473,322 Members | 1,287 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Web Service State

I am aware that web services should be entirely stateless and it seems to be
recognised as bad design to keep state.
BUT, some of the methods we are exposing are extremel complicated and need
various server-side structures and database information to be loaded prior to
each call.

To reduce overhead, we would like to implement some sort of state
architecture for our web service.
A quick internet search has shown that there seem to be two approaches to
this.

1. - Use ASP.NET sessions, storing a cookie on the client. This isn't a
viable option as we can't be bound to the HTTP protocol nor dictate that our
users store the session state.

2. - Store state on the server and uniquely identify each visitor. I've seen
mention that some sort of SID stored in the SOAP header is one way to do
this, but no examples of actually storing the information.

We use windows authentication to authorise users to our web service, so can
uniquely identify every visitor to the service using active directory.
Ideally we would like to use the username as a key to storing state
somewhere on the server and it would be perfect if we could 'hook into' the
existing session functionality to take advantage of the various ways sessions
can be stored (SQL, across farms, etc.).
Does anyone know a way of doing this (it may be impossible due to security
risks) or have a better suggestion? We are currently using dictionaries to
store the settings on the server but are worried they could grow and use up
memory if the service is never allowed to unload.

Any thoughts, suggestions or flames will be appreciated :)

Cheers,

Rob

Nov 25 '06 #1
2 1815
Hi Rob,

You can enable the ASP.NET session for the web services, but as you said, it
requires a cookie on the client and it is bound to HTTP. (This article
describes how to do that
http://dotnetjunkies.com/QuickStartv...ntrinsics.aspx)

The ASP.NET cache is another option, but since it is a cache, it can expire
if it is not being used. All the items are kept in memory, if you want to
store the items in different stores, you should take a look to a more
sotisficated solution, like the Enterprise Library Caching Application
Block. This last one allows you to keep the items in different stores, for
instance, a SQL Server database but this cache is intended to be used as
read-only.

Regards,
Pablo Cibraro.

"theGecko" <th******@discussions.microsoft.comwrote in message
news:2A**********************************@microsof t.com...
>I am aware that web services should be entirely stateless and it seems to
be
recognised as bad design to keep state.
BUT, some of the methods we are exposing are extremel complicated and need
various server-side structures and database information to be loaded prior
to
each call.

To reduce overhead, we would like to implement some sort of state
architecture for our web service.
A quick internet search has shown that there seem to be two approaches to
this.

1. - Use ASP.NET sessions, storing a cookie on the client. This isn't a
viable option as we can't be bound to the HTTP protocol nor dictate that
our
users store the session state.

2. - Store state on the server and uniquely identify each visitor. I've
seen
mention that some sort of SID stored in the SOAP header is one way to do
this, but no examples of actually storing the information.

We use windows authentication to authorise users to our web service, so
can
uniquely identify every visitor to the service using active directory.
Ideally we would like to use the username as a key to storing state
somewhere on the server and it would be perfect if we could 'hook into'
the
existing session functionality to take advantage of the various ways
sessions
can be stored (SQL, across farms, etc.).
Does anyone know a way of doing this (it may be impossible due to security
risks) or have a better suggestion? We are currently using dictionaries to
store the settings on the server but are worried they could grow and use
up
memory if the service is never allowed to unload.

Any thoughts, suggestions or flames will be appreciated :)

Cheers,

Rob

Nov 28 '06 #2
Thanks Pablo,

Caching is the way we have gone with this, storing each settings class using
the current authenticated user's username and class name to generate a key.
Many thanks,

Rob

"Pablo Cibraro [MVP]" wrote:
Hi Rob,

You can enable the ASP.NET session for the web services, but as you said, it
requires a cookie on the client and it is bound to HTTP. (This article
describes how to do that
http://dotnetjunkies.com/QuickStartv...ntrinsics.aspx)

The ASP.NET cache is another option, but since it is a cache, it can expire
if it is not being used. All the items are kept in memory, if you want to
store the items in different stores, you should take a look to a more
sotisficated solution, like the Enterprise Library Caching Application
Block. This last one allows you to keep the items in different stores, for
instance, a SQL Server database but this cache is intended to be used as
read-only.

Regards,
Pablo Cibraro.

"theGecko" <th******@discussions.microsoft.comwrote in message
news:2A**********************************@microsof t.com...
I am aware that web services should be entirely stateless and it seems to
be
recognised as bad design to keep state.
BUT, some of the methods we are exposing are extremel complicated and need
various server-side structures and database information to be loaded prior
to
each call.

To reduce overhead, we would like to implement some sort of state
architecture for our web service.
A quick internet search has shown that there seem to be two approaches to
this.

1. - Use ASP.NET sessions, storing a cookie on the client. This isn't a
viable option as we can't be bound to the HTTP protocol nor dictate that
our
users store the session state.

2. - Store state on the server and uniquely identify each visitor. I've
seen
mention that some sort of SID stored in the SOAP header is one way to do
this, but no examples of actually storing the information.

We use windows authentication to authorise users to our web service, so
can
uniquely identify every visitor to the service using active directory.
Ideally we would like to use the username as a key to storing state
somewhere on the server and it would be perfect if we could 'hook into'
the
existing session functionality to take advantage of the various ways
sessions
can be stored (SQL, across farms, etc.).
Does anyone know a way of doing this (it may be impossible due to security
risks) or have a better suggestion? We are currently using dictionaries to
store the settings on the server but are worried they could grow and use
up
memory if the service is never allowed to unload.

Any thoughts, suggestions or flames will be appreciated :)

Cheers,

Rob


Nov 28 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Dhilip Kumar | last post by:
Hi All, I'm writing a Windows Service app using C#. I need to read some configuration settings before the service starts up. These settings will be used by the service in its operation. ...
2
by: mg | last post by:
I'm trying to store session state in a Windows Service. I start the ASP.NET State Service and modify the Web.Config file to include <sessionState mode="StateServer"...
5
by: Stu Carter | last post by:
Hi, ENV: Windows 2003 Server SP1 (+all updates), VS 2003, .Net 1.1 SP1 We've got an ASP.Net web application using State Service. All is fine until we tried to use the app through a virtual...
1
by: DwC | last post by:
Hey All, I have a web service that maintains it's own state so once the user has successfully called the Login method a logged in flag is set in session. Each method checks that the user is...
2
by: JD | last post by:
Hello, I'm experiencing a problem that I'm hoping someone might be able to shed some light on. I have an ASP.NET page on a Windows 2000 machine that makes web service calls to a .NET web...
6
by: eroc.spam | last post by:
Hello- I'm working with a .NET windows service that can potentially take up to 10 minutes to shutdown. I would like to make it so that SCM doesn't timeout before the service actually stops, but...
5
by: marccruz | last post by:
Hi, I am writing a Windows Service in C#. I want to gracefully fail the "protected override void OnStop()" function. To do this, I first tried throwing an Exception in the function. However,...
11
by: Joseph Geretz | last post by:
I've been looking at two approaches for the maintenance of Session state for a Web Service application. One approach uses the old familiar Session object which I've used in the past for Web...
11
by: Glenn | last post by:
Hi I've been experimenting with managing state using the Session object. I've created a simple WS with a couple of methods, one which sets a string value, another that retrieves it. Each...
5
by: =?Utf-8?B?QmlsbHkgWmhhbmc=?= | last post by:
Hi All, I am using asp.net session state service to store session. The concurrent online user will be almost 2000. Could asp.net session state service afford this? Is there any limitation...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.