ASP.NET Web.config related Interview Questions

1). What is web.config file in asp.net?
Web.config is the main settings and configuration file for an ASP.NET web application. The file is an xml document that defines configuration information regarding the web application.This file stores the information about how the web application will act. 

2). Does web.config file case-sensitive?
Yes.

3). Web.config file is stored in which form?
Web.config files are stored in XML format.

4). Can one directory contain multiple web.config files?
No. One directory can contain only one file.

5). Can you tell the location of the root web.confit file from which all web.config file inherit ?
All the Web.config files inherit the root Web.config file available at the following location systemroot\Microsoft.NET\Framework\versionNumber\CONFIG\Web.config


6). What is the root tag of web.config file ?
<configuration> tag is the root element of the Web.config file under which it has all the remaining sub elements.

7). What is the use of customErrors tag in web.config file ?
CustomErrors tag provides information about custom error messages for an ASP.NET application. The customErrors element can be defined at any level in the application file hierarchy.

Code:

<customErrors defaultRedirect ="Error.aspx" mode ="Off">
   <error statusCode ="401" redirect ="Unauthorized.aspx"/>
</customErrors>

The customErrors section consists of defaultRedirect and mode attributes which specify the default redirect page and the on/off mode respectively.
The subsection of customErrors section allows redirecting to specified page depending on the error status code.
400 Bad Request
401 Unauthorized
404 Not Found
408 Request Timeout

8). Can you describe the funcnalitity of <httpHandlers> tab in web.config?
HttpHandler is a code that executes when an http request for a specific resource is made to the server. For example, request an .aspx page the ASP.NET page handler is executed, similarly if an .asmx file is requested, the ASP.NET service handler is executed. An HTTP Handler is a component that handles the ASP.NET requests at a lower level than ASP.NET is capable of handling.

9). What is authentication tag/section in web.config?
ASP.NET implements additional authentication schemes using authentication providers, which are separate from and apply only after the IIS authentication schemes. ASP.NET supports the following authentication providers:
Windows (default)
Forms
Passport
None
To enable an authentication provider for an ASP.NET application, use the authentication element in either machine.config or Web.config as follows:

Code:

<system.web>
   <!-- mode=[Windows|Forms|Passport|None] -->
   <authentication mode="Windows" />
</system.web>

10). For which purpose you use <appSettings> tag?
appSettings tag helps us to store the application settings information like connection strings, file paths, URLs, port numbers, custom key value pairs, etc.
Ex:-

Code:

<appSettings>
    <add key="ConString" value="Data Srouce=....."/>
</appSettings>

11). What is the use of connectionStrings tag?
<connectionStrings> is the most common section of web.config file which allows you to store multiple connection strings that are used in the application.

Code:

<connectionStrings>
    <add name ="ConString" connectionString ="Initial Catalog = abc;
        Data Source =localhost; Integrated Security = true"/>
</connectionStrings>

12). Can you write down the C# code for reading connection string which is defined in web.config?

Code:

string cnn = ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;

Authenticate .NET Web Service with Custom SOAP Header in Sql Server

Authenticate .NET Web Service with Custom SOAP Header in Sql Server 

First step open Web Services 

Basically all the client needs to do is create an authentication object, fill out the username and password, then pass them to the web service object. The web service code is also pretty simple, the .NET framework lets you create custom SOAP headers by deriving from the SoapHeader class, so we wanted to add a username and password:

and create Authenticate Program .create and UserMaster Table 

Create Table UserMaster(UserId int identity ket(1,1),UserName varchar(20),UserPwd varchar(50))

then after we can create a web services in asp.net add + web services 


using System;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using System.Data;
using System.Data.SqlClient;

[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line. 
// [System.Web.Script.Services.ScriptService]
public class Service : System.Web.Services.WebService
{
    public MyHeader consumer;
    public SqlConnection con = null;
    public SqlCommand cmd = null;
    
    public Service () 
    {

        con = new SqlConnection("server=10.21.157.35;database=elekha;uid=elekha;pwd=iamdoingaccounts;");

    }

    [WebMethod]
    [SoapHeader("consumer", Required = true)]
    public string GetBalance() 
    {
        if (checkConsumer())
            return consumer.UserName + " had 9999999999999 credit";
        else
            return "Error in authentication";
    }
    private bool checkConsumer()
    {
        try
        {
            // In this method you can check the username and password 
            // with your database or something
            // You could also encrypt the password for more security
            
                con.Open();
            

            cmd = new SqlCommand("select * from UserMaster where UserName='"+consumer.UserName+"' and UserPwd='"+consumer.Password+"'", con);
            SqlDataReader rd = cmd.ExecuteReader();
            if (consumer != null)
            {
                if (rd.Read())
                {
                    return true;
                    
                }
                else return false;
            }
            else { return false; }
            con.Close();
            //if (consumer != null)
            //{
            //    if (consumer.UserName == "virendra" && consumer.Password == "1234")
            //        return true;
            //    else
            //        return false;
            //}
            //else
            //    return false;
        }
        catch (Exception ex)
        {
            throw ex;
        }
    }
    public class MyHeader : SoapHeader
    {
        public string UserName;
        public string Password;
    }
}
==========================================================
I should also mention that when I say SOAP headers, I actually mean the soap:Header element in a SOAP request, it has nothing to do with the HTTP headers sent with the request. The SOAP request looks something like:
then we can call the Web services in front end 

or .aspx Page


<asp:Panel ID="Panel1" runat="server" BackColor="#CCFFCC" Height="200px" 
        Width="300px">
        <br />
        <br />
        User_Name ::
        <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
        <br />
        <br />
        Password&nbsp; ::&nbsp;&nbsp;
        <asp:TextBox ID="TextBox2" runat="server"></asp:TextBox>
        <br />
        <br />
        <br />
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        <asp:Button ID="Button1" runat="server" BackColor="#99CCFF" 
            onclick="Button1_Click" Text="Button" />
    </asp:Panel>

We just get reference to the service and the SOAP header, assign the SOAP header properties, attach it with the SOAP message and then make our call to the web method.
then code behind page Or aspx.cs Page


protected void Button1_Click(object sender, EventArgs e)
    {
        MyWebServices.Service ws = new MyWebServices.Service();
        MyWebServices.MyHeader sh = new MyWebServices.MyHeader();
        sh.UserName = TextBox1.Text.ToString();
        sh.Password = TextBox2.Text.ToString();
        ws.MyHeaderValue = sh;
        Response.Write("<script>alert('"+ws.GetBalance()+"')</script>");
    }



=====================================

Using SOAP Headers with ASP.NET 2.0 Web Services

Using SOAP Headers with ASP.NET 2.0 Web Services

by Thiru Thangarathinam

When you communicate with a Web service using SOAP, the SOAP message that is sent to the Web service follows a standard format. The XML document inside the SOAP message is structured into two main parts: the optional headers and the mandatory body. The Body element comprises the data specific to the message. The optional Header element can contain additional information not directly related to the particular message. Each child element of the Header element is called a SOAP header.

SOAP headers are also a good place to put optional information, and a good means to supporting evolving interfaces. For example, imagine your bank allows you to manage multiple accounts with one ATM card. If you use your bank's ATM, you now have to specify if you want the withdrawal to be made from my primary, secondary, or tertiary account. If you use an ATM from another bank that isn't affiliated with you bank, you do not get asked that question. So the account identifier is clearly an optional parameter, with a reasonable default.

ASP.NET provides a mechanism for defining and processing SOAP headers. You can define a new SOAP header by deriving from the SoapHeader class. After you define a SOAP header, you can then associate the header with a particular endpoint within the Web service by using the SoapHeaderattribute. Table 1 lists the properties exposed by the SoapHeader class.

Table 1. Properties of the SoapHeader Class

Property	Description
Actor	Indicates the intended recipient of the header.
DidUnderstand	Indicates whether a header whose mustUnderstand attribute istrue was understood and processed by the recipient.
EncodedMustUnderstand	Indicates whether a header whose mustUnderstand attribute istrue and whose value is encoded was understood and processed by the recipient. This property is used when communicating with the SOAP 1.1 version.
EncodedMustUnderstand12	Very similar to EncodedMustUnderstand except that it is used in conjunction with SOAP 1.2 version.
MustUnderstand	Indicates whether the header must be understood and processed by the recipient.
Relay	Indicates if the SOAP header is to be relayed to the next SOAP node if the current node does not understand the header.
Role	Indicates the recipient of the SOAP header.

By default, the name of the class derived from SoapHeader will become the name of the root header element, and any public fields or properties exposed by the class will define elements within the header. SOAP headers are defined by classes derived from the SoapHeader class. Elements within the header are defined by public fields or read/writable properties.

Implementing a SOAP Header Class

Imagine you want to modify the QuotesService used in the previous examples to accept a SOAP header that contains the payment information. Listing 1 illustrates the definition of the Payment header.

Listing 1: SOAP Header Declaration

using System;
using System.Xml;
using System.Xml.Serialization;
using System.Web.Services.Protocols;
public class SoapPaymentHeader : SoapHeader
{
  private string nameOnCard;
  private string creditCardNumber;
  private CardType creditCardType;
  private DateTime expirationDate; 
  public string NameOnCard
  {
    get { return nameOnCard; }
    set { nameOnCard = value; }
  }
  public string CreditCardNumber
  {
    get { return creditCardNumber; }
    set { creditCardNumber = value; }
  }
  public CardType CreditCardType
  {
    get { return creditCardType; }
    set { creditCardType = value; }
  }
  public DateTime ExpirationDate
  {
    get { return expirationDate; }
    set { expirationDate = value; }
  } 
}

The preceding class definition defines a SOAP header named SoapPaymentHeader with four child elements: NameOnCard, CreditCardNumber, CreditCardType, and ExpirationDate.

This code uses an enum named CardType that is declared as follows:

public enum CardType
{
  VISA,
  MASTERCARD,
  AMX,
  DISCOVER
}

After you define the headers, the next step is to associate them with the actual Web service method.

Processing the SOAP Header from a Web Service

The SoapHeader attribute is used to associate a SOAP header with a Web method. A public member variable is added to the WebService class to hold an instance of the class derived from theSoapHeader class. The name of the member variable is then communicated to the ASP.NET runtime via the SoapHeader attribute. Listing 2 shows the modified QuotesService class definition that is now capable of processing the SoapPaymentHeader.
Listing 2: Web Service Method That Processes the SOAP Header

using System;
using System.Xml;
using System.Web;
using System.Collections;
using System.Web.Services;
using System.Web.Services.Protocols;
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
public class QuotesService : System.Web.Services.WebService
{
  public SoapPaymentHeader paymentHeader;
  [WebMethod(Description = 
   "Returns real time quote for a given stock ticker")]
  [SoapHeader("paymentHeader", Direction = SoapHeaderDirection.In)]
  public double GetStockPriceWithPayment(string symbol)
  {
    //Process the SOAP header
    if (paymentHeader != null)
    {
      string nameOnCard = paymentHeader.NameOnCard;
      string creditCardNumber = paymentHeader.CreditCardNumber;
      CardType type = paymentHeader.CreditCardType;
      DateTime ExpirationDate = paymentHeader.ExpirationDate;
      //Process the payment details
      //.........
      ///End Processing
    }
    else 
      throw new SoapHeaderException("Invalid information in SOAP Header", 
        SoapException.ClientFaultCode);
    double price;
    switch (symbol.ToUpper())
    {
      case "INTC":
        price = 70.75;
        break;
      case "MSFT":
        price = 50;
        break;
      case "DELL":
        price = 42.25;
        break;
      default:
        throw new SoapException("Invalid Symbol", 
   SoapException.ClientFaultCode,
          "http://wrox.com/quotes/GetStockPriceWithPayment");
    }
    return price;
  }
}

Listing 2 declares a member variable named paymentHeader to hold the data contained in the payment SOAP header.

public SoapPaymentHeader paymentHeader;

Note that you do not create an instance of the SoapPaymentHeader class because the ASP.NET runtime is responsible for creating this object and populating its properties with the data contained within the payment header received from the client.
Next you add two SoapHeader attributes to declare that the headers should formally be described as part of the Web method. The constructor of the SoapHeader attribute takes a string that contains the name of the public member variable that should be associated with the SOAP header.

[SoapHeader("paymentHeader", Direction = SoapHeaderDirection.In)]

You set the Direction property to SoapHeaderDirection.In. The Direction property indicates whether the client or the server is supposed to send the header. In this case, because the payment header is received from the client, you set the Direction property to SoapHeaderDirection.In. If a SOAP header is received from the client and then also sent back to the client, the value of theDirection property should be set to SoapHeaderDirection.InOut.
Next the code processes the contents of the SOAP payment header. If the payment header information is not passed in, you throw a SoapHeaderException back to the callers.

throw new SoapHeaderException("Invalid information in SOAP Header", 
  SoapException.ClientFaultCode);

The rest of the implementation is similar to the previous example.
Now that you have associated the payment header with the Web method, the next task is to send the payment SOAP header from the client. Listing 3 shows the ASP.NET pages that creates an instance of the SOAP payment header and sends that as part of the SOAP request that is sent to the server.
Listing 3: Passing SOAP Header Information to a Web Service Method

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Services.Protocols" %>
<script runat="server">
  void btnGetQuote_Click(object sender, EventArgs e)
  {
    try
    {
      QuotesProxy.SoapPaymentHeader header = new 
        QuotesProxy.SoapPaymentHeader();
      header.CreditCardNumber = "xxxxxxxxxxxxxxxx";
      header.CreditCardType = QuotesProxy.CardType.VISA;
      header.NameOnCard = "XXXXXX";
      header.ExpirationDate = DateTime.Today.AddDays(365);
      QuotesProxy.QuotesService obj = new QuotesProxy.QuotesService();
      obj.SoapPaymentHeaderValue = header;
      output.Text = 
    obj.GetStockPriceWithPayment(txtSymbol.Text).ToString();
    }
    catch (SoapHeaderException soapEx)
    {            
      output.Text = "Actor : " + soapEx.Actor + "<br><br>";
      output.Text += "Code  : " + soapEx.Code + "<br><br>";
      output.Text += "Message: " + soapEx.Message + "<br><br>";
      output.Text += "Detail: 
    " + Server.HtmlEncode(soapEx.Detail.OuterXml);
    }
    catch (Exception ex)
    {
      output.Text = "Exception is : " + ex.Message;
    }
  }
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
  <title>Passing SOAP Headers to a Web Service Method</title>
</head>
<body>
  <form id="form1" runat="server">
    <div>
      Enter Stock Symbol: <asp:TextBox runat="server" ID="txtSymbol" />
      <asp:Button Text="Get Quote" runat="server" ID="btnGetQuote" 
        OnClick="btnGetQuote_Click" />
      <br /><br /><br />
      <asp:Label Font-Bold=true runat="server" ID="output" />
    </div>
  </form>
</body>
</html>

To start with, Listing 3 creates an instance of the SoapPaymentHeader object and sets its properties to appropriate values. It then sets the SoapPaymentHeaderValue property of the proxy object to theSoapHeader object.

obj.SoapPaymentHeaderValue = header;

After you set the SoapPaymentHeaderValue property, the contents of the SOAP header will be automatically transferred as part of the SOAP message. Next you also handle any errors thrown by the Web service using two catch blocks: SoapHeaderException block and a generic Exception block.

Introduction Web services 1.0

Introduction Web services 

Web services are open standard ( XML, SOAP, HTTP etc.) based Web applications that interact with other web applications for the purpose of exchanging data

Web Services can convert your existing applications into Web-applications.

In this tutorial you will learn what exactly Web Services are and Why and How to use them.

What are Web Services

Few definitions are given here and all the definitions are correct.

• A web service is any piece of software that makes itself available over the internet and uses a standardized XML messaging system. XML is used to encode all communications to a web service. For example, a client invokes a web service by sending an XML message, then waits for a corresponding XML response. Because all communication is in XML, web services are not tied to any one operating system or programming language--Java can talk with Perl; Windows applications can talk with Unix applications.
• Web Services are self-contained, modular, distributed, dynamic applications that can be described, published, located, or invoked over the network to create products, processes, and supply chains. These applications can be local, distributed, or Web-based. Web services are built on top of open standards such as TCP/IP, HTTP, Java, HTML, and XML.
• Web services are XML-based information exchange systems that use the Internet for direct application-to-application interaction. These systems can include programs, objects, messages, or documents.
• A web service is a collection of open protocols and standards used for exchanging data between applications or systems. Software applications written in various programming languages and running on various platforms can use web services to exchange data over computer networks like the Internet in a manner similar to inter-process communication on a single computer. This interoperability (e.g., between Java and Python, or Windows and Linux applications) is due to the use of open standards.

To summarize, a complete web service is, therefore, any service that:

• Is available over the Internet or private (intranet) networks
• Uses a standardized XML messaging system
• Is not tied to any one operating system or programming language
• Is self-describing via a common XML grammar
• Is discoverable via a simple find mechanism

Components of Web Services?

The basic Web services platform is XML + HTTP. All the standard Web Services works using following components

• SOAP (Simple Object Access Protocol)
• UDDI (Universal Description, Discovery and Integration)
• WSDL (Web Services Description Language)

All these components have been discussed in Web Services Architecture section.

How Does it Work?

You can build a Java-based Web Service on Solaris that is accessible from your Visual Basic program that runs on Windows. You can also use C# to build new Web Services on Windows that can be invoked from your Web application that is based on JavaServer Pages (JSP) and runs on Linux.

An Example

Consider a simple account-management and order -processing system. The accounting personnel use a client application built with Visual Basic or JSP to create new accounts and enter new customer orders.

The processing logic for this system is written in Java and resides on a Solaris machine, which also interacts with a database to store the information.

The steps illustrated above are as follows:

1. The client program bundles the account registration information into a SOAP message.
2. This SOAP message is sent to the Web Service as the body of an HTTP POST request.
3. The Web Service unpacks the SOAP request and converts it into a command that the application can understand. The application processes the information as required and responds with a new unique account number for that customer.
4. Next, the Web Service packages up the response into another SOAP message, which it sends back to the client program in response to its HTTP request.
5. The client program unpacks the SOAP message to obtain the results of the account registration process. For further details regarding the implementation of Web Services technology, read about the Cape Clear product set and review the product components.

Why Web Services ?

Here are the benefits of using Web Services

• Exposing the existing function on to network:

  A Web service is a unit of managed code that can be remotely invoked using HTTP, that is, it can be activated using HTTP requests. So, Web Services allows you to expose the functionality of your existing code over the network. Once it is exposed on the network, other application can use the functionality of your program.

• Connecting Different Applications ie Interoperability:

  Web Services allows different applications to talk to each other and share data and services among themselves. Other applications can also use the services of the web services. For example VB or .NET application can talk to java web services and vice versa. So, Web services is used to make the application platform and technology independent.

• Standardized Protocol:

  Web Services uses standardized industry standard protocol for the communication. All the four layers (Service Transport, XML Messaging, Service Description and Service Discovery layers) uses the well defined protocol in the Web Services protocol stack. This standardization of protocol stack gives the business many advantages like wide range of choices, reduction in the cost due to competition and increase in the quality.

• Low Cost of communication:

  Web Services uses SOAP over HTTP protocol for the communication, so you can use your existing low cost internet for implementing Web Services. This solution is much less costly compared to proprietary solutions like EDI/B2B. Beside SOAP over HTTP, Web Services can also be implemented on other reliable transport mechanisms like FTP etc.
  
  
  Services Behavioral Characteristics

  Web services have special behavioral characteristics XML-based Web Services uses XML at data representation and data transportation layers. Using XML eliminates any networking, operating system, or platform binding. So Web Services based applications are highly interoperable application at their core level. Loosely coupled A consumer of a web service is not tied to that web service directly. The web service interface can change over time without compromising the client's ability to interact with the service. A tightly coupled system implies that the client and server logic are closely tied to one another, implying that if one interface changes, the other must also be updated. Adopting a loosely coupled architecture tends to make software systems more manageable and allows simpler integration between different systems. Coarse-grained Object-oriented technologies such as Java expose their services through individual methods. An individual method is too fine an operation to provide any useful capability at a corporate level. Building a Java program from scratch requires the creation of several fine-grained methods that are then composed into a coarse-grained service that is consumed by either a client or another service. Businesses and the interfaces that they expose should be coarse-grained. Web services technology provides a natural way of defining coarse-grained services that access the right amount of business logic. Ability to be synchronous or asynchronous Synchronicity refers to the binding of the client to the execution of the service. In synchronous invocations, the client blocks and waits for the service to complete its operation before continuing. Asynchronous operations allow a client to invoke a service and then execute other functions. Asynchronous clients retrieve their result at a later point in time, while synchronous clients receive their result when the service has completed. Asynchronous capability is a key factor in enabling loosely coupled systems. Supports Remote Procedure Calls (RPCs) Web services allow clients to invoke procedures, functions, and methods on remote objects using an XML-based protocol. Remote procedures expose input and output parameters that a web service must support. Component development through Enterprise JavaBeans (EJBs) and .NET Components has increasingly become a part of architectures and enterprise deployments over the past couple of years. Both technologies are distributed and accessible through a variety of RPC mechanisms. A web service supports RPC by providing services of its own, equivalent to those of a traditional component, or by translating incoming invocations into an invocation of an EJB or a .NET component. Supports document exchange One of the key advantages of XML is its generic way of representing not only data, but also complex documents. These documents can be simple, such as when representing a current address, or they can be complex, representing an entire book or RFQ. Web services support the transparent exchange of documents to facilitate business integration.

  Web Services Architecture

  There are two ways to view the web service architecture.

  • The first is to examine the individual roles of each web service actor.
  • The second is to examine the emerging web service protocol stack.

  1. Web Service Roles

  There are three major roles within the web service architecture:

  • Service provider:
    This is the provider of the web service. The service provider implements the service and makes it available on the Internet.
  • Service requestor
    This is any consumer of the web service. The requestor utilizes an existing web service by opening a network connection and sending an XML request.
  • Service registry
    This is a logically centralized directory of services. The registry provides a central place where developers can publish new services or find existing ones. It therefore serves as a centralized clearinghouse for companies and their services.

  2. Web Service Protocol Stack

  A second option for viewing the web service architecture is to examine the emerging web service protocol stack. The stack is still evolving, but currently has four main layers.

  • Service transport
    This layer is responsible for transporting messages between applications. Currently, this layer includes hypertext transfer protocol (HTTP), Simple Mail Transfer Protocol (SMTP), file transfer protocol (FTP), and newer protocols, such as Blocks Extensible Exchange Protocol (BEEP).
  • XML messaging
    This layer is responsible for encoding messages in a common XML format so that messages can be understood at either end. Currently, this layer includes XML-RPC and SOAP.
  • Service description
    This layer is responsible for describing the public interface to a specific web service. Currently, service description is handled via the Web Service Description Language (WSDL).
  • Service discovery
    This layer is responsible for centralizing services into a common registry, and providing easy publish/find functionality. Currently, service discovery is handled via Universal Description, Discovery, and Integration (UDDI).
    As web services evolve, additional layers may be added, and additional technologies may be added to each layer.

  Next chapter explains about various components of Web Services.
  
  

  Few Words about Service Transport

  The bottom of the web service protocol stack is service transport. This layer is responsible for actually transporting XML messages between two computers.
  • Hyper Text Transfer Protocol (HTTP)
    Currently, HTTP is the most popular option for service transport. HTTP is simple, stable, and widely deployed. Furthermore, most firewalls allow HTTP traffic. This allows XMLRPC or SOAP messages to masquerade as HTTP messages. This is good if you want to easily integrate remote applications, but it does raise a number of security concerns.
  • Blocks Extensible Exchange Protocol (BEPP)
    One promising alternative to HTTP is the Blocks Extensible Exchange Protocol (BEEP).BEEP is a new IETF framework of best practices for building new protocols. BEEP is layered directly on TCP and includes a number of built-in features, including an initial handshake protocol, authentication, security, and error handling. Using BEEP, one can create new protocols for a variety of applications, including instant messaging, file transfer, content syndication, and network management
  SOAP is not tied to any specific transport protocol. In fact, you can use SOAP via HTTP, SMTP, or FTP. One promising idea is therefore to use SOAP over BEEP.
  
  

  Web Services Components

  
  

  Over the past few years, three primary technologies have emerged as worldwide standards that make up the core of today's web services technology. These technologies are:

  - XML-RPC

  This is the simplest XML based protocol for exchanging information between computers.

  • XML-RPC is a simple protocol that uses XML messages to perform RPCs.
  • Requests are encoded in XML and sent via HTTP POST.
  • XML responses are embedded in the body of the HTTP response.
  • XML-RPC is platform-independent.
  • XML-RPC allows diverse applications to communicate.
  • A Java client can speak XML-RPC to a Perl server.
  • XML-RPC is the easiest way to get started with web services.
  
  

  - SOAP

  SOAP is an XML-based protocol for exchanging information between computers.
  • SOAP is a communication protocol
  • SOAP is for communication between applications
  • SOAP is a format for sending messages
  • SOAP is designed to communicate via Internet
  • SOAP is platform independent
  • SOAP is language independent
  • SOAP is simple and extensible
  • SOAP allows you to get around firewalls
  • SOAP will be developed as a W3C standard
  SOAP is a simple and open standard XML-based protocol for exchanging information between computers.
  In this tutorial you will learn what is SOAP and Why and How to use it.
  SOAP is very easy to learn and to use and in demand too.
  
  

   WSDL

  WSDL is an XML-based language for describing Web services and how to access them.
  
  • WSDL stands for Web Services Description Language
  • WSDL is an XML based protocol for information exchange in decentralized and distributed environments.
  • WSDL is the standard format for describing a web service.
  • WSDL definition describes how to access a web service and what operations it will perform.
  • WSDL is a language for describing how to interface with XML-based services.
  • WSDL is an integral part of UDDI, an XML-based worldwide business registry.
  • WSDL is the language that UDDI uses.
  • WSDL was developed jointly by Microsoft and IBM.
  • WSDL is pronounced as 'wiz-dull' and spelled out as 'W-S-D-L'
    Web Services Description Language is the standard format for describing a web service in XML format.
    In this tutorial you will learn what is WSDL and Why and How to use it.
    WSDL is very easy to learn and very important for Web Services.

    - UDDI

    UDDI is an XML-based standard for describing, publishing, and finding Web services.
    
    • UDDI stands for Universal Description, Discovery and Integration.
    • UDDI is a specification for a distributed registry of Web services.
    • UDDI is platform independent, open framework.
    • UDDI can communicate via SOAP, CORBA, Java RMI Protocol.
    • UDDI uses WSDL to describe interfaces to web services.
    • UDDI is seen with SOAP and WSDL as one of the three foundation standards of web services.
    • UDDI is an open industry initiative enabling businesses to discover each other and define how they interact over the Internet.
    
    Web Services - Examples
    
    
    
    Based on the Web Service Architecture we will create following two components as a part of Web Services implementation
    • Service provider or publisher:
      This is the provider of the web service. The service provider implements the service and makes it available on the Internet or intranet.
      We will write and publish a simple web Service using .NET SDK.
    • Service requestor or consumer
      This is any consumer of the web service. The requestor utilizes an existing web service by opening a network connection and sending an XML request.
      We will also write two Web Service requestors: one Web-based consumer (ASP.NET application) and another Windows application-based consumer.
    Following is our First Web Service example which works as a service provider and exposes two methods (add and SayHello) as Web Services to be used by applications. This is a standard template for a Web Service. .NET Web Services use the .asmx extension. Note that a method exposed as a Web Service has the WebMethod attribute. Save this file as FirstService.asmx in the IIS virtual directory (as explained in configuring IIS; for example, c:\MyWebSerces).
    
    

    
    using System;
    using System.Linq;
    using System.Web;
    using System.Web.Services;
    using System.Web.Services.Protocols;
    using System.Xml.Linq;
    
    [WebService(Namespace = "http://tempuri.org/")]
    [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
    
    // [System.Web.Script.Services.ScriptService]
    public class Service : System.Web.Services.WebService
    {
        public Service () 
       
    

    {

    
    
    

         //InitializeComponent(); 

    
    
    
    
    
        }
    
        [WebMethod]
        public string MyClass() 
        {
           return "Our WEB_SERVER_ is Prprly RuNNing in Server Side";
        }
        
    }
    

    
    
    
    
    To test a Web Service, it must be published. A Web Service can be published either on an intranet or the Internet. We will publish this Web Service on IIS running on a local machine. Let's start with configuring the IIS.
    • Open Start->Settings->Control Panel->Administrative tools->Internet Services Manager.
    • Expand and right-click on [Default Web Site]; select New ->Virtual Directory.
    • The Virtual Directory Creation Wizard opens. Click Next.
    • The "Virtual Directory Alias" screen opens. Type the virtual directory name—for example, MyWebServices—and click Next.
    • The "Web Site Content Directory" screen opens. Here, enter the directory path name for the virtual directory—for example, c:\MyWebServices—and click Next.
    • The "Access Permission" screen opens. Change the settings as per your requirements. Let's keep the default settings for this exercise. Click the Next button. It completes the IIS configuration. Click Finish to complete the configuration.
    To test that IIS has been configured properly, copy an HTML file (for example, x.html) in the virtual directory (C:\MyWebServices) created above. Now, open Internet Explorer and type http://localhost/MyWebServices/x.html. It should open the x.html file. If it does not work, try replacing localhost with the IP address of your machine. If it still does not work, check whether IIS is running; you may need to reconfigure IIS and Virtual Directory.
    To test our Web Service, copy FirstService.asmx in the IIS virtual directory created above (C:\MyWebServices). Open the Web Service in Internet Explorer (http://localhost/MyWebServices/FirstService.asmx). It should open your Web Service page. The page should have links to two methods exposed as Web Services by our application. Congratulations; you have written your first Web Service!!!

    Testing the Web Service

    As we have just seen, writing Web Services is easy in the .NET Framework. Writing Web Service consumers is also easy in the .NET framework; however, it is a bit more involved. As said earlier, we will write two types of service consumers, one Web- and another Windows application-based consumer. Let's write our first Web Service consumer.

    Web-Based Service Consumer

    Write a Web-based consumer as given below. Call it WebApp.aspx. Note that it is an ASP.NET application. Save this in the virtual directory of the Web Service (c:\MyWebServices\WebApp.axpx).
    This application has two text fields that are used to get numbers from the user to be added. It has one button, Execute, that, when clicked, gets the Add and SayHello Web Services.
    
    
    
    
    After the consumer is created, we need to create a proxy for the Web Service to be consumed. This work is done automatically by Visual Studio .NET for us when referencing a Web Service that has been added. Here are the steps to be followed:
    • Create a proxy for the Web Service to be consumed. The proxy is created using the wsdl utility supplied with the .NET SDK. This utility extracts information from the Web Service and creates a proxy. Thus, the proxy created is valid only for a particular Web Service. If you need to consume other Web Services, you need to create a proxy for this service as well. VS .NET creates a proxy automatically for you when the reference for the Web Service is added. Create a proxy for the Web Service using the wsdl utility supplied with the .NET SDK. It will create FirstSevice.cs in the current directory. We need to compile it to create FirstService.dll (proxy) for the Web Service.

    c:> WSDL http://localhost/MyWebServices/FirstService.asmx?WSDL
    c:> csc /t:library FirstService.cs
    

    • Put the compiled proxy in the bin directory of the virtual directory of the Web Service (c:\MyWebServices\bin). IIS looks for the proxy in this directory.
    • Create the service consumer, which we have already done. Note that I have instantiated an object of the Web Service proxy in the consumer. This proxy takes care of interacting with the service.
    • Type the URL of the consumer in IE to test it (for example, http://localhost/MyWebServices/WebApp.aspx).

    Windows Application-Based Web Service Consumer

    Writing a Windows application-based Web Service consumer is the same as writing any other Windows application. The only work to be done is to create the proxy (which we have already done) and reference this proxy when compiling the application. Following is our Windows application that uses the Web Service. This application creates a Web Service object (of course, proxy) and calls the SayHello and Add methods on it.

    
    
    using System;
    using System.Configuration;
    using System.Data;
    using System.Linq;
    using System.Web;
    using System.Web.Security;
    using System.Web.UI;
    using System.Web.UI.HtmlControls;
    using System.Web.UI.WebControls;
    using System.Web.UI.WebControls.WebParts;
    using System.Xml.Linq;
    
    public partial class _Default : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
    
        }
        protected void Button1_Click(object sender, EventArgs e)
        {
            MYServices.Service ws = new MYServices.Service();
            string s = ws.MyClass();
            Response.Write("<script>alert('" + s.ToString() + "')</script>");
        }
    }
    

    
    

    
    
    

    
    Compile it using c:>csc /r:FirstService.dll WinApp.cs. It will create WinApp.exe. Run it to test the application and the Web Service.
    
    Now, the question arises: How can I be sure that my application is actually calling the Web Service? It is simple to test. Stop your Web server so that the Web Service cannot be contacted. Now, run the WinApp application. It will fire a run-time exception. Now, start the Web server again. It should work.
    
    Web Services Security
    
    Security is critical to web services. However, neither the XML-RPC nor SOAP specifications make any explicit security or authentication requirements.
    
    There are three specific security issues with Web Services:
    
    
    Confidentiality
    
    
    Authentication
    
    
    Network Security
    
    
    
    Confidentiality
    
    If a client sends an XML request to a server, then question is that can we ensure that the communication remains confidential?
    
    Answer lies here
    
    
    XML-RPC and SOAP run primariy on top of HTTP.
    
    
    HTTP has support for Secure Socktes Layer (SSL).
    
    
    Communication can be encrypted via the SSL.
    
    
    SSL is a proven technology and widely deployed.
    
    
    
    But a single web service may consist of a chain of applications. For example one large service might tie together the services of three other applications. In this case, SSL is not adequate; the messages need to be encrypted at each node along the service path, and each node represents a potential weak link in the chain. Currently, there is no agreed-upon solution to this issue, but one promising solution is the W3C XML Encryption Standard. This standard provides a framework for encrypting and decrypting entire XML documents or just portions of an XML document. Check it at http://www.w3.org/Encryption
    
    
    Authentication
    
    If a client connects to a web service, how do we identify the user? And is the user authorized to use the service?
    
    Following options can be considered but there is no clear consensus on a strong authentication scheme.
    
    
    HTTP includes built-in support for Basic and Digest authentication, and services can therefore be protected in much the same manner as HTML documents are currently protected.
    
    
    SOAP Security Extensions: Digital Signature (SOAP-DSIG). DSIG leverages public key cryptography to digitally sign SOAP messages. This enables the client or server to validate the identity of the other party. Check it at http://www.w3.org/TR/SOAP-dsig.
    
    
    The Organization for the Advancement of Structured Information Standards (OASIS) is working on the Security Assertion Markup Language (SAML).
    
    
    
    
    Network Security
    
    There is currently no easy answer to this problem, and it has been the subject of much debate. For now, if you are truly intent on filtering out SOAP or XML-RPC messages, one possibility is to filter out all HTTP POST requests that set their content type to text/xml.
    
    Another alternative is to filter for the SOAPAction HTTP header attribute. Firewall vendors are also currently developing tools explicitly designed to filter web service traffic.