ASP. NET web service or. NET remoting: How to Choose (2)

Distributed Application Program DESIGN: ASP. NET web service and. Net remoting
ASP. NET Web Service supports the XML architecture type system and provides a simple programming model, which is widely used and can be used across platforms .. Net remoting supports runtime systems and provides complex programming models with narrow application scope. This essential difference is the main factor that determines which technology to use. However, there are many other design factors to consider, including transport protocols, host processes, security, performance, status management, and transaction support.

Transmission protocol and host process
Although the SOAP specification does not require HTTP as the transmission protocol, the client can only access ASP through HTTP. net web service, because it is an ASP. net supports the only transmission protocol. The service is called through IIS and executed in ASP. NET's auxiliary process aspnet_wp.exe.

. Net remoting allows you to flexibly host remote objects in any type of applications (including Windows Forms, hosted Windows Services, console applications, or ASP. NET auxiliary processes. As described earlier,. Net remoting provides two transmission channels-TCP and HTTP. Both channels can use sockets to provide communication between any sending and receiving processes.

It can also integrate the HTTP channel with IIS and ASP. NET auxiliary processes. This is important for the following reasons. First, it is the only way to automatically start the. NET remoting endpoint when the client requests arrive .. The net remoting pipeline does not include the DCOM-type Service Control Manager (SCM) required to start the remote server ). If remote objects are provided from any process, ensure that those processes are running. Also ensure that they are thread-safe. For example, after thread B is started to close the process, thread a cannot activate the object. If you provide remote objects from ASP. NET, you can use the aspnet_wp.exe auxiliary process to enable automatic start and thread security. Second, integration with IIS is the only way to ensure cross-process. Net remoting calls, as described in the following section.

ASP. NET web services and. Net remoting infrastructures are scalable. You can filter inbound and outbound messages to control the generation of type messages and metadata. With. Net remoting, you can also implement your own formatting programs and channels.

Security
Because ASP. NET web services depend on HTTP, they are integrated with the standard Internet security infrastructure. ASP. NET leverages the security features of IIS to provide strong support for standard HTTP authentication schemes (including basic, brief, digital certificates, and even Microsoft. NET Passport. (Windows integration verification can also be used, but can only be used to trust clients in the domain .) One advantage of using the available HTTP authentication scheme is that you do not need to change Code IIS performs authentication before ASP. NET web services are called. ASP. NET also supports. NET Passport-based authentication and other custom authentication schemes. ASP. NET supports access control based on the target URL, and supports access control through integration with the. NET code access security (CAS) infrastructure. SSL can be used to ensure communication security.

Although these standard transmission technologies are quite effective in ensuring web services, they can only do so. When multiple web services in different trust domains are involved, you must create custom special solutions. Microsoft and other companies are working to create a Security Specification that provides message-level security functions based on the scalability of soap messages. One of these specifications is the XML Web Service Security Language (WS-Security [English]), which defines the framework for message-level credential transmission, message integrity, and message confidentiality.

As described in the previous section, the. NET remoting pipeline generally does not ensure the security of cross-process calls. Using ASP. NET to host. Net remoting endpoints in IIS, you can use all the security features available for ASP. NET web services, including support for SSL to ensure the security of wired communication. If you are using a TCP channel or HTTP channel (instead of aspnet_wp.exe) hosted in a process, you must perform authentication, authorization, and confidentiality on your own.

Another security issue to be concerned is the ability to execute code in an environment that is not fully trusted without changing the default security policy. ASP. NET web service client proxy can work in these environments, but. Net remoting proxy cannot. Special serialization permissions are required to use the. NET remoting proxy in an environment that is never fully trusted. By default, this permission is not granted to code downloaded from the Intranet or the Internet. If you want to use the. NET remoting client in an environment that is not fully trusted, you need to change the default security policy for the code loaded from those regions. When you connect to the system from a client running in a sandbox (such as a downloaded Windows Forms Application), ASP. NET web services are a simple choice because security policies do not need to be changed.

Status Management
By default, the ASP. NET web service model adopts a stateless service architecture. It is not instinctively related to multiple calls from the same user. In addition, each time the client calls the ASP. NET web service, a new object is created to serve the request. After the method is called, the object is destroyed. To maintain the status between requests, you can use the technology used by the ASP. NET page (that is, the session and application property package) or execute a custom solution.

. Net remoting supports many state management options and may be related to or irrelevant to multiple calls from the same user, depending on the object lifecycle architecture you have selected. The singlecall object is stateless (for example, used to call ASP. net web service object). The singleton object shares the status of all clients, the objects activated by the client are kept in the State on the basis of each client (with all related issues of scalability and reliability ).

Performance
In terms of raw performance, the. NET remoting pipeline can provide the fastest communication when using TCP channels and binary formatting programs. In our comparison ASP.. NET web service and. in almost all tests of net remoting's relative performance, Asp. the performance of the Net web service exceeds that of the soap formatting program using HTTP or TCP channels. net remoting endpoint. More interestingly, the performance of ASP. NET and. Net remoting endpoints using the binary formatting program is very similar to that of the HTTP channel. For more information, see Performance Comparison:. Net remoting and ASP. NET web services.

Enterprise Services
ASP. NET web services or objects provided through. Net remoting can use local transactions to coordinate work based on a single database. If you need to coordinate work based on multiple resources, it can use. NET Enterprise Services (also known as COM +) published transactions (DTC distributed transactions managed by COM + pipeline ). However, ASP. NET web services and. Net remoting pipelines cannot spread published transactions. Therefore, neither of these endpoints can inherit published transactions through cross-process calls.

This is not necessarily a bad thing. In general, published transactions are more costly than local transactions, and published transactions need to be spread across processes at a higher cost. If you really need this feature, the simple solution is in.. NET Enterprise Service server application. enterpriseservices. classes derived from servicedcomponent (for more information, see COM + Integration: How. NET Enterprise Services can help you build distributed applications [English]). Cross-process calls to such objects are processed using DCOM to ensure correct propagation of the transaction environment. The more difficult solution is to use the underlying API to manually spread distributed transactions.

It is worth noting that the traditional distributed transaction model is generally not applicable to loosely coupled Web Services. The model based on compensation transactions (that is, revoking the transactions submitted by other firms) is more meaningful because the isolation constraints are not very strict. There is a common saying among web service providers, including Microsoft, that is, the more flexible the transaction model is required by the web service space, the more work is done in the space. When you define a standard method for Web service transactions, you can use local or published transactions as needed to implement your own compensation architecture.

Select Architecture
If you are designing a. Net-based distributed application, consider all the issues discussed in this article and draw some conclusions on the expected results of the system architecture. Generally, this is easier than you think. However, there are always some special situations that require other methods. The following are some general assumptions you can make to simplify the situation.

First, ASP. NET web services are used by default. They are easy to execute and use. They can be used as wide as possible for the client platform, and can be called from the code running in the sandbox of the default security policy.. NET web service client proxy code.

If you want to use a traditional distributed object model with CLR type fidelity, you do not need to interoperate with other platforms, and you have control over the client and server configurations, consider using. Net remoting. If you select. Net remoting, it is best to integrate the HTTP channel with IIS and ASP. NET. Otherwise, you must establish your own process lifecycle management and security infrastructure. Assuming that. Net remoting requires a. Net client, it makes sense to use a binary formatting program instead of a soap formatting program. Interoperability will not be a problem and performance will be significantly improved.

Finally, if you want to publish a transaction, use the Enterprise Service (COM + ). If you execute servicedcomponents, they are deployed in the library application by default for performance considerations. If they need to run on a remote computer, deploy them in the server application. (If you need to execute different process security tokens [instead of the token used by aspnet_wp.exe] Code, even on the same computer, you may also need to consider using the COM + server application .)

The following are three public architecture based on these concepts.



Figure 1: simple layer-3 Architecture

Figure 1 shows a simple layer-3 architecture with a web server domain that supports a series of different clients. All server-side code is executed in ASP. NET's auxiliary process aspnet_wp.exe. These three different types of clients can use HTTP to access the server domain. Browser-based client calls ASP.. NET web page. Multiple Clients (such as Windows Forms applications and Microsoft Visual Basic 6 applications) and other Web services use ASP.. NET web service ,.. Net multi-client (such as Windows Forms applications) and Web services use ASP.. NET web service, or use the HTTP channel and binary formatting program. net remoting (assuming it is not in the sandbox ).

Figure 2: using the n-layer architecture of ASP. NET

Some very large applications use a set of computers to share their work from the outer layer of the Web server. This architecture 2 shows. In this case, the second layer also provides functions through ASP. NET.

Figure 3: using the n-layer architecture of Enterprise Service (COM +)

Figure 3 shows another version of this architecture. Its second layer uses the servicedcomponents deployed in COM + to provide functionality.

Obviously, these are not all possible architectures supported by. NET Framework. However, it provides an appropriate basis for you to design your own system.

Summary
Although both the. NET remoting infrastructure and ASP. NET web services can communicate across processes, each design is applicable to different users. The Programming Model of ASP. NET web service is very simple and widely used .. The Programming Model of net remoting is complex and has a narrow application range. Be sure to understand how these two technologies work and select the technology that suits your application. In either case, IIS and ASP. NET are used to manage the process lifecycle and provide general security.