standards-based, loosely coupled method invocation protocol with a huge catalog. Microsoft, IBM, and Ariba set out in 1999 to create just that, and generated the RFC for Web services.

You may notice that in reviewing the majority of the earlier services there has been little mention of language. That's because it was a problem overlooked by the foundations. Even RMI failed to recognize that you can't make everyone use the same language, even a great language.

POST /Directory HTTP/1.1
Host: Ldap.companyname.com
Content-Type: text/xml; charset="utf-8"
Content-Length: 33
SOAPAction: "Some-URI"vs

<SOAP-ENV:Envelope
 xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
 SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
 <SOAP-ENV:Body>
   <m:FindPerson xmlns:m="Some-URI">
     <NAME>Gates</NAME>
   </m: FindPerson>
 </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

HTTP/1.1 200 OK
Content-Type: text/xml;
charset="utf-8"
Content-Length: 66

<SOAP-ENV:Envelope
 xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
 SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
  <SOAP-ENV:Body>
    <m:FindPersonResponse xmlns:m="Some-URI">
      <DIRECTORY>Employees
      <PERSON>
         <NAME>Bill Gates</NAME>
         <FUNCTION>Architect
            <TYPE>Web Services</TYPE>
         </FUNCTION>
         <CONTACT>
            <PHONE TYPE=CELL>123-456-7890</PHONE>
            <PHONE TYPE=HOME>555-111-2222</PHONE>
         </CONTACT>
      </PERSON>
      </DIRECTORY>
    </m: FindPersonResponse >
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Web Services Description Language

A Web Services Description Language (WSDL) document is a set of definitions that is utilized to describe the interface of any of your Web services. Six elements are defined and used by the SOAP protocol: types, message, portType, binding, port, and service. Essentially adding another layer of abstraction, the purpose of WSDL is to isolate remote method invocations from their wire transport and data definition language. Once again, it is a specification, not a language, so it is much easier to get companies to agree to its use.

Because WSDL is just a set of descriptions in XML, it is not so much a protocol as a grammar. Following is the sample service contract for the HelloWorld Web service you will be building shortly. You can see this file by visiting http://localhost/HelloWorldExample/Service.asmx?WSDL using your Web browser after you create the examples:

<?xml version="1.0" encoding="utf-8" ?>
<wsdl:definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
 xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/"
 xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
 xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
 xmlns:tns="http://localhost/webservice" xmlns:s="http://www.w3.org/2001/XMLSchema"
 xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
 xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"
 targetNamespace="http://localhost/webservice"

xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
   <wsdl:types>
      <s:schema elementFormDefault="qualified"
       targetNamespace="http://localhost/webservice">
         <s:element name="HelloWorld">
            <s:complexType />
         </s:element>
         <s:element name="HelloWorldResponse">
            <s:complexType>
               <s:sequence>
                  <s:element minOccurs="0" maxOccurs="1" name="HelloWorldResult"
                   type="s:string" />
               </s:sequence>
            </s:complexType>
         </s:element>
      </s:schema>
   </wsdl:types>
   <wsdl:message name="HelloWorldSoapIn">
      <wsdl:part name="parameters" element="tns:HelloWorld" />
   </wsdl:message>
   <wsdl:message name="HelloWorldSoapOut">
      <wsdl:part name="parameters" element="tns:HelloWorldResponse" />
   </wsdl:message>
   <wsdl:portType name="WebServiceSoap">
      <wsdl:operation name="HelloWorld">
         <wsdl:input message="tns:HelloWorldSoapIn" />
         <wsdl:output message="tns:HelloWorldSoapOut" />
      </wsdl:operation>
   </wsdl:portType>
   <wsdl:binding name="WebServiceSoap" type="tns:WebServiceSoap">
      <wsdl:documentation>
         <wsi:Claim conformsTo="http://ws-i.org/profiles/basic/1.0"
          xmlns:wsi="http://ws-i.org/schemas/conformanceClaim/" />
      </wsdl:documentation>
      <soap:binding transport="http://schemas.xmlsoap.org/soap/http"
       style="document" />
      <wsdl:operation name="HelloWorld">
         <soap:operation soapAction="http://localhost/webservice/HelloWorld"
          style="document" />
         <wsdl:input>
            <soap:body use="literal" />
         </wsdl:input>
         <wsdl:output>
            <soap:body use="literal" />
         </wsdl:output>
      </wsdl:operation>
   </wsdl:binding>
   <wsdl:binding name="WebServiceSoap12" type="tns:WebServiceSoap">
      <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"
       style="document" />
      <wsdl:operation name="HelloWorld">
         <soap12:operation soapAction="http://localhost/webservice/HelloWorld"
          style="document" />
         <wsdl:input>
            <soap12:body use="literal" />

</wsdl:input>
         <wsdl:output>
            <soap12:body use="literal" />
         </wsdl:output>
      </wsdl:operation>
   </wsdl:binding>
   <wsdl:service name="WebService">
      <wsdl:port name="WebServiceSoap" binding="tns:WebServiceSoap">
         <soap:address location="http://localhost:40718/Reuters/WebService.asmx" />
      </wsdl:port>
      <wsdl:port name="WebServiceSoap12" binding="tns:WebServiceSoap12">
         <soap12:address
          location="http://localhost:40718/Reuters/WebService.asmx" />
      </wsdl:port>
   </wsdl:service>
</wsdl:definitions>

This is what makes it all work. Notice that each of the inputs and outputs of the HelloWorldResponse function is defined as an element in the schema. The .NET Framework uses this to build library files that understand how best to format the outgoing requests, so no matter what operating system develops the WSDL, as long as it is well formed according to the WSDL specification, any type of application (it doesn't necessarily need to be a .NET application) can consume it with a simple SOAP request.

In fact, IIS with the .NET Framework is set up to use the WSDL document in order to provide a great auto-generated user interface for developers and consumers to check out and test Web services. After removing the ?wsdl from the preceding URL, you'll see a very nicely formatted documentation screen for the service. Click the function name and you will get the screen shown in Figure 28-2. This is all dynamically generated based upon the contents of the WSDL document, which is itself dynamically generated by .NET.

Figure 28.2. Figure 28-2

The WSDL document can also be expanded in order to define your own descriptions. You can use the Description property of both the WebService and WebMethod attributes to provide more details for this .NET-generated test page for your XML Web services.

The Visual Studio 2008 IDE shows a marked improvement from the add-ins provided for Visual Studio 6 in the SOAP Toolkit. For instance, Web services are shown as references on a project, rather than in a separate dialog box. The discovery process, discussed later, is used to its fullest, providing much more information to the developer. In short, it is nearly as easy to consume a Web service with Visual Basic as it is to use DLLs.

Producing a Typed DataSet

For simplicity, you will use Visual Studio to first create a typed DataSet, which will be returned from the WebMethod that you later produce. This IDE enables you to quickly and easily create the needed data access without having to dig through a lot of ADO.NET code.

Right-click the WebService1 project in the Solution Explorer and select Add New Item. From the provided menu of file options, select DataSet. Change the name of this file to MyDataComponent.xsd. This creates an already strongly typed DataSet on the fly. In addition, Visual Studio requests to place this file in the App_Code folder of your solution. Confirm this request, because having it in the App_Code folder allows for programmatic access to the DataSet (see Figure 28-7).

Figure 28.7. Figure 28-7

Once created, the MyDataComponent.xsd file opens itself in Visual Studio. This file appears as a blue screen in the document window. The first step is to drag and drop a single TableAdapter onto this design surface. Once you do this, the TableAdapter Configuration Wizard opens, as shown in Figure 28-8.

Figure 28.8. Figure 28-8

The first step in the TableAdapter Configuration Wizard is establishing a data connection. If a connection is not already in place, then create one by clicking the New Connection button. Using this dialog, make a new connection to the sample AdventureWorks_Data.mdf database, which is a SQL Server Express Edition database file. You can find this and other SQL Server 2005 samples online on the Microsoft CodePlex website (www.codeplex.com/MSFTDBProdSamples/Release/ProjectReleases.aspx?ReleaseId=4004). Download the file AdventureWorksDB.msi.

Once the connection is defined in the TableAdapter Configuration Wizard, the next step of the wizard asks you to store the connection in the web.config file, which is always a good option to choose. Choosing both of these actions will copy the AdventureWorks_Data.mdf database file to the App_Data folder in your project, and the connection to this database file will now be named and placed within the web.config file of your ASP.NET Web Service project.

<connectionStrings>
   <add name="AdventureWorks_DataConnectionString"
    connectionString="Data Source=.SQLEXPRESS;AttachDbFilename=|DataDirectory|
       AdventureWorks_Data.mdf;Integrated Security=True;Connect Timeout=30;
       User Instance=True"
    providerName="System.Data.SqlClient" />
</connectionStrings>

Once the connection to the data store is established, click Next. In the dialog that appears, pick the command type that you want to work with. Typically, the options are working with either direct SQL commands, existing stored procedures, or stored procedures that you can create directly in the wizard. For this example, choose the first option: Use SQL Statements.

The next page in the wizard asks for the query that you want to use to load the table data. Input the following:

SELECT HumanResources.Employee.EmployeeID, HumanResources.Employee.Title,
    HumanResources.Employee.Gender,

HumanResources.Employee.HireDate, Person.Contact.Title AS EXPR1,
    Person.Contact.FirstName, Person.Contact.MiddleName,
    Person.Contact.LastName, Person.Contact.EmailAddress, Person.Contact.Phone
FROM Person.Contact INNER JOIN
    HumanResources.Employee ON Person.Contact.ContactID =
       HumanResources.Employee.ContactID

Clicking the Next button results in a page from which you can select the methods that the wizard will generate (as shown in Figure 28-9). These are the methods used in your Web service to load data into data sets for transmission. In this case, the Fill and GetData methods are specified with the first two options in the dialog. In some cases, you might want to also select the last check box, which creates the additional Insert, Update, and Delete methods that you might want to later expose via a Web service. When you are done, click Next again to proceed to the next step in the wizard.

Figure 28.9. Figure 28-9

Figure 28-10 shows the last page of the wizard. This final page just shows the results of all the actions taken in the preceding steps.

After clicking the Finish button, note that the design surface of the MyDataComponent.xsd file changes to reflect the data that comes from the two tables of the AdventureWorks database (see Figure 28-11).

At this point, your typed data set is now in place and ready for use by the Web service. Looking at the results on the design surface of the .xsd file, you can see that indeed the typed MyDataComponent data set is in place and contains a single DataTable called DataTable1. There is also a DataTable1TableAdapter object with Fill and GetData methods in place.

Figure 28.10. Figure 28-10

Figure 28.11. Figure 28-11

Imports System.Web
Imports System.Web.Services
Imports System.Web.Services.Protocols

<WebService(Namespace:="http://www.lipperweb.com/namespace")> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _

<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _
Public Class Service
    Inherits System.Web.Services.WebService

    <WebMethod()> _
    Public Function GetEmployees() As MyDataComponent.DataTable1DataTable
        Dim da As New MyDataComponentTableAdapters.DataTable1TableAdapter
        Dim ds As New MyDataComponent.DataTable1DataTable

        da.Fill(ds)

        Return ds
    End Function
End Class

Consuming the Service

Although the Web service is in place, you really have seen only half the story. Exposing data and logic as SOAP to disparate systems across the enterprise or across the world is a simple task using .NET, and particularly ASP.NET. The other half of the story is the actual consumption of an XML Web Service into another application.

Keep in mind that you are not limited to consuming Web services only into ASP.NET applications, as shown shortly. Consuming Web services into other types of applications is not that difficult; in fact, it is rather similar to how you would consume them using ASP.NET. Remember that the Web services you come across can be consumed in Window Forms, Windows Presentation Foundation applications, mobile applications, other databases, and more. You can even consume Web services with other Web services, resulting in a single Web service made up of what is basically an aggregate of other Web services.

For this consuming application, provide a Web application called WSEmployees by creating a new ASP.NET Web Site project with that name. For this example, create this new project within your current solution: Right-click on the WebService1 solution and select Add

Adding a Web Reference

The only bit of magic here is the adding of a Web reference to the project using the Visual Studio IDE. As described later, you are really creating a proxy based upon the WSDL file of the service and referencing the proxy in the project, but the IDE makes this all quite simple.

To create the proxy needed by the consuming application, right-click the WSCustomers project in the Solution Explorer and select Add Web Reference from the list of options. In this form, enter the WSDL file of the Web service to which you want to make a reference. If the Web service is a .NET Web Service (with an .asmx file extension), simply input the URL of the .asmx file and nothing more because the wizard automatically adds ?wsdl at the end of the input. If you are referencing a Java Web Service, then place the URL for the .wsdl file in this wizard. In most cases, you would simply enter the URL of the service you are interested in consuming in the address bar of the Add Web Reference dialog. For this example, click the "Web Services found at this URL" link. The dialog box shown in Figure 28-12 should appear.

Figure 28.12. Figure 28-12

The service description page you see when you build your service appears in the left pane of the wizard, with .NET-specific information in the right. Click the Add Reference button at the right of the window to add this reference to your project. The service appears in a new folder called Web References within the Solution Explorer, as shown in Figure 28-13.

Figure 28.13. Figure 28-13

In making the reference, you can see that the .wsdl file was copied over, as well as the typed DataSet, MyDataComponent. The power of this Web services model is that it can work with the GetEmployees method as if it were now local to your machine, when in fact it is hosted in an entirely different application.

Building the Consumer

The COM architecture continually promised "one line of code" to generate great results. Web services live up to the promise, minus the declarations. Now the only thing left to do is call the referenced Web service and pass the generated DataTable that comes from the DataSet. Compared to the scores of lines of XML needed to pass the DataSet in the existing Microsoft technologies, this is a breeze.

The first step to consuming an .aspx page is simply to make a reference to the proxy that Visual Studio created and then call the GetEmployees WebMethod through this instantiated object. The results pulled from the GetEmployees method are then displayed in a GridView control, which is placed on a Web form.

You have a couple of ways to achieve this. The first method is to use an ObjectDataSource control, which does the work of invoking the GetEmployees WebMethod and then displaying the results in the GridView control. (The second method, discussed a bit later, is to manually write the required code.) To work through this example, drop a GridView and an ObjectDataSource server control onto the design surface of the Web form. Open the smart tag of the ObjectDataSource control and select Configure Data Source. You are then presented with the Configure Data Source Wizard.

In the first page of this wizard, uncheck the Show Only Data Components check box and select localhost.Service from the drop-down list. Click the Next button to choose the SELECT method for that ObjectDataSource control to use (shown in Figure 28-14).

Figure 28.14. Figure 28-14

From the drop-down list on this page of the wizard, select GetEmployees(), returns DataTable1DataTable and click Finish to progress to the next step of binding the GridView control to the returned DataTable from this ObjectDataSource control.

Now turn your attention to the GridView control. In configuring this control, open the control's smart tag. From the drop-down list, select ObjectDataSource1 as the data source control for this control. Note that once you do this, the GridView control expands to include all the appropriate columns from the result set you specified earlier from the AdventureWorks database.

Now, in the same smart tag, enable paging by selecting the appropriate check boxes. The code generated by Visual Studio is shown here:

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb"
    Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Consuming Application</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <asp:GridView ID="GridView1" runat="server" AllowPaging="True"
         AutoGenerateColumns="False"
         DataKeyNames="EmployeeID" DataSourceID="ObjectDataSource1">
            <Columns>
                <asp:BoundField DataField="EmployeeID" HeaderText="EmployeeID"
                 InsertVisible="False"
                 ReadOnly="True" SortExpression="EmployeeID" />
                <asp:BoundField DataField="Title" HeaderText="Title"
                 SortExpression="Title" />
                <asp:BoundField DataField="Gender" HeaderText="Gender"
                 SortExpression="Gender" />
                <asp:BoundField DataField="HireDate" HeaderText="HireDate"
                 SortExpression="HireDate" />
                <asp:BoundField DataField="EXPR1" HeaderText="EXPR1"
                 SortExpression="EXPR1" />
                <asp:BoundField DataField="FirstName" HeaderText="FirstName"
                 SortExpression="FirstName" />
                <asp:BoundField DataField="MiddleName" HeaderText="MiddleName"
                 SortExpression="MiddleName" />
                <asp:BoundField DataField="LastName" HeaderText="LastName"
                 SortExpression="LastName" />
                <asp:BoundField DataField="EmailAddress" HeaderText="EmailAddress"
                 SortExpression="EmailAddress" />
                <asp:BoundField DataField="Phone" HeaderText="Phone"
                 SortExpression="Phone" />
            </Columns>
        </asp:GridView>
        <asp:ObjectDataSource ID="ObjectDataSource1" runat="server"
         SelectMethod="GetEmployees"

TypeName="localhost.Service"></asp:ObjectDataSource>
    </div>
    </form>
</body>
</html>

Once the page is complete, build and run it. That's it. There is now a table in the Web form with all the data from a remote SQL Server Express Edition file that can be paged — and you did not have to write any code to achieve this functionality! The page results are shown in Figure 28-15.

Figure 28.15. Figure 28-15

Now consider doing the same thing but instead spending a little time writing some code. This is a good exercise because it offers more control over the situation (if desired), and it teaches you more about what is going on.

Create a page that includes only a GridView server control. From here, you get at the data that comes from the Web service in the Page_Load event, as shown in the following example:

<%@ Page Language="VB" %>

<script runat="server">
    Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
        Dim ws As New localhost.Service

        GridView1.DataSource = ws.GetEmployees()
        GridView1.DataBind()
    End Sub
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Consuming Application</title>

</head>
<body>
    <form id="form1" runat="server">
    <div>
        <asp:GridView ID="GridView1" Runat="server"
         AllowPaging="True" AllowSorting="True">
        </asp:GridView>
    </div>
    </form>
</body>
</html>

The first line of code contained in the Page_Load event instantiates the proxy object that was created for you. The next line assigns the DataSource property of the GridView server control to the result set from the GetEmployees WebMethod call. Finally, you close everything by calling the DataBind method of the GridView control. By compiling and running the XML Web Service, you can retrieve from the database the view of the Employees table that you created earlier from the AdventureWorks database. A returned dataset contains a wealth of information, including the following:

• An XSD definition of the XML contained in the DataSet

• The employee information from the Employees table of the AdventureWorks database

On the consumption side, consumers of this XML Web Service can easily use the XSD definition and the XML contained within the DataTable within their own applications. If users are then consuming this DataTable into .NET applications, they can easily bind this data to a GridView and use it within their applications with minimal lines of code.

You can build upon the sample HelloWorld Web service presented in the default .asmx page when it is first pulled up in Visual Studio. Name the new .asmx file HelloSoapHeader.asmx. Add a class that is an object representing what is to be placed in the SOAP header by the client, as shown in the following example:

Public Class HelloHeader
   Inherits System.Web.Services.Protocols.SoapHeader

   Public Username As String
   Public Password As String
End Class

The class, representing a SOAP header object, has to inherit from the SoapHeader class from System.Web.Services.Protocols.SoapHeader. The SoapHeader class serializes the payload of the <soap:header> element into XML for you. In this example, the SOAP header requires two elements — a username and a password, both of type String. The names you create in this class are those used for the sub-elements of the SOAP header construction, so it is important to name them descriptively.

The following code shows the Web service class that instantiates an instance of the HelloHeader class:

<WebService(Namespace:="http://www.wrox.com/helloworld")> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1, _
  EmitConformanceClaims:=True)> _
Public Class HelloSoapHeader
Inherits System.Web.Services.WebService

    Public myHeader As HelloHeader

    <WebMethod(), SoapHeader("myHeader")> _
    Public Function HelloWorld() As String
        If (myHeader Is Nothing) Then
           Return "Hello World"
        Else
           Return "Hello " & myHeader.Username & ". " & _
              "<br>Your password is: " & myHeader.Password
        End If
    End Function

End Class

The Web service, HelloSoapHeader, has a single WebMethod — HelloWorld. Within the Web service class, but outside of the WebMethod itself, create an instance of the SoapHeader class:

Public myHeader As HelloHeader

Now that you have an instance of the HelloHeader class that you created earlier, myHeader, you can use that instantiation in your WebMethod. Because Web services can contain any number of WebMethods, it is not necessary for all WebMethods to use an instantiated SOAP header. You specify whether a WebMethod uses a particular instantiation of a SOAP header class by placing the SoapHeader attribute before the WebMethod declaration:

<WebMethod(), SoapHeader("myHeader")> _
Public Function HelloWorld() As String
   ' Code here
End Function

Here, the SoapHeader attribute takes a string value of the name of the instantiated SoapHeader class — in this case, myHeader.

The WebMethod actually makes use of the myHeader object. If the myHeader object is not found (meaning the client did not send a SOAP header with the constructed SOAP message), then a simple "Hello World" is returned. However, if values are provided in the header of the SOAP request, then those values are used in the returned string value.

It is not difficult to build an ASP.NET application that makes a SOAP request to a Web service using SOAP headers. As with Web services that do not include SOAP headers, you make a Web reference to the remote Web service directly in Visual Studio.

For the ASP.NET page, create a simple page with a single Label control. The output of the Web service is placed in this control. Following is the code for the ASP.NET page:

<%@ Page Language="VB" %>

<script runat="server">
    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
        Dim ws As New localhost.HelloSoapHeader()
        Dim wsHeader As New localhost.HelloHeader()

        wsHeader.Username = "Bill Evjen"
        wsHeader.Password = "Bubbles"
        ws.HelloHeaderValue = wsHeader

        Label1.Text = ws.HelloWorld()
    End Sub
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Working with SOAP headers</title>

</head>
<body>
    <form id="form1" runat="server">
    <div>
        <asp:Label ID="Label1" Runat="server"></asp:Label>
    </div>
    </form>
</body>
</html>

Two objects are instantiated. The first is the actual Web service, HelloSoapHeader. The second, which is instantiated as wsHeader, is the SoapHeader object. After both of these objects are instantiated and before making the SOAP request in the application, you construct the SOAP header. This is as easy as assigning values to the Username and Password properties of the wsHeader object. After these properties are assigned, you associate the wsHeader object to the ws object through the use of the HelloHeaderValue property. After you have made the association between the constructed SOAP header object and the actual WebMethod object (ws), you can make a SOAP request, just as you would normally do:

Label1.Text = ws.HelloWorld()

Running the page produces the result shown in Figure 28-19.

Figure 28.19. Figure 28-19

Note that the SOAP request reveals that the SOAP header was indeed constructed into the overall SOAP message, as shown in the following SOAP request:

<?xml version="1.0" encoding="utf-8" ?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:xsd="http://www.w3.org/2001/XMLSchema">
   <soap:Header>
      <HelloHeader xmlns="http://www.wrox.com/helloworld/">
         <Username>Bill Evjen</Username>
         <Password>Bubbles</Password>
      </HelloHeader>
   </soap:Header>
   <soap:Body>
      <HelloWorld xmlns="http://www.wrox.com/helloworld/" />
   </soap:Body>
</soap:Envelope>

This returns the SOAP response shown here:

<?xml version="1.0" encoding="utf-8" ?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:xsd="http://www.w3.org/2001/XMLSchema">
   <soap:Body>
      <HelloWorldResponse xmlns="http://www.wrox.com/helloworld/">
         <HelloWorldResult>Hello Bill Evjen. Your password is:
          Bubbles</HelloWorldResult>
      </HelloWorldResponse>
   </soap:Body>
</soap:Envelope>

Most Web services use SOAP version 1.1 for the construction of their messages. However, SOAP 1.2 became a W3C Recommendation in June 2003 (see www.w3.org/TR/soap12-part1/). The nice thing about XML Web Services in the .NET Framework platform is that they are capable of communicating in both the 1.1 and 1.2 versions of SOAP.

In an ASP.NET application that is consuming a Web service, you can control whether the SOAP request is constructed as a SOAP 1.1 message or a 1.2 message. The next example changes the previous example to use SOAP 1.2 instead of the default setting of SOAP 1.1:

<%@ Page Language="VB" %>

<script runat="server">
    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
        Dim ws As New localhost.HelloSoapHeader()
        Dim wsHeader As New localhost.HelloHeader()

        wsHeader.Username = "Bill Evjen"
        wsHeader.Password = "Bubbles"
        ws.HelloHeaderValue = wsHeader

        ws.SoapVersion = System.Web.Services.Protocols.SoapProtocolVersion.Soap12

        Label1.Text = ws.HelloWorld()
    End Sub
</script>

This example first provides an instantiation of the Web service object and uses the new SoapVersion property. The property takes a value of System.Web.Services.Protocols.SoapProtocolVersion.Soap12 to work with SOAP 1.2 specifically. With this bit of code in place, the SOAP request takes the structure shown here:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:xsd="http://www.w3.org/2001/XMLSchema">
   <soap:Header>

<HelloHeader xmlns="http://www.wrox.com/helloworld/">
         <Username>Bill Evjen</Username>
         <Password>Bubbles</Password>
      </HelloHeader>
   </soap:Header>
   <soap:Body>
      <HelloWorld xmlns="http://www.wrox.com/helloworld/" />
   </soap:Body>
</soap:Envelope>

One difference between the two examples is the xmlns:soap namespace that is used. The difference actually resides in the HTTP header. Comparing the SOAP 1.1 and SOAP 1.2 messages, you can see a difference in the Content-Type attribute. In addition, the SOAP 1.2 HTTP header does not use the soapaction attribute because this is now combined with the Content-Type attribute.

You can turn off either SOAP 1.1 or SOAP 1.2 capabilities with the Web services that you build by making the proper settings in the web.config file, as illustrated here in this snippet of configuration code:

<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
   <system.web>
      <webServices>
         <protocols>
            <remove name="HttpSoap"/> <!-- Removes SOAP 1.1 abilities -->
            <remove name="HttpSoap1.2"/> <!-- Removes SOAP 1.2 abilities -->
         </protocols>
      </webServices>
   </system.web>
</configuration>

The System.Web.Services namespace includes the following component classes:

The WebService class is the base class from which all the ASP.NET services are derived, and it includes access to the public properties for Application, Context, Server, Session, Site, and User. ASP programmers will recognize these objects from the ASP namespace. Web services can access the IIS object model from the WebService class, including application-level variables:

Imports System.Web
Imports System.Web.Services
Imports System.Web.Services.Protocols

<WebService(Namespace:="http://www.lipperweb.com/namespace")> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
Public Class Util
    Inherits System.Web.Services.WebService

   <WebMethod(Description:="Application Hit Counter", EnableSession:=False)> _
    Public Function HitCounter() As String

       Dim HitCounter As Integer

       If (Application("HitCounter") Is DBNull.Value) Then
          Application("HitCounter") = 1
       Else
          Application("HitCounter") = Application("HitCounter") + 1
       End If

       HitCounter = Application("HitCounter")

       Return HitCounter

    End Function

End Class

WebService is an optional base class, used only if access to ASP.NET objects is desired. The WebMethodAttribute class, however, is a necessity if the class needs to be available over the Web.

The WebServiceAttribute class is similar to the WebMethodAttribute class in that it enables the addition of the description string to an entire class, rather than method by method. We recommend adding it before the previous class declaration:

<WebService(Description:="Common Server Variables")> _
Public Class ServerVariables
    Inherits System.Web.Services.WebService

Instead of using WSDL in the contract to describe these services, the System.Web.Services namespace provides programmatic access to these properties. IIS Service Discovery uses these descriptions when queried. This way, you have removed the necessity to struggle with myriad protocols surrounding Service Contract Language and SOAP.

The System.Web.Services.Description namespace provides a host of classes that provide total management of the WSDL descriptions for your Web service. This object manages every element in the WSDL schema as a class property.

For example, the preceding discussion on the benefits of WSDL description mentioned being able to query a Web service about its methods and parameters. The System.Web.Services.Description namespace provides methods for the discovery of methods and parameters, gathering the information from the service contract and providing it to the object model in Visual Basic code.

When working on the HTTP GET protocol (as opposed to SOAP, for instance), simply pass in the required sEmail parameter through the use of a querystring. You can find details about this in the Web service's WSDL description. In the successive <wsdl:message> sections, you can find all parameter information for all three protocols, including HTTP GET (if enabled via the web.config file):

<wsdl:message name="IsValidEmailHttpGetIn">
   <wsdl:part name="sEmail" type="s:string" />
</wsdl:message>
<wsdl:message name="IsValidEmailHttpGetOut">
   <wsdl:part name="Body" element="tns:boolean" />
</wsdl:message>

Invoking this Web service using HTTP GET, use the following construct:

http://localserver/[email protected]

Note that HTTP GET is disabled by default because it is deemed a security risk. If you wish to enable HTTP GET for your XML Web Services, then configure it for this in the web.config file of your Web service solution, as shown here:

<configuration>
   <system.web>
      <webServices>
         <protocols>
            <add name="HttpGet"/>
         </protocols>
      </webServices>
   </system.web>
</configuration>

The System.Web.Services.Discovery namespace provides access to all of the wonderful features of the .disco files on a dynamic basis. Because Microsoft is currently trying to integrate Web services as a remoting protocol and is not pushing the public service side as much, you don't see the use of .disco files as often in the Microsoft side of things. Your business partner might be using them, though, so this namespace proves useful. For instance, you can access the DiscoveryDocument using the Discovery class:

Imports System.Web.Services.Discovery

ReadOnly Property DiscoveryDocument(strURL As String) As DiscoveryDocument
   Get
      DiscoveryDocument = DiscoveryClientProtocol.Discover(strURL)
   End Get
End Property

Like the System.Web.Services.Description namespace, the System.Web.Services.Discovery namespace provides many tools to build a .disco document on the fly.

All of the wire service problems solved with HTTP and SOAP are handled in the System.Web.Services.Protocols namespace. When handling references to classes also referenced in other Web service namespaces, the System.Web.Services.Protocols namespace proves to be a handy tool. Objects referenced by the System.Web.Services.Protocols namespace include the following (among others):

The System.Web.Services.Protocols namespace is particularly handy for managing the connection type by a client. A consumer of a Web service can use the HTTP GET or HTTP POST protocol to call a service, as well as the HTTP SOAP protocol. Microsoft's .NET initiative focuses on SOAP as the ultimate means of connecting disparate data sources. The System.Web.Services.Protocols.SoapDocumentMethodAttribute class enables developers to set special attributes of a public method for when a client calls it using SOAP:

Imports System.Web
Imports System.Web.Services
Imports System.Web.Services.Protocols

<WebService(Namespace:="http://www.lipperweb.com/namespace")> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
Public Class Util
    Inherits System.Web.Services.WebService

  <SoapDocumentMethod(Action:="http://MySoapMethod.org/Sample", _
   RequestNamespace:="http://MyNamespace.org/Request", _
   RequestElementName:="GetUserNameRequest", _
   ResponseNamespace:="http://MyNamespace.org/Response", _
   ResponseElementName:="GetUserNameResponse")> _
   WebMethod(Description:="Obtains the User Name")> _
  Public Function GetUserName()
    '...
  End Function

End Class

Web services are remarkably easy to deploy with Visual Basic. The key to remoting with Web services is the WSDL contract — written in the dense WSDL protocol shown earlier. IIS 5.0, 6.0, and 7.0 does that in conjunction with the .NET Framework, analyzing the VB code and dynamically generating the WSDL code for the contract.

In addition, Web services are inherently cross-platform, even when created with Microsoft products. Yes, you have heard this before, but so far it seems to be true. The standard XML schemas are centrally managed, and IBM mostly built the WSDL specification, so Microsoft seems to have been up to standard on this one.

Finally, they best represent where the Internet is heading — toward an architecturally neutral collection of devices, rather than millions of PCs surfing the World Wide Web. Encapsulating code so that you can simply and easily allow cell phones to use your logic is a major boon to developers, even if they do not know it yet.

Note that Web services are not a feature of the .NET Framework per se. In fact, Web services run fine on Windows NT4 SP6, with the SOAP Toolkit installed. You can do most anything you are doing here with VB6 and IIS 4.0.

However, the .NET Framework encapsulates the Web service protocol into objects. It is now an integrated part of the strategy, rather than an add-on. If you are currently working in a VB6 environment, look at the SOAP Toolkit (downloadable from MSDN at http://msdn.microsoft.com/webservices), and understand that the services you build are available not only to different flavors of Windows, but also to IBM and Sun platforms.

The goal of Web services is to provide a loosely coupled, ubiquitous, universal information exchange format. Toward that end, SOAP is not the only mechanism for communicating with Web services — the HTTP GET and HTTP POST protocols are also supported by the .NET Framework. Response is via HTTP, just like normal RPCs with SOAP. This enables legacy Web applications to make use of Web services without the benefit of the .NET Framework.

The Internet is stateless by nature. Many of the techniques used for managing state in ASP.NET Web applications are the same techniques you can use within the XML Web Services built on the .NET platform. Remember that XML Web Services are part of the ASP.NET model, and both application types have the same objects at their disposal.

Therefore, just like an ASP.NET application, XML Web Services can also use the Application object or the Session object. These sessions can also be run in the same process as the XML Web Services application itself — out of process, using the .NET StateServer or by storing all the sessions within SQL Server.

To use sessions within XML Web Services built on the .NET platform, you must turn on this capability within the WebMethod attribute by using the EnableSession property. By default, the EnableSession property is set to False, so to use the HTTPSessionState object, set this property to True, as shown here:

Imports System.Web
Imports System.Web.Services
Imports System.Web.Services.Protocols

<WebService(Namespace:="http://www.lipperweb.com/namespace")> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
Public Class Service
    Inherits System.Web.Services.WebService

   <WebMethod(EnableSession:=True)> _
   Public Function SessionCounter() As Integer
      If Session("Counter") Is Nothing Then
         Session("Counter") = 1
      Else
         Session("Counter") = CInt(Session("Counter")) + 1
      End If

      Return CInt(Session("Counter"))
   End Function

End Class

The EnableSession property goes directly in the parentheses of the WebMethod declaration. This property takes a Boolean value and needs to be set to True in order to work with the Session object.

The Secure Sockets Layer (SSL) is a protocol consumed by HTTP in the transfer of Internet data from the web server to the browser. On the Web, the process works like this:

The protocol in the URI represents how HTTP would appear if it were changed to HTTPS:

<address uri="https://aspx.securedomains.com/evjen/Validate.asmx" />

The service would then make an SSL call to the server. Remember that SSL is significantly slower than HTTP, so you will suffer a performance hit. Given the sensitivity of much of the information passing over Web services, however, it is probably worth the slowdown.

You also have the option to code security into your applications. This solves different problems from SSL, and in fact you may want to combine the two services for a complete security solution.

Unauthorized access is a potential problem for any remote system, but even more so for Web services. The open architecture of the system provides crackers with all the information they need to plan an attack. Fortunately, simplicity is often the best defense. Using the NT security options already on the server is the best way to defend against unauthorized users.

You can use NTFS permissions for individual directories within an application and require users to provide a valid username and password combination if they want to access the service.

The best approach to security is to use SSL and directory-level security together. It is slow, and at times inconvenient, but this is a small price to pay for the heightened level of security. Though this is different from the traditional role-based COM + security, it is still very effective for running information across the wire.

The Windows platform also provides for other forms of security. For instance, the Windows CryptoAPI supplies access to most of the commonly used encryption algorithms — aside from the protocols used in the Secure Sockets Layer. Digital certificates (sort of a personal form of SSL ServerCertificates) are now rapidly becoming a powerful force in security.

The key to the issue and solution of security problems is the management of client expectations. If Web services are built securely to begin with, then you won't face situations that draw concern or scrutiny. Consider the security of everything you write. It's fairly easy, and the payoff is great.

State is less of a problem in a distributed architecture because in Windows DNA, Microsoft has been saying for years that n-tier statefulness has to go. Most developers are used to the idea, but if you are not, then you need to get on the boat with the rest of us. Architect your solutions to be loosely coupled, which is what Web services are designed to do.

Web services are not made for transactional systems. If the web server at MyCompany.com were to access a database at UPS, for example, and the connection dropped in the middle, the lock on the database would remain without giving the network system at UPS a chance to solve the problem. Web services are by nature loosely coupled. They are not designed for tight transactional integration.

A common use of Web services, communication between differing systems, prompted a number of technology architects to design several XML transaction protocols, such as 2PC. These packages provide the two systems with an understanding that the network link will remain stable.

Speed and connectivity are going to be a continuing problem until we have the ubiquitous bandwidth George Gilder talks about in his book Telecosm (Free Press, 2000). Right now, the majority of Internet devices that could really benefit from Web services — cell phones, PDAs, and the like — are stuck at the paltry 14,000 bits per second currently supported by most wireless providers.

For application development, this is a concern because when the router goes down, the application goes down. Right now, intranets continue to function when the ISP drops the ISDN. With Web services running the links to customers and suppliers, that ISDN line becomes the company lifeline. Redundancy of connections and a firm partnership with your service provider are the only solution.