WCF服務編程設計規範(6):隊列服務、安全和服務總線。本節整理隊列服務(Queue Servuce)、服務安全(Service Security)和服務總線(Service Bus)的設計規範。
Queued Services
隊列服務
1. On the client, always verify that the queue (and a dead-letter queue, when applicable) is available before calling the queued service. Use
QueuedServiceHelper.VerifyQueues()
for this purpose.
在客戶端,在調用隊列服務之前,始終檢查隊列是否可用(若是能夠的話,也包括確認死信隊列)。使用
QueuedServiceHelper.VerifyQueues()
方法檢查。
2. Always verify that the queue is available when hosting a queued service (this is done automatically by
ServiceHost<T>
).
當託管隊列服務的時候始終檢查隊列是否可用(
ServiceHost<T>
會
自動檢測)
3. Except in isolated scenarios, avoid designing the same service to work both queued and non-queued.
除了某些單獨的場景,避免避免在同一個服務裏同時使用隊列和非隊列服務
4. The service should participate in the playback transaction.
服務應該參與到回放事務中
5. When participating in the playback transaction, avoid lengthy processing in the queued service.
當參與到回放事務裏,避免隊列服務裏出現冗長的處理工做
6. Avoid sessionful queued services.
避免使用會話性隊列服務
7. When using a singleton queued service, use a volatile resource manager to manage the singleton state.
當使用單例隊列服務時,使用易失資源管理器去管理單例狀態
8. When using a per-call queued service, explicitly configure the contract and the service to be per-call and sessionless:
當使用單調隊列服務時,明確設置服務和契約的單調和非回話屬性
[ServiceContract(SessionMode = SessionMode.
NotAllowed
)]
interface IMyContract
{...}
[ServiceBehavior(InstanceContextMode = InstanceContextMode.
PerCall
)]
class MyService : IMyContract
{...}
9. Always explicitly set contracts on a queued singleton to disallow sessions:
始終禁止在單例隊列服務模式下使用會話
[ServiceContract(SessionMode = SessionMode.
NotAllowed
)]
interface IMyContract
{...}
[ServiceBehavior(InstanceContextMode = InstanceContextMode.
Single
)]
class MyService : IMyContract
{...}
10. The client should call a queued service inside a transaction.
客戶端應該在一個事務內部調用隊列服務
11. On the client side, do not store a queued service proxy in a member variable.
在客戶端,不要在成員變量裏存儲隊列服務的代理
12. Avoid relatively short values of
TimeToLive
, as they negate the justification for a queued service.
避免使用相對短的
TimeToLive
值,由於這會干擾隊列服務的決策
13. Avoid nontransactional queues.
避免非事務性隊列
14. When using a response queue, have the service participate in the playback transaction and queue the response in that transaction.
當使用一個應答隊列時,讓服務參與到一個回放事務中,而且在事務裏,把應答消息裝入隊列。
15. Have the response service participate in the response playback transaction.
讓應答服務參與到應答回放事務裏
16. Avoid lengthy processing in a queued response operation.
避免在應答操做裏進行冗長的處理工做
17. With MSMQ 3.0, prefer a response service to a poison queue service dealing with failures of the service itself.
對於
MSMQ3.0,
推薦使用應答服務來處理服務自身失敗,而不是毒信隊列
18. With MSMQ 4.0, use
ReceiveErrorHandling.Reject
for poison messages unless you have advanced processing with
ReceiveErrorHandling.Move
.
Avoid
ReceiveErrorHandling.Fault
and
ReceiveErrorHandling.Drop
.
對於
MSMQ4.0,
除非對
ReceiveErrorHandling.Move
有高級處理,不然爲毒信隊列使用
ReceiveErrorHandling.Reject
,
避免使用
ReceiveErrorHandling.Fault
和
ReceiveErrorHandling.Drop
19. With MSMQ 4.0, consider the use of a response service to handle service playback failures.
對於
MSMQ4.0,
考慮使用應答服務去處理服務回放錯誤
20. Unless dealing with a sessionful contract and service, never assume the order of queued calls.
除非處理會話契約和服務,不然從不假定隊列調用是有序的
21. Avoid multiple service endpoints sharing a queue.
避免多個服務終結點共享一個隊列
22. Avoid receive context.
避免使用接收上下文環境
Security
安全
1. Always protect the message and provide for message confidentiality and integrity.
始終保護消息,併爲消息提供安全性和完整性
2. In an intranet, you can use Transport security as long as the protection level is set to
EncryptAndSign
.
在企業網內,只要你把保護級別設置爲
EncryptAndSign
你能夠使用傳輸安全,
3. In an intranet, avoid impersonation. Set the impersonation level to
TokenImpersonationLevel.Identification
.
在企業網內,避免使用
impersonation
,把
impersonation
級別設置爲
TokenImpersonationLevel.Identification
4. When using impersonation, have the client use
TokenImpersonationLevel.Impersonation
.
當使用
impersonation
時,讓客戶端使用
TokenImpersonationLevel.Impersonation
5. Use the declarative security framework and avoid manual configuration.
使用聲明式安全框架,並避免手動配置
6. Never apply the
PrincipalPermission
attribute directly on the service class:
從不在服務上直接設置
PrincipalPermission
屬性
//Will always fail:
[PrincipalPermission(SecurityAction.Demand,Role = "...")]
public class MyService : IMyContract
{...}
7. Avoid sensitive work that requires authorization at the service constructor.
避免在服務構造函數上
,
完成須要受權的工做
8. Avoid demanding a particular user, with or without demanding a role:
避免要求一個特定的用戶,無論是否要求的角色
//Avoid:
[PrincipalPermission(SecurityAction.Demand,Name = "John")]
public void MyMethod()
{...}
9. Do not rely on role-based security in the client’s callback operations.
不要在客戶端回調操做裏依賴基於角色的安全
10. With Internet clients, always use Message security.
對於
Internet
客戶端,始終使用消息安全
11. Allow clients to negotiate the service certificate (the default).
運行客戶端與服務端進行證書協商(默認)
12. Use the ASP.NET providers for custom credentials.
爲自定義客戶端憑據使用
ASP.NET providers
13. When developing a custom credentials store, develop it as a custom ASP.NET provider.
當開發自定義客戶端憑據存儲的時候,使用自定義
ASP.NET provider.
14. Validate certificates using peer trust.
使用對等信任驗證證書
The Service Bus
服務總線
1. Prefer the TCP relay binding.
推薦使用
TCP Relay
綁定
2. Make your services be discoverable.
讓你的服務是能夠被發現
3. Do use discrete events.
使用分離事件
4. Do not treat buffers as queues.
不要把緩存當作隊列
5. With buffers, avoid raw WCF messages and use the strongly typed, structured calls technique of
BufferedServiceBusHost<T>
and
BufferedServiceBusClient<T>
.
對於緩存,避免原始的
WCF
消息以及使用強類型、結構化的
BufferedServiceBusHost<T>
和
BufferedServiceBusClient<T>
調用方法
6. Use message security.
使用消息安全
7. Do not use service bus authentication for user authentication.
不要是有服務總線驗證去作用戶驗證的工做
8. Strive for anonymous calls and let the service bus authenticate the calling application.
爭取匿名調用,而且讓服務總線驗證調用程序