all groups > dotnet web services > november 2006 >
You're in the

dotnet web services

group:

Web Service State



Web Service State theGecko
11/24/2006 4:35:01 PM
dotnet web services: I am aware that web services should be entirely stateless and it seems to be
recognised as bad design to keep state.
BUT, some of the methods we are exposing are extremel complicated and need
various server-side structures and database information to be loaded prior to
each call.

To reduce overhead, we would like to implement some sort of state
architecture for our web service.
A quick internet search has shown that there seem to be two approaches to
this.

1. - Use ASP.NET sessions, storing a cookie on the client. This isn't a
viable option as we can't be bound to the HTTP protocol nor dictate that our
users store the session state.

2. - Store state on the server and uniquely identify each visitor. I've seen
mention that some sort of SID stored in the SOAP header is one way to do
this, but no examples of actually storing the information.

We use windows authentication to authorise users to our web service, so can
uniquely identify every visitor to the service using active directory.
Ideally we would like to use the username as a key to storing state
somewhere on the server and it would be perfect if we could 'hook into' the
existing session functionality to take advantage of the various ways sessions
can be stored (SQL, across farms, etc.).
Does anyone know a way of doing this (it may be impossible due to security
risks) or have a better suggestion? We are currently using dictionaries to
store the settings on the server but are worried they could grow and use up
memory if the service is never allowed to unload.

Any thoughts, suggestions or flames will be appreciated :)

Cheers,

Rob
Re: Web Service State theGecko
11/28/2006 10:54:12 AM
Thanks Pablo,

Caching is the way we have gone with this, storing each settings class using
the current authenticated user's username and class name to generate a key.
Many thanks,

Rob

[quoted text, click to view]
Re: Web Service State Pablo Cibraro [MVP]
11/28/2006 10:55:43 AM
Hi Rob,

You can enable the ASP.NET session for the web services, but as you said, it
requires a cookie on the client and it is bound to HTTP. (This article
describes how to do that
http://dotnetjunkies.com/QuickStartv20/webservices/doc/Intrinsics.aspx)

The ASP.NET cache is another option, but since it is a cache, it can expire
if it is not being used. All the items are kept in memory, if you want to
store the items in different stores, you should take a look to a more
sotisficated solution, like the Enterprise Library Caching Application
Block. This last one allows you to keep the items in different stores, for
instance, a SQL Server database but this cache is intended to be used as
read-only.

Regards,
Pablo Cibraro.



[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.
Don't see what you're looking for? Try a search.
View other messages in the dotnet web services group.
AddThis Social Bookmark Button
View Other Months
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
home · blog · groups Questions? Comments? Contact the dn