All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
30
• Deploy an XML web service
• Secure an XML web service
• Access unmanaged code using InterOp
The deployment of an XML web service consists of two actions—the physical movement
of the XML web service to the production server, and the discovery configuration. The
configuration of the discovery, whether static or dynamic, is the more important be-
cause the discovery configuration will determine how clients find out about the XML web
service and how they access it. In this chapter, you will learn how to publish an XML
web service to a UDDI registry (dynamic discovery) and to configure the XML web ser-
vice to use static discovery.
This chapter will also address the related topic of how to call unmanaged native code
libraries through the InterOp functions, and how to ensure these libraries are available
when the XML web service is deployed.
UDDI Registry
The UDDI (Universal Description, Discovery, and Integration) registry performs the
role of an XML web service broker, which makes it possible for potential consumers to
find an XML web service. To learn more about the structure of UDDI see Chapter 25.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:51 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
In addition to these standard APIs, Microsoft has released a UDDI SDK. These APIs de-
fine a large number of Simple Object Access Protocol (SOAP) messages that are used to
communicate with a UDDI registry.
To include support for the Publisher and Inquiry APIs the following namespaces
must be imported in to the C# program, these are the namespaces that support UDDI in
the .NET Framework are:
using Microsoft.Uddi;
using Microsoft.Uddi.Api;
using Microsoft.Uddi.Business;
using Microsoft.Uddi.ServiceType;
using Microsoft.Uddi.Binding;
using Microsoft.Uddi.Service;
using Microsoft.Uddi.Authentication;
We will look at how you can use the Publisher and Inquiry APIs in the following
sections.
The methods used to add and edit elements in the UDDI registry belong in the
save_xxx() family of methods that operates on the main UDDI types, where xxx is
replaced by the UDDI data-type:
• save_business()
• save_service()
• save_binding()
• save_tModel()
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:51 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
• delete_business()
• delete_service()
• delete_binding()
• delete_tModel()
Once the elements are added, you will need to define the relationships between business
entities. The following methods perform those actions:
• add_publisherAssertions()
• get_assertionStatusReport()
• get_publisherAssertions()
• delete_publisherAssertions()
We will call these methods as if they are local to us. The methods, however, are opera-
tions that can be invoked from UDDI by using SOAP.
You will have to decide whether we will use a commercial UDDI registry or a private
registry solution. A commercial UDDI registry is run by a company like Microsoft as a
for-profit operation, while a private solution is a UDDI registry that is implemented in a
company for internal use. We will explore the private solutions in this book, as that is
what is tested in the exam.
There are three ways to publish an XML web service as a private registry solutions.
PART V
• Private UDDI registry The UDDI specification was designed to be a public,
replicated repository—there were no provisions made for private UDDI registries.
There is currently work in progress to include private UDDI registries.
The advantage of implementing a private UDDI registry is that when the UDDI
specification is changed to include private registries, you are ready for that.
The disadvantage is that to implement the private UDDI registry, you will have
to correctly implement the full UDDI specification.
• Private publish/discover architecture You can implement only a minor part
of the UDDI specification to build an architecture that is tailored to your
environment.
The advantage is that you can build a custom implementation and do not need
to wait for the UDDI specification to be updated.
The disadvantage is that the implementation is customized, and it is not
compatible with the standard.
• Hard-code endpoints The simplest private solution is to hard-code the endpoints
of the XML web service. This solution does not require UDDI. The location of
the XML web service is the endpoint, and hard-coding the endpoint makes the
address static for the client.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:51 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
In the following example, we will publish an XML web service to a UDDI registry. The
first thing you need to define are the keys for your source and destination:
There are numerous sources for GUIDs, it will only confuse if we head into that topic
here, GUIDs have been covered earlier, Ken
These keys are defined as static to ensure they will never change.
Now you need to register the business entity. To do this, define the following
PubBus() method:
You can call the PubBus() method by passing it the name, description, and contact
information for the business entity.
BusinessDetail bd;
Contact con = new Contact();
con.PersonName = "John Smith";
con.Emails.Add("john.smith@abc.abc");
con.Descriptions.Add("en","Web Site Administrator");
bd = PubBus("ABC Corp","The ABC Corporation Service", con);
Once the business is registered, you can proceed to publish the service, as in the
following function.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:51 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
bTemp.TModelInstanceDetail.TModelInstanceInfos.Add(tMInstInfo);
PART V
return sd;
}
What makes this code portable is that the URL for the service is built by getting the server
name from the Environment.MachineName property.
Once the service is published, you can proceed to use UDDI to find the service from
the client.
• find_service()
• find_business()
• find_relatedBusinesses()
• find_binding()
• find_tModel()
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:51 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
You can also use the find_relatedBusinesses() method to locate businesses that
have relationships with a given business.
In order to get more information about a specific element, you use the get_xxx()
methods:
• get_businessDetail()
• get_businessDetailExt()
• get_serviceDetail()
• get_bindingDetail()
• get_tModelDetail()
Let’s look at how you can locate and use an XML web service. There are four steps
involved:
1. Use find_business() to locate the business that publishes XML web services.
2. Retrieve service information for the services published by that business.
3. Retrieve the binding template for a service.
4. Access the XML web service using the binding information.
Once you have located the business, you need to navigate the list that the business re-
turns in order to retrieve binding information and the binding template. This is shown
in the following code segment:
foreach(BusinessInfo bInfo in bList.BusinessInfos)
{
foreach(ServiceInfo sInfo in bInfo.ServiceInfos)
{
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:51 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
Now that you have located the binding information, all you need to do is set the URL
property of the XML web service proxy and invoke the XML web service methods. This is
shown in the following code segment:
XWService xws = new XWService();
xws.URL = sURL;
XmlNode amount = xws.getAmount("checking");
The preceding example demonstrates the four steps involved in finding and using an
XML web service through a UDDI registry.
PART V
Send() method performs the action of the class.
Deployment
The physical deployment of an XML web service involves copying the folder of the XML
web service to the production server. The copy can be as simple as using the XCOPY de-
ployment, or using a Setup Project with the service. The key in any deployment is that
the registration of the service is performed properly, as you saw in the previous sections.
Authentication
Authentication is the process of verifying that the client is truly who he or she claims to
be—this is done by collecting credentials (name and password) from the user. The cre-
dentials are validated against an authority like a database—if the credentials are valid,
the client is an authenticated identity.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:51 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
Because you can create custom SOAP headers, you can also add your own authentica-
tion mechanism instead of using the built-in solutions. An XML web service consumer
can add credentials to the SOAP header that are then retrieved by the XML web service,
which can use the credentials to authenticate the consumer. For a refresher on SOAP, see
Chapter 25.
The authorization configuration is performed on IIS because IIS is the service that the
consumer will interact with to get access to an XML web service.
IIS Authentication
In order to configure authentication for an XML web service, you need to configure IIS
through the Internet Services Manager. To start the Internet Services Manager, select
Start | Programs | Administrative Tools | Internet Services Manager.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:52 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
Expand the server in the Tree view, and then the Default Web Site, and you will see
several entries, as shown in Figure 30-1.
Figure 30-1
Figure 30-1.
The expanded
content of the
default web site
PART V
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:52 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
Security settings are configured under the Anonymous Access and Authorization
Control section. Click the Edit button to open the Authentication Methods dialog box.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:52 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
If you configure Basic Authentication in the Authentication Methods dialog box, you
must make sure that the accounts that will access the XML web service are given permis-
sion to log on to the web server that is hosting the XML web service. If you configure Di-
gest Authentication for Windows Domain Servers, the domain controls must have a
clear-text copy of the account’s password to be used when comparing against the hash
the consumer sends in. You will be requested to agree to the clear-text passwords when
you select digest authentication, as shown in here.
PART V
If you configure integrated Windows authentication, the user will not be prompted
for credentials unless the integrated Windows authentication fails.
EXAM TIP Integrated Windows authentication can not pass a firewall unless
the administrator opens additional ports. It is highly unlikely that the
administrator will do so because of the security risk involved.
Once the IIS configuration is complete, the XML web service must be configured to
use the required authentication. This is done by editing the Web.config file that is lo-
cated in the root directory for the XML web service. To enable the Windows-based
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:52 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
<configure>
<system.web>
<authentication mode = "Windows" />
</system.web>
</configure>
To access the user credentials, you can use the Context object as in this demo web
method from Visual Studio .NET:
[WebMethod]
public string HelloWorld()
{
return "Hello World " + Context.User.Identity.Name;
}
When you consume an XML web service by using the wsdl tool or by adding a web
reference in Visual Studio .NET, the proxy class will inherit from the
SoapHttpClientProtocol class. Through this class you have access to the Cre-
dentials property that is used to read or set security credentials. In order to control
the authentication process, you can use the NetworkCredential class as shown
in the following code segment.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:52 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
The Windows authentication methods work well in intranets, but because of the ad
ditional ports that need to be opened to communicate through a firewall, these methods
are not used on the Internet. The next section will deal with SOAP headers and how to
customize them for authentication.
PART V
using System.Web.Services;
using System.Web.Services.Protocols;
public class AuthenticationHeader : SoapHeader
{
// declare storage for username and password
public string username;
public string password;
}
// declare the XML Web Service
public class HelloService : WebService
{
// declare a reference to the header
public AuthenticationHeader m_header;
[WebMethod]
[SoapHeader("m_header", Required=false)]
public string HelloWorld()
{
}
}
As you are implementing a custom authentication method, you need to turn off the
authentication in the XML web service’s Web.config file, as shown in the following
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:53 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
<configuration>
<system.web>
<authentication mode = "None" />
</system.web>
</configuration>
Authentication ensures that we know the identity of the entity that is accessing the
service. The other side of the coin is authorization—ensuring that the entity has been
granted the right to perform the actions requested. Authorization is our next topic.
Authorization
The three players in the authorization game are ASP.NET, the .NET Framework, and the
Windows operating system. These three provide many techniques that combine to build
a secure environment. When an XML web service consumer wants to access a resource,
the effective permissions for that resource is the combination of the authenticated con-
sumer’s Windows permissions, the assembly’s declarative access security, and the
role-based security for the XML web service:
Authorization can also be controlled as part of the XML Web Services URI namespace
by modifying the <authorization> section of the Web.config file that is located
in the root of the application. The statements in the <authorization> section take
this form:
<configuration>
<system.web>
<authorization>
<allow users="MIMICO\Dan"/>
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:53 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
The users="?" part in the preceding code matches the anonymous user that is the
default web user.
The new concept that has been introduced into software engineering over the last
number of years is role-based security—in the next section we will look at how to con-
figure roles and authorization.
Role-Based Security
Role-based security was introduced in Microsoft Transaction Server (MTS) and moved
into the COM+ services. By using roles, you define what jobs or tasks the user performs
rather than who the user is. For example, in a database application there are entry clerks
who will perform data entry, and they will be given insert permission. Another role is
the analyst, who requires read-only access to the data. Another role refers to the admin-
istration of the data, and the users in this role are given full control over the database.
The .NET Framework added to this task-oriented role environment by adding two
new concepts: principals and identities. The principal represents the security context that
the code is running under, and the identity encapsulates information about the user
and the entity that has been authenticated.
The .NET Framework has four classes that are used to encapsulate the identities:
• WindowsIdentity
PART V
• FormsIdentity
• GenericIdentity
• PassportIdentity
XML web services can only work with the WindowsIdentity and
GenericIdentity classes. The WindowsIdentity class is based on the Windows
authentication methods, and it can impersonate a user other than the one that is con-
nected to the current thread. This ability makes it possible to access resources on behalf
of a user. The GenericIdentity class represents the user that has been authenticated
through a custom authentication method.
There are two principals used in role-based security
• WindowsPrincipal
• GenericPrincipal
The WindowsPrincipal class represents the Windows users and the roles those users
belong to. The GenericPrincipal represents an identity and a list of roles that the
identity belongs to.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:53 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
if (Context.User.IsInRole("BUILTIN\\Developers"))
{ }
This segment tested to see if the currently authenticated user belongs in the Windows
group called Developers on the local server. However, it’s probably better style to use
the WindowsBuiltInRole enumeration rather than hard-code the role.
In this next example, the same test is performed, but we use the enumeration instead:
if (Context.User.IsInRole(WindowsBuiltInRole.Developers))
{ }
The use of authentication and authorization gives us the ability to control who can ac-
cess our XML web services. The problem is that the data, and possibly the authentication
credentials, can be stolen in transit if the communication is in clear text. Encryption is one
way to help secure that information, and in the next section we will explore encryption.
Secure Communication
You can encrypt messages as they are sent between the XML web service and the con-
sumer of the service. Encryption takes a lot of resources and is considered an expensive
operation, so we need to pick the right level of encryption. There are several strategies:
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:53 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
There are a number of options that can be used to encrypt the traffic between the XML
web service and the consumer. Here are two of those options:
• Secure Sockets Layer (SSL) Using SSL for the communication is an easy way
to configure encryption. With SSL, the entire message is encrypted.
• Custom SOAP extensions Using custom SOAP extensions gives you (the
developer) full control over how the messages are encrypted and what messages
are encrypted.
Now that we have identified the options, we will look at how to implement SSL and
custom SOAP extensions.
Implementing SSL
SSL is based on security certificates. A security certificate is a binary structure that has been
issued by a trusted certificate authority (CA). The standard certificates are called X.509
certificates, after the standard number.
You need to request a certificate from a CA, who will verify that you are who you
claim to be by verifying names, addresses, and so on. The certificate is created by the CA
signing the certificate with its private key.
Private keys are binary numbers that are prime numbers. The private key is called pri-
vate because it is stored in such a fashion that it cannot be accessed by anyone but the
owner of the key. Anything signed with a private key can be verified to have been signed
with that key by using the public key that corresponds to the private key. This pair of
PART V
keys makes up the basis for most encryption in the public sphere today.
The fact that you can verify that the certificate was signed by the CA means that you can
trust the certificate without having to contact the CA every time, and by proxy the entity
that the certificate was made out for can also be trusted to be who he or she claims to be.
In order to enable SSL in IIS, you need to open the properties for the web site that re-
quires SSL, as shown in Figure 30-2. In the Directory Security tab, click the Server Certifi-
cate button to manage the certificates for the server. Adding the certificate received from the
CA enables SSL for that web site. In order to be able to use certificates for virtual sites,
the default web site must have a certificate first.
One problem with SSL is that it provides all-or-nothing encryption. You do not have
the control to encrypt only some messages, or just the headers. For this type of control,
you need to use the custom SOAP header extensions.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:53 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
ICryptoTransform cryptographer;
ICryptoTransform decryptographer;
cryptographer = des.CreateEncryptor(key, IV);
decryptograph = des.CreateDecryptor(key, IV);
CryptoStream cStream;
cStream = new CryptoStream(message, cryptographer, CryptoStreamMode.Write);
// perform some interesting processing here
cStream = new CryptoStream(message, decrytpographer, CryptoStreamMode.Read);
To encrypt and decrypt messages, you need to apply the custom attributes that refer-
ence the SOAP extensions.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:53 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
PART V
EXAM TIP Use the tlbimp.exe utility to generate the proxy for a COM
component.
Even though it looks like we have hidden the COM component (with all its prob-
lems) behind the RCW, that is not the case. The COM component is still the part that
needs to perform the work. COM components that are used by .NET applications still
have to be deployed in the same careful and meticulous way as always. They must even
be registered using the regsvr32.exe utility as follows:
regsvr32 tconv.dll
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:54 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
Once you have built the RCW, you can proceed to use the COM component in the
XML web service. The following example highlights the technique:
In order to call QueryInterface, you explicitly cast the reference to the interface,
and then you call the methods of the interface as if they were normal methods of the object.
Summary
In this chapter, you have learned how to publish an XML web service and how to finally
deploy the XML web service. The focus is on the publishing—the physical movement of
the files that make up the service is secondary.
The UDDI APIs are the key to making an XML web service available to your custom-
ers. It is also the key for the consumers of the XML web service who must query for and
locate a service to bind to.
The security aspects of authentication and authorization were looked at, as well as
how to secure the network traffic using SSL or custom SOAP extensions. The all-or-noth-
ing nature of SSL was explored.
The final issue in this chapter was the COM InterOp, and how to make COM compo-
nents available to your XML web service.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:54 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
Test Questions
1. You need to create a UDDI registry for your company. What are your options
regarding private UDDI registries?
A. Use the Private UDDI SDK from Microsoft.
B. Implement your own private UDDI registry by implementing the entire UDDI
specification.
C. Implement a custom publish/discover architecture.
D. Hard-code the endpoints.
2. You are developing an XML web application that will be published to a public
UDDI registry. You need to create the business detail for your company, and
part of the business detail object is the Contact object. Which code segment
correctly builds a Contact object?
A. Is it this code?
Contact con = new Contact();
con.PersonName = "Robert Burns";
con.Emails.Add("robert.burns@haggis.sc");
con.Descriptions.Add("en", "Sales Manager");
B. Is it this code?
PART V
Contact con = new Contact();
con.PersonName = "Robert Burns";
con.Descriptions.Add("en", "Sales Manager");
C. Is it this code?
Contact con = new Contact();
con.Descriptions.Add("en", "Sales Manager");
D. Or, is it this code?
Contact con = new Contact();
con.PersonName = "Robert Burns";
con.Emails.Add("robert.burns@haggis.sc");
con.Descriptions.Add("Sales Manager");
3. You are writing the code that will publish an XML web service to a UDDI registry.
You need to complete the following line of code:
Publish.HttpClient.Credentials = <<< Insert code here >>>;
What code must you replace <<< Insert code here >>> with?
A. new AccessPoint(Http, Access)
B. new UDDICredential(sn, sp, sv)
C. new NetworkCredential(sn, sp, sv)
D. "Provider=UDDI;UserID=sa;password;"
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:54 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
What code segment must you replace <<< INSERT CODE HERE >>> with?
Select two code segments.
A. xws.URL = sURL;
B. bService.BusinessKey = businessKey
C. BusinessList bList = bService.BusinessKey.Send()
D. BusinessList bList = fBus.Send();
E. BusinessList.URL = sUrl
F. xws = sUrl
5. You are configuring security for an XML web service. The authentication should
use the user’s login credentials from their workstations. What steps do you have
to perform to configure the security? Select all correct answers. Each answer
makes up part of the solution.
A. Configure integrated Windows authentication in IIS.
B. Include <authentication mode="Integrated" /> in the Web.config
file in the root of the XML web service.
C. Include <authentication mode="NTLM" /> in the Web.config file in
the root of the XML web service.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:54 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
PART V
B. The authentication mode is set to integrated Windows.
C. The authentication mode is set to what IIS is set to.
D. The authentication mode is set to Windows 2000 Active Directory.
8. You are investigating the XML web service shown in this code segment:
WService ws = new WService(); // instantiate the XML Web Service proxy
// get a NetworkCredential object
ICredentials cred = new NetworkCredential("Ken", "password", "nop.com");
// configure the client credentials
ws.Credentials = cred;
string s;
You need to assign the return value from the XML web service to the string s.
Which code segment correctly assigns the return value to s?
A. Is it this segment?
s = HelloWorld();
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:54 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:55 AM
Color profile: Generic CMYK printer profile
All-In-One / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
Composite Default screen
30
PART V
A. Des from Mimico.
B. Dan from Mimico.
C. Andy from Mimico.
D. Anonymous users.
E. The Service role.
12. You need to encrypt the SOAP header. What is the correct method to use?
A. Inherit the web service class from the SoapHeaderEncrypt class.
B. Custom SOAP headers.
C. SOAP header extensions.
D. Enable SSL for the XML web service and configure it to encrypt the headers.
13. You need to test whether a consumer of your XML web service is a member of the
local serviceadmin role. What is the correct way of testing for role membership?
A. if (Context.User.IsInRole("BUILTIN\serviceadmin"){ … }
B. if (Context.User.IsInRole("BUILTIN\\serviceadmin"){ … }
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:55 AM
Color profile: Generic CMYK printer profile
Composite Default All-In-One
screen / MCAD/MCSD Visual C# .NET Certification All-in-One Exam Guide / Rempel & Lind / 222443-6 / Chapter
30
Test Answers
1. B. There is currently no public solution for a private UDDI registry.
2. A. The PersonName and at least one e-mail address and description must
be included.
3. C.
4. A and D.
5. A, E, and F. In order to make IIS enforce integrated Windows authentication,
you will have to turn off anonymous access.
6. D.
7. C. IIS controls which method of authentication actually is used.
8. B. Correctly means that you must handle the credential exception if the access fails.
9. B, D, and G.
10. A. The authentication mode must be turned off for custom methods to work.
11. B, D, and E. Des is explicitly denied; Andy is not in the list and if he does not
change his login to anonymous, he will not have access.
12. C.
13. B.
14. A.
15. A.
P:\010Comp\All-in-1\443-6\ch30.vp
Monday, August 26, 2002 11:57:55 AM