InfoQ

News

Creating a RESTful API with WCF

Posted by Hartmut Wilms on Mar 13, 2008 05:41 PM

Community
.NET,
SOA
Topics
.NET Framework ,
REST
Tags
Web services ,
WCF

Aaron Sloman and Haider Sabri gave a talk about "Creating a RESTful API with WCF" at MIX08 introducing a sample REST application called RESTChess.

The talks starts with some background information about the REST support within WCF provided by Aaron Sloman. Haider Sabri continues by giving a brief introduction to REST and its principals. According to Haider the key benefits of REST are

    • Low barrier of entry
    • ROA follows Web Semantics ... convenient for Web Service APIs
    • Flexibility in Response formats

In his opinion "REST is best choice when creating a general API when clients are unknown".

WCF supports REST through the Web Programming Model, which has been added in the .NET Framework 3.5 and consists of the following concepts:

  • URI Templates & WebGet/WebInvoke
    • These are attributes, which map HTTP requests to methods in a class.
  • WebHttpBinding
    • WebHttpBinding is a WCF binding that enables dispatching based on the above.
    • You can easily switch between REST and a SOAP API.
  • WebOperationContext
    • The WebOperationContext allows to manipulate requests and responses in a RESTful way.

Haider Sabri introduces RESTChess, which is a RESTful API for a chess game. RESTChess is both a nice sample of a RESTful API implemented with WCF's Web Programming Model and a bunch of extensions (custom WCF bindings and behaviors) that (partially) make up for the shortcomings of the WCF web programming model:

  • Flexible URIs
    • The service .svc extension is required when hosting services in IIS.
    • RESTChess provides a URL rewriter implemented as a HTTP module within IIS 7.
  • Bridging Low REST clients, which only support GET and POST
    • There are two common approaches to solve this problem:
      • Custom HTTP headers
      • _method query parameter
    • RESTChess implements a custom WCF channel that distinguishes between high and low REST clients and changes messages that make use of  DELETE or PUT methods tunneled through a POST request to the appropriate HTTP method.
  • Request Authentication with Digital Signing
    • RESTChess makes use of OAuth,  which is an "open protocol to allow secure API authentication" including digital signature.
    • The signature is passed via an OAuth consumer key as a query parameter.
    • A custom WCF channel checks the request for the OAuth key, and throws an exception before the request gets dispatched to the service model in case the consumer is not authenticated (the key is not present or unknown).
  • Multiple Representation Formats
    • WCF only supports XML and JSON.
  • RESTful Exception Handling
    • The RESTChess team build an engine to map exceptions to appropriate HTTP error codes.

Although the team had to add several missing pieces to the WCF web programming model, in Haider's opinion "the area where WCF shines is the ability to extend it, to insert into it, to build on the stack at a high level".

Interesting, but arguably an inappropriate use of REST by Gerhard Kessell-Haak Posted Mar 17, 2008 8:24 PM
  1. Back to top

    Interesting, but arguably an inappropriate use of REST

    Mar 17, 2008 8:24 PM by Gerhard Kessell-Haak

    An interesting article, particularly with respect to its implementation. However, its arguable that this is not an appropriate use of the REST architectural style. REST is most appropriate when dealing with resources (indeed, Representational State Transfer is a style of software architecture that is ideal for distributed hypermedia systems, and was first identified with the World Wide Web). I would argue XML-RPC in conjunction with HTTP authentication (or, if you like complexity for the sake of it, SOAP) to be a better fit as it implies state on the server (unlike REST), and would result in a cleaner mapping to the underlying API.

Educational Content

Bindings, Platforms, and Innovation

This presentation focuses on the Internet and separating myth from fact, history from the future, and the mundane from the imaginative. Bob Frankston presents a vision of what could and should be.

Orchestrating Long Running Activities with JBoss / JBPM

This article explores the use of JBoss and jBPM to implement design solutions that effectively address the issue of orchestrating long running activities.

Neo4j - The Benefits of Graph Databases

This presentation covers the use of graph databases as an optimal solution for data that is difficult to fit in static tables, rapidly evolving data or data that has a lot of optional attributes.

Realistic about Risk: Software development with Real Options

This session introduces Real Options and shows how it can help in running your project. Real Options is a decision-making process that can be used to manage risk.

Communication Flexibility Using Bindings

This article discusses the use of bindings on services and references (including the instance of non-configured bindings) as the means to implement SCA communications in a Web and SOA environment.

Writing DSLs in Groovy

After a short introduction to DSLs, Scott Davis plays with the keyboard showing how to approach the creation of a DSL by typing working snippets of Groovy code that get executed.

Scaling Agile with C/ALM (Collaborative Application Lifecycle Management)

IBM Rational and InfoQ present, Scaling Agile with C/ALM, an eBook showing organizations how to become “finely tuned software delivery machines” by enabling team integration and scaling.

Concurrent Programming with Microsoft F#

Amanda Laucher presents a real life enterprise application written in F#. She shows actual code snippets, explaining design decisions and suggesting how to use some of the F# constructs.