Managing stateless applications with Infologica Operation Context
Being designed for the Enterprise the Infologica Fusion Framework supports stateless distributed applications running on multiple server boxes organised into the web farms or clusters.
In order to increase the system scalability administrator can easily extend the array of servers in the Infologica Fusion Cluster not worrying about such things as session state management.
This means that the web client successfully authenticated on the computer - member of the cluster, will be recognised by any other computer in the web services cluster within the configurable context timeout.
To make sure any call is executed in the context of authenticated user, the Infologica Fusion Framework utilises the System.Web.Security.FormsAuthenticationTicket class which allows to embed the data within the ticket. The encrypted session ticket can be issued to the Client by the Web Service Framework on successful user authentication and attached to the SOAP Header of the HTTP Response under the ApplicationContext/Data Node. The ticket consists of the call context data, provided by the business component and the timestamp, generated by the Infologica Fusion Framework.
Below is an example of the SOAP Header:
<soap:Header>
<ApplicationContext xmlns="Infologica.Web.Services.Sample">
<Data>
3973DC5D4AA85CC9832B85C0E91216B71F1FCDCBF3B20969E65D141EA55E22D25ABBB084D395CC9BC19694C4E742
766082F7991A6486AF35880199F79E446A8374F2D4DD8DD30334E0B0D38A8455F124DE0521054CEFAE0E6923B3B7
74FACB1963B79505A5A733CA70906AF26CB2C0F66319D269C8DEF2BC7346D9502BDB51FBB179C7812F1D01CADD38
192ACA024A412F64C8C6ECE0841AAC6972E5EC64AFC14EEDC24965B2528002AFFDEF4097C89CECA7E9236C8FE666
</Data>
</ApplicationContext>
</soap:Header>
Depending on the business logic and security rules the designer of the Business Component may assign the context role to any Web Operation, forcing the Web Service client to retrieve the innerText from the Data node of the above SOAP header and include it in the same place with any further request in order to prolong the call sponsorship.
The Following context-roles can be assigned to the Web Operations:
To make sure any call is executed in the context of authenticated user, the Infologica Fusion Framework utilises the System.Web.Security.FormsAuthenticationTicket class which allows to embed the data within the ticket. The encrypted session ticket can be issued to the Client by the Web Service Framework on successful user authentication and attached to the SOAP Header of the HTTP Response under the ApplicationContext/Data Node. The ticket consists of the call context data, provided by the business component and the timestamp, generated by the Infologica Fusion Framework.
Below is an example of the SOAP Header:
<soap:Header>
<ApplicationContext xmlns="Infologica.Web.Services.Sample">
<Data>
3973DC5D4AA85CC9832B85C0E91216B71F1FCDCBF3B20969E65D141EA55E22D25ABBB084D395CC9BC19694C4E742
766082F7991A6486AF35880199F79E446A8374F2D4DD8DD30334E0B0D38A8455F124DE0521054CEFAE0E6923B3B7
74FACB1963B79505A5A733CA70906AF26CB2C0F66319D269C8DEF2BC7346D9502BDB51FBB179C7812F1D01CADD38
192ACA024A412F64C8C6ECE0841AAC6972E5EC64AFC14EEDC24965B2528002AFFDEF4097C89CECA7E9236C8FE666
</Data>
</ApplicationContext>
</soap:Header>
Depending on the business logic and security rules the designer of the Business Component may assign the context role to any Web Operation, forcing the Web Service client to retrieve the innerText from the Data node of the above SOAP header and include it in the same place with any further request in order to prolong the call sponsorship.
The Following context-roles can be assigned to the Web Operations:
| Context Role | Role Description |
| Initializer | Operation in this role does not need an application context, but rather generates the one on successful signon/authentication |
| Consumer | Operation in this role requires a valid application context on input and always prolongs call sponsorship by propagating the updated context to the client |
| Terminator | Operation in this role validates the application context on input and terminates the one on output |
| Browser | Framework does not validate the application context for the browser-operations |
The Web Services Framework validates the ticket integrity, session timeout and forwards the decrypted call context to the business component together with the new xml data request.
To demonstrate how the framework handles the session context we will use the Sample Web Service and the Web Services Test Bench shipped with the Infologica Fusion SDK .
The Sample Web Service contains the following operations with the preconfigured roles:
According to the above configuration the GetBalance operation can be executed only within the authenticated context. Let's start the Web Services Test Bench and invoke the SignOn operation responsible for the creation of the session context. On the Request Data panel click the Open File icon and using the file dialog box navigate to the Program Files\Infologica\Infologica.Fusion.SDK\Applications\Infologica.App.Sample\TestScenario folder.
The Sample Web Service contains the following operations with the preconfigured roles:
- SignOn (Initializer)
- Negotiate (Browser)
- GetBalance (Consumer)
- SignOff (Terminator)
According to the above configuration the GetBalance operation can be executed only within the authenticated context. Let's start the Web Services Test Bench and invoke the SignOn operation responsible for the creation of the session context. On the Request Data panel click the Open File icon and using the file dialog box navigate to the Program Files\Infologica\Infologica.Fusion.SDK\Applications\Infologica.App.Sample\TestScenario folder.
 |
Select the SignOnRequest.xml file. Specify the Web Service Address and SOAP Action and click the Process Request button:
 |
The framework validates the web service request and loads the definition of the SignOn operation. According to the Initializer role of the above operation the framework processes the original request and generates the session context ticket which it returns to the client within SOAP Header:
 |
Next, load the GetBalance operation to the Data box of the Process Request pane. Try to process request without attaching the session context. You should receive the "Invalid Context" SOAP Exception:
 |
Now copy the ApplicationContext XML from the Context Box of the ProcessResponse pane and paste it to the Context Box of the ProcessRequest pane. Click the ProcessRequest button:
 |
This time you should get the valid response.
 |
Note: The above ApplicationContext ticket will be valid for 3600 seconds (default timeout). The request will fail if the client does not prolong the call sponsorship within the configurable timeframe.
