We are designing a system that will use Silverlight webparts. These webpart will communicate with backend systems via web services.
What I am wondering is which route they should take:
Web services on the SharePoint server that talk to the backend service via business connectivity services.
A call via the service bus
A call directly to the backend service
Is any one of these better than the other?
It depends on requirements that you've not detailed here.
Negatives for via the sp server.
Add's extra latency
Adds overhead to the sp box
Makes it a little harder to do authentication (double hop)
Positives
Gives you more control - the SP web service could for example, implement caching or extra
security rules
Related
Right now ,i and my friend looking forward to make a mobile application, which is going to get data from several different sources, analyze it with some kind of algorythm and make the best decision on that. The main problem is - right architecture for that. We consider that mobile application is going to be just a client, representing data placed somewhere on internet (anyway internet is required).
Can u help us with making right choice?
We have some kind of knowledge about client-server architecture with sockets... But this is definetly not we need in this particular situation.
Our thought is to make a web site which is going to generate all the required data.After that implement mobile apps which will represent info from website, using convenient interface. Is it right way?
Yes, that's the way to go.
Now, you have several options within that architecture...
server gets data from several different sources
server might expose some kind of RESTful API to the client apps
clients can be native mobile applications or client might be html5 mobile apps
depending on the nature of the data, you might want to consider some kinds of caching data that you get from 3rd party services/sources
EDIT:
I use ASP WebApi to build REST Api that serves json data to android mobile app.
So, my infrastructure is:
- MS SQL 2012
- ASP MVC 4, WebAPI
- android mobiles (we're targeting mainly Jelly Bean & Kit Kat)
I've built n-layered application with layers (bottom up order):
- DAL (i don't use any ORM framework...i use my own repository that runs stored procedures on SQL server)
Repository that wraps around db DAL and a few Service Agents that gets data from 3rd party services we use
Business layer where i do our business operations
Service layer (for now, it has no special use but afterwards i might need it as my business layer will be consumed from a few clients: WebAPI, web site, windows service...)
WebAPI for REST where mobile client requests end up
I make use of the SQL Server Reporting Service's web services api to render reports using the ReportExecutionService proxy in an asp.net web application.
My question is: should I be creating a new instance of the ReportExecutionService proxy each time I generate a report, or is using a singleton instance the recommended approach? (eg. for performance reasons, etc).
What wcf bindings you are going to use? In general - you can reuse proxy, and in single-user single thread application it is a good idea.
But singleton is a bad idea in ASP.NET application - by itself proxies are not thread-safe.
Therefore, you can create proxy and cache it on session layer (is one session = one thread, as I remember this is configurable in ASP.NET).
Could someone please explain to me in a simple way, what is a web service?
Please correct me if I'm wrong. I have a DB hosted somewhere in the web, and I want to perform DB transactions from a desktop application as well as a mobile application. Can this be done through a web service ? Someone mentioned it to me and I wanted to make sure this could happen.
Here's a good explanation on Wikipedia.
A middle dynamic content processing and generation level application server, for example Ruby on Rails, Java EE, ASP.NET, PHP, ColdFusion platform
The middle tier of a 3-tier application is often the web service
i want to perform DB transactions from a desktop application and a mobile application, can this be done through a web service ?
This is Exactly what a web service is for.
A web service allow you to create multiple front ends if needed, and serve your database data to all of those front ends. You can also open up the API and allow third party developers to access the web service and thereby access the data of your application in a controlled environment.
It's considered a better practice for larger applications to access a web service or a middle tier rather than directly access the database.
In your case, a web service would involve setting up your DB behind a web server that listens for incoming requests, performs the appropriate DB operations, and returns whatever data is appropriate. Then, your desktop and mobile applications could send a http request and the DB would respond appropriately. This would let all your applications access the same DB.
I have a Silverlight application that needs to retrieve some data from my database. This data is sensitive. Because of this, I only want my Silverlight application to be able to access the data. How do I ensure that only my applications can access the services that expose this data? Is there a way that I can validate a client attempting to retrieve the data?
Thank you!
These might be of interest:
Using ASP.NET Secure Services and Applications Services
Build Line-Of-Business Enterprise Apps With Silverlight, Part 2
MS Whitepaper: Security Guidance for Writing and Deploying Silverlight Applications
Well, everything your SL application does could be spoofed. So direct answer is NO, you cannot ensure that only your application will access to the data.
But there are number of options. For example you can implement authorization and then authenticate your user. In this way you can ensure that only users you trust access to the data.
Another option is to make spoofing harder. For example you can include sort of "secrete" token to all your requests. So other application will need to steal this token. This harder to achieve.
I think this question is more pertaining into implementing a web service or wcf service with authentication and authorization. If your service takes care of it, then you can be ensured about your data. Your silvelight app is just calling the service.
Whoever download the xap can decompress and reverse engineer your code, so your best bet is to build a web service as others suggested. Silverlight Ria ships with a full blown authentication membership that you can leverage.
We have a Silverlight app which we wrote which calls a Silverlight-enabled data service. The Silverlight app cannot require a login, as it is required to present data to the unauthenticated public.
We have some schmoe who took the time to examine our Silverlight app, one way or another figure out what service it is calling, and then wrote his own client to slurp off the data so he can post it on his site and pretend like it is his. We need to prevent this.
How can i limit my data service somehow to ONLY accept requests from my silverlight app? I tried using the allow-from domain uri setting in the clientaccesspolicy.xml file to limit access to the service only from the domain in which the silverlight app sits (say mydomain.com). This did absolutely nothing though, and the service is still serving up requests to clients from outside the domain. (I tested this by putting my SL app on a different domain under our control).
What is the proper/best/most effective way to limit the data service so only our app can use it? Thanks!!!
I'm using SL 3 and .NET 3.5.
The clientaccesspolicy.xml tells the Silverlight application which Webservice it can consume. Not preventing people accessing the Webservice.
You can try using a authentication login even though its not required. This prevents 'schmoes' accessing your webservice.
Also use Dotfuscator to prevent 'schoes' to disassemble your Silverlight application and acquire the login.
Silverlight webservice security follows the same patterns you'd use for ASP.NET security, especially services exposed to AJAX. The best way to do make use of ASP.NET's authentication.
RIA Services is an even better way to handle this. It rides on top of the ASP.NET authorization, but validates on both the client and server-side automatically to combat service spoofing. It let you take care of both client and server-side authorization by adding attributes to your methods indicating that the method requires authorized access, and by which groups or users if you need to be specific.
In addition to wire-side security and obfuscation, remember that clients can attach a debugger to Silverlight applications running in their browser. See this example from MSDN Magazine's Security IQ Test, November 2008.