WCF服务编程设计规范(6):队列服务、安全和服务总线。本节整理队列服务(Queue Servuce)、服务安全(Service Security)和服务总线(Service Bus)的设计规范。
Queued Services
队列服务
1. On the client, always verify that the queue (and a dead-letter queue, when applicable) is available before calling the queued service. Use
QueuedServiceHelper.VerifyQueues()
for this purpose.
在客户端,在调用队列服务以前,始终检查队列是否可用(如果可以的话,也包括确认死信队列)。使用
QueuedServiceHelper.VerifyQueues()
方法检查。
2. Always verify that the queue is available when hosting a queued service (this is done automatically by
ServiceHost<T>
).
当托管队列服务的时候始终检查队列是否可用(
ServiceHost<T>
会
自动检测)
3. Except in isolated scenarios, avoid designing the same service to work both queued and non-queued.
除了某些单独的场景,避免避免在同一个服务里同时使用队列和非队列服务
4. The service should participate in the playback transaction.
服务应该参与到回放事务中
5. When participating in the playback transaction, avoid lengthy processing in the queued service.
当参与到回放事务里,避免队列服务里出现冗长的处理工作
6. Avoid sessionful queued services.
避免使用会话性队列服务
7. When using a singleton queued service, use a volatile resource manager to manage the singleton state.
当使用单例队列服务时,使用易失资源管理器去管理单例状态
8. When using a per-call queued service, explicitly configure the contract and the service to be per-call and sessionless:
当使用单调队列服务时,明确设置服务和契约的单调和非回话属性
[ServiceContract(SessionMode = SessionMode.
NotAllowed
)]
interface IMyContract
{...}
[ServiceBehavior(InstanceContextMode = InstanceContextMode.
PerCall
)]
class MyService : IMyContract
{...}
9. Always explicitly set contracts on a queued singleton to disallow sessions:
始终禁止在单例队列服务模式下使用会话
[ServiceContract(SessionMode = SessionMode.
NotAllowed
)]
interface IMyContract
{...}
[ServiceBehavior(InstanceContextMode = InstanceContextMode.
Single
)]
class MyService : IMyContract
{...}
10. The client should call a queued service inside a transaction.
客户端应该在一个事务内部调用队列服务
11. On the client side, do not store a queued service proxy in a member variable.
在客户端,不要在成员变量里存储队列服务的代理
12. Avoid relatively short values of
TimeToLive
, as they negate the justification for a queued service.
避免使用相对短的
TimeToLive
值,因为这会干扰队列服务的决策
13. Avoid nontransactional queues.
避免非事务性队列
14. When using a response queue, have the service participate in the playback transaction and queue the response in that transaction.
当使用一个应答队列时,让服务参与到一个回放事务中,并且在事务里,把应答消息装入队列。
15. Have the response service participate in the response playback transaction.
让应答服务参与到应答回放事务里
16. Avoid lengthy processing in a queued response operation.
避免在应答操作里进行冗长的处理工作
17. With MSMQ 3.0, prefer a response service to a poison queue service dealing with failures of the service itself.
对于
MSMQ3.0,
推荐使用应答服务来处理服务自身失败,而不是毒信队列
18. With MSMQ 4.0, use
ReceiveErrorHandling.Reject
for poison messages unless you have advanced processing with
ReceiveErrorHandling.Move
.
Avoid
ReceiveErrorHandling.Fault
and
ReceiveErrorHandling.Drop
.
对于
MSMQ4.0,
除非对
ReceiveErrorHandling.Move
有高级处理,否则为毒信队列使用
ReceiveErrorHandling.Reject
,
避免使用
ReceiveErrorHandling.Fault
和
ReceiveErrorHandling.Drop
19. With MSMQ 4.0, consider the use of a response service to handle service playback failures.
对于
MSMQ4.0,
考虑使用应答服务去处理服务回放错误
20. Unless dealing with a sessionful contract and service, never assume the order of queued calls.
除非处理会话契约和服务,否则从不假定队列调用是有序的
21. Avoid multiple service endpoints sharing a queue.
避免多个服务终结点共享一个队列
22. Avoid receive context.
避免使用接收上下文环境
Security
安全
1. Always protect the message and provide for message confidentiality and integrity.
始终保护消息,并为消息提供安全性和完整性
2. In an intranet, you can use Transport security as long as the protection level is set to
EncryptAndSign
.
在企业网内,只要你把保护级别设置为
EncryptAndSign
你可以使用传输安全,
3. In an intranet, avoid impersonation. Set the impersonation level to
TokenImpersonationLevel.Identification
.
在企业网内,避免使用
impersonation
,把
impersonation
级别设置为
TokenImpersonationLevel.Identification
4. When using impersonation, have the client use
TokenImpersonationLevel.Impersonation
.
当使用
impersonation
时,让客户端使用
TokenImpersonationLevel.Impersonation
5. Use the declarative security framework and avoid manual configuration.
使用声明式安全框架,并避免手动配置
6. Never apply the
PrincipalPermission
attribute directly on the service class:
从不在服务上直接设置
PrincipalPermission
属性
//Will always fail:
[PrincipalPermission(SecurityAction.Demand,Role = "...")]
public class MyService : IMyContract
{...}
7. Avoid sensitive work that requires authorization at the service constructor.
避免在服务构造函数上
,
完成需要授权的工作
8. Avoid demanding a particular user, with or without demanding a role:
避免要求一个特定的用户,不管是否要求的角色
//Avoid:
[PrincipalPermission(SecurityAction.Demand,Name = "John")]
public void MyMethod()
{...}
9. Do not rely on role-based security in the client’s callback operations.
不要在客户端回调操作里依赖基于角色的安全
10. With Internet clients, always use Message security.
对于
Internet
客户端,始终使用消息安全
11. Allow clients to negotiate the service certificate (the default).
运行客户端与服务端进行证书协商(默认)
12. Use the ASP.NET providers for custom credentials.
为自定义客户端凭据使用
ASP.NET providers
13. When developing a custom credentials store, develop it as a custom ASP.NET provider.
当开发自定义客户端凭据存储的时候,使用自定义
ASP.NET provider.
14. Validate certificates using peer trust.
使用对等信任验证证书
The Service Bus
服务总线
1. Prefer the TCP relay binding.
推荐使用
TCP Relay
绑定
2. Make your services be discoverable.
让你的服务是可以被发现
3. Do use discrete events.
使用分离事件
4. Do not treat buffers as queues.
不要把缓存当做队列
5. With buffers, avoid raw WCF messages and use the strongly typed, structured calls technique of
BufferedServiceBusHost<T>
and
BufferedServiceBusClient<T>
.
对于缓存,避免原始的
WCF
消息以及使用强类型、结构化的
BufferedServiceBusHost<T>
和
BufferedServiceBusClient<T>
调用方法
6. Use message security.
使用消息安全
7. Do not use service bus authentication for user authentication.
不要是有服务总线验证去做用户验证的工作
8. Strive for anonymous calls and let the service bus authenticate the calling application.
争取匿名调用,并且让服务总线验证调用程序
本文转自 frankxulei 51CTO博客,原文链接:
http://blog.51cto.com/frankxulei/318668
,如需转载请自行联系原作者
