Sample Chapter: Early Adopter Hailstorm (.NET My Services) - An Insecure Present

(Page 3 of 10 )

As we have already said, the Kerberos-based interchange is naturally still a while off. Therefore, the initial release of HailStorm in a Box skirts entirely over the issue of security, replacing the Kerberos ticket with a simple ID number generated when a first provisioning a HailStorm service for the user. If you've already installed the SDK, you can discover your identity and your temporary ID using the hspost executable in the Bin directory of the installation:

C:\HailStorm\Bin>hspost -p

Your username is danm - PUID = 7525

Similarly, the bodies of the SOAP packets sent between endpoint and service are not currently encrypted either. We'll see when we construct an example query inside a SOAP packet where this current shortcut fits in and the final solution that will replace it.

The Simple Object Access Protocol is described in its specification as "a lightweight protocol for the exchange of [structured and typed] information [between peers] in a decentralized, distributed environment". As this is the sort of environment we be using when programming against HailStorm SOAP is ideal. Intended as a simple alternative to other over-the-wire protocols (like DCOM, CORBA/IIOP and RMI) that could work within the generic Internet infrastructure with no other assistance, its sole function is to define the format of the message sent between clients and servers. Other internet protocols ? in this case, HTTP, TCP, and SMTP ? define the (synchronous and asynchronous) transport mechanisms used to send the messages.

Each SOAP message is an XML document with three main elements: the SOAP envelope, the SOAP header, and the SOAP body.

• The element is the mandatory top-level element of a SOAP message, wrapping up both the message itself and any information about the message that might be necessary for its successful delivery and processing.
• The optional element lets you specify extra information about the message that is not the message itself. For example, authentication, transaction management, and delivery routes.
• The mandatory element contains the actual payload of the SOAP message, be it a request from an endpoint or a response from a server. The latter might contain a element indicating an error or glitch occurred in the processing of the request.

SOAP also defines a namespace for the envelope at http://schemas.xmlsoap.org/soap/envelope/. This takes the attribute encodingStyle that allows you to set the serialization rules used in the SOAP message.

<s:Envelope

xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"

s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">

<s:Header>

... some additional info about the message here ...

</s:Header>

<s:Body>

... actual message payload in XML here ...

</s:Body>

</s:Envelope>

This schema is actually stricter than XML in an effort to keep things simple (which is the aim of SOAP after all), preventing the use of DTDs and processing instructions in a message for example.

For further information on SOAP, check out the W3C specification at http://www.w3c.org/TR/SOAP/.

Next: SOAP >>
 

More ASP.NET Articles
More By Tim Pabst

Comments On: Sample Chapter: Early Adopter Hailstorm (.NET My Services)

>>> Be the FIRST to comment on this article!