WCF服務編程設計規范(6):隊列服務、安全和服務總線。本節整理隊列服務(Queue Servuce)、服務安全(Service Security)和服務總線(Service Bus)的設計規范。
Queued Services
隊列服務
1. On the client, always verify that the queue (and a dead-letter queue, when applicable) is available before calling the queued service. Use QueuedServiceHelper.VerifyQueues() for this purpose.
在客戶端,在調用隊列服務以前,始終檢查隊列是否可用(如果可以的話,也包括確認死信隊列)。使用QueuedServiceHelper.VerifyQueues()方法檢查。
2. Always verify that the queue is available when hosting a queued service (this is done automatically by ServiceHost<T>).
當托管隊列服務的時候始終檢查隊列是否可用(ServiceHost<T>會自動檢測)
3. Except in isolated scenarios, avoid designing the same service to work both queued and non-queued.
除了某些單獨的場景,避免避免在同一個服務裡同時使用隊列和非隊列服務
4. The service should participate in the playback transaction.
服務應該參與到回放事務中
5. When participating in the playback transaction, avoid lengthy processing in the queued service.
當參與到回放事務裡,避免隊列服務裡出現冗長的處理工作
6. Avoid sessionful queued services.
避免使用會話性隊列服務
7. When using a singleton queued service, use a volatile resource manager to manage the singleton state.
當使用單例隊列服務時,使用易失資源管理器去管理單例狀態
8. When using a per-call queued service, explicitly configure the contract and the service to be per-call and sessionless:
當使用單調隊列服務時,明確設置服務和契約的單調和非回話屬性
[ServiceContract(SessionMode = SessionMode.NotAllowed)]
interface IMyContract
{...}
[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall)]
class MyService : IMyContract
{...}
9. Always explicitly set contracts on a queued singleton to disallow sessions:
始終禁止在單例隊列服務模式下使用會話
[ServiceContract(SessionMode = SessionMode.NotAllowed)]
interface IMyContract
{...}
[ServiceBehavior(InstanceContextMode = InstanceContextMode.Single)]
class MyService : IMyContract
{...}
10. The client should call a queued service inside a transaction.
客戶端應該在一個事務內部調用隊列服務
11. On the client side, do not store a queued service proxy in a member variable.
在客戶端,不要在成員變量裡存儲隊列服務的代理
12. Avoid relatively short values of TimeToLive, as they negate the justification for a queued service.
避免使用相對短的TimeToLive值,因為這會干擾隊列服務的決策
13. Avoid nontransactional queues.
避免非事務性隊列
14. When using a response queue, have the service participate in the playback transaction and queue the response in that transaction.
當使用一個應答隊列時,讓服務參與到一個回放事務中,並且在事務裡,把應答消息裝入隊列。
15. Have the response service participate in the response playback transaction.
讓應答服務參與到應答回放事務裡
16. Avoid lengthy processing in a queued response operation.
避免在應答操作裡進行冗長的處理工作
17. With MSMQ 3.0, prefer a response service to a poison queue service dealing with failures of the service itself.
對於MSMQ3.0,推薦使用應答服務來處理服務自身失敗,而不是毒信隊列
18. With MSMQ 4.0, use ReceiveErrorHandling.Reject for poison messages unless you have advanced processing with ReceiveErrorHandling.Move.
Avoid ReceiveErrorHandling.Fault and ReceiveErrorHandling.Drop.
對於MSMQ4.0,除非對ReceiveErrorHandling.Move有高級處理,否則為毒信隊列使用ReceiveErrorHandling.Reject,避免使用ReceiveErrorHandling.Fault 和 ReceiveErrorHandling.Drop
19. With MSMQ 4.0, consider the use of a response service to handle service playback failures.
對於MSMQ4.0,考慮使用應答服務去處理服務回放錯誤
20. Unless dealing with a sessionful contract and service, never assume the order of queued calls.
除非處理會話契約和服務,否則從不假定隊列調用是有序的
21. Avoid multiple service endpoints sharing a queue.
避免多個服務終結點共享一個隊列
22. Avoid receive context.
避免使用接收上下文環境
Security
安全
1. Always protect the message and provide for message confidentiality and integrity.
始終保護消息,並為消息提供安全性和完整性
2. In an intranet, you can use Transport security as long as the protection level is set to EncryptAndSign.
在企業網內,只要你把保護級別設置為EncryptAndSign你可以使用傳輸安全,
3. In an intranet, avoid impersonation. Set the impersonation level to TokenImpersonationLevel.Identification.
在企業網內,避免使用impersonation,把impersonation 級別設置為TokenImpersonationLevel.Identification
4. When using impersonation, have the client use TokenImpersonationLevel.Impersonation.
當使用impersonation時,讓客戶端使用TokenImpersonationLevel.Impersonation
5. Use the declarative security framework and avoid manual configuration.
使用聲明式安全框架,並避免手動配置
6. Never apply the PrincipalPermission attribute directly on the service class:
從不在服務上直接設置PrincipalPermission屬性
//Will always fail:
[PrincipalPermission(SecurityAction.Demand,Role = "...")]
public class MyService : IMyContract
{...}
7. Avoid sensitive work that requires authorization at the service constructor.
避免在服務構造函數上,完成需要授權的工作
8. Avoid demanding a particular user, with or without demanding a role:
避免要求一個特定的用戶,不管是否要求的角色
//Avoid:
[PrincipalPermission(SecurityAction.Demand,Name = "John")]
public void MyMethod()
{...}
9. Do not rely on role-based security in the client’s callback operations.
不要在客戶端回調操作裡依賴基於角色的安全
10. With Internet clients, always use Message security.
對於Internet客戶端,始終使用消息安全
11. Allow clients to negotiate the service certificate (the default).
運行客戶端與服務端進行證書協商(默認)
12. Use the ASP.NET providers for custom credentials.
為自定義客戶端憑據使用ASP.NET providers
13. When developing a custom credentials store, develop it as a custom ASP.NET provider.
當開發自定義客戶端憑據存儲的時候,使用自定義ASP.NET provider.
14. Validate certificates using peer trust.
使用對等信任驗證證書
The Service Bus
服務總線
1. Prefer the TCP relay binding.
推薦使用TCP Relay綁定
2. Make your services be discoverable.
讓你的服務是可以被發現
3. Do use discrete events.
使用分離事件
4. Do not treat buffers as queues.
不要把緩存當做隊列
5. With buffers, avoid raw WCF messages and use the strongly typed, structured calls technique of BufferedServiceBusHost<T> and BufferedServiceBusClient<T>.
對於緩存,避免原始的WCF消息以及使用強類型、結構化的BufferedServiceBusHost<T> 和 BufferedServiceBusClient<T>調用方法
6. Use message security.
使用消息安全
7. Do not use service bus authentication for user authentication.
不要是有服務總線驗證去做用戶驗證的工作
8. Strive for anonymous calls and let the service bus authenticate the calling application.
爭取匿名調用,並且讓服務總線驗證調用程序
