Quite often in the client-server model,the requirement of getting notified of certain changes in the server pops up.Say for example in the movie ticket booking system.When a person selects a seat for booking,the selected seat should become disabled for all the users currently logged in,so that you can avoid the message 'Sorry the seat you were trying to book is already booked'.
In such scenarios polling the server for changes might be one way to go about it.
Another way might be the server calling back to all the clients when a seat selection happens.
This post is about the second way and when the booking system is developed using WCF :)
The WCF framework provides a easy way to achieve this.....Callbacks
The whole concept is simple.The server keeps track of all the active clients and knows how to call them when the required change happens in the server.
Again its all about certain interfaces that you have implement and some attributes that you have to specify.
The ServiceContract that the client exposes also specifies the CallbackContract type.This is again another interface that the client needs to implement so that the server knows the type of client it is serving and can call back the functions on that interface.
This is much more like the eventing model.All functions in the CallbackContract would be like your event handlers,which would be invoked by the server on a particular event happening in the server.
You can go ahead and create a Publisher-Subscriber framework itself so that any future requirements of such nature would be easy to implement
This article by Juval Lowy suggest a good way to implement a publisher-subscriber framework in WCF using callbacks.
The code provided below shows a quick example of Callbacks.Run minimum of two clients,so you get to understand what it is all about :)
Code Download
Showing posts with label WCF. Show all posts
Showing posts with label WCF. Show all posts
Wednesday, September 1, 2010
Wednesday, June 30, 2010
Role Based Access Control
RBAC(Role Based Access Control) is something that is very common in the day-to-day world.
So what is this all about.It is just about a authorization check on whether you have the access to a particular resource or not.
When faced with scenarios like this when developing applications, where you have to implement Role based access for the different users that are to use the system you might be confused on how to implement this.
Say you have a WCF service exposing a set of services.You have a WPF thick client consuming this service.Say for example you are exposing a service to Add/Delete/View Employees.Based on the various roles you need to allow/disallow the access to the functionality.The easiest way would be enable/disable the controls that would be used invoke the corresponding functionality,based on the user role.
So am I done?
What if tomorrow you are exposing this service to some other client of yours,who is to develop his on User Interface(UI) for the service.
Do I have a problem here?
Yes of course!!!
What if he does not make the same check on the UI to enable/disable the controls that would act as his inputs.So here exactly is where you have a access break.Any user will be able to perform all functions irrespective of the access specified for him.
So how do I go about?
Make this check at the service level itself.Check for access and throw a NoAccess exception if not authorized.What exactly happens when you try to enter a no-access area in your office :)
UI synchronization is an added level to this,so that you can stop unnecessary service calls.
Will soon post a implementation sample :)
So what is this all about.It is just about a authorization check on whether you have the access to a particular resource or not.
When faced with scenarios like this when developing applications, where you have to implement Role based access for the different users that are to use the system you might be confused on how to implement this.
Say you have a WCF service exposing a set of services.You have a WPF thick client consuming this service.Say for example you are exposing a service to Add/Delete/View Employees.Based on the various roles you need to allow/disallow the access to the functionality.The easiest way would be enable/disable the controls that would be used invoke the corresponding functionality,based on the user role.
So am I done?
What if tomorrow you are exposing this service to some other client of yours,who is to develop his on User Interface(UI) for the service.
Do I have a problem here?
Yes of course!!!
What if he does not make the same check on the UI to enable/disable the controls that would act as his inputs.So here exactly is where you have a access break.Any user will be able to perform all functions irrespective of the access specified for him.
So how do I go about?
Make this check at the service level itself.Check for access and throw a NoAccess exception if not authorized.What exactly happens when you try to enter a no-access area in your office :)
UI synchronization is an added level to this,so that you can stop unnecessary service calls.
Will soon post a implementation sample :)
Subscribe to:
Posts (Atom)