基于Silverlight的RIA架構(gòu)及百度應(yīng)用

基于Silverlight的RIA架構(gòu)

及百度應(yīng)用楊丹資深.NET架構(gòu)師微軟〔中國(guó)〕陳廣琛Web前端工程師百度議題RIA與應(yīng)用平臺(tái)趨勢(shì)Silverlight應(yīng)用架構(gòu)界面模型邏輯分層網(wǎng)絡(luò)訪問(wèn)平安機(jī)制百度Silverlight應(yīng)用RIA與應(yīng)用平臺(tái)趨勢(shì)純Web在Web上實(shí)現(xiàn)通過(guò)Web部署WebDesktopRIAHTMLRichnessReachDHTMLAJAXSilverlightWinFormWPFPlug-in界面更美觀像桌面應(yīng)用動(dòng)畫多媒體Silverlight架構(gòu)純Web界面更美觀開發(fā)更高效SilverlightRuntimePresentation

CoreCoreCLRSmallBCLGarbageCollectorSecurityExceptionLoaderDebuggingXAMLMediaDRMSilverlight應(yīng)用架構(gòu)BrowserSilverlightSilverlightWebServerB/LB/LB/L邏輯分層平安機(jī)制網(wǎng)絡(luò)訪問(wèn)界面模型界面模型如何與HTML頁(yè)面結(jié)合？三種選擇RIA與HTMLRIA與RIA單體RIA模塊粒度松散耦合本地通訊MVC/MVPRIA與RIA－本地訪問(wèn)Silverlight與HTML對(duì)象：JavaScript接口Silverlight應(yīng)用之間：本地消息Domain1本地消息接受者LocalMessageReceiver本地消息發(fā)送者LocalMessageSenderDomain2本地消息接受者LocalMessageReceiver本地消息發(fā)送者LocalMessageSender單體RIA－按需加載Silverlight應(yīng)用應(yīng)用Package(.xap)In-Package文件應(yīng)用程序集(.dll)ApplicationClassApplicationClass資源文件Library程序集ApplicationClassApplicationClass資源文件ExternalPart程序集Library程序集ApplicationClassApplicationClass資源文件On-Demand程序集Library程序集ApplicationClassApplicationClass資源文件EntryPoint〔緩存〕〔延后〕界面模型－控制流轉(zhuǎn)面向頁(yè)面vs.面向GUI頁(yè)面GUISilverlight導(dǎo)航：相對(duì)于Application的狀態(tài)NavigationFramework：Frame,Page<HyperlinkButton

TargetName="MainContent“NavigateUri="/Views/List/Products.xaml"></HyperlinkButton>邏輯分層多層架構(gòu)VS.C/S架構(gòu)Silverlight應(yīng)用定位邏輯寫在何處？與ASP.NETMVC的關(guān)系？簡(jiǎn)單展現(xiàn)邏輯包含較多邏輯安全性暴露展現(xiàn)數(shù)據(jù)暴露業(yè)務(wù)邏輯和數(shù)據(jù)耦合性服務(wù)可以復(fù)用邏輯在客戶端靈活性簡(jiǎn)單展現(xiàn)前臺(tái)靈活業(yè)務(wù)類型業(yè)務(wù)處理在后臺(tái)業(yè)務(wù)處理在前臺(tái)邏輯分層–與ASP.NETMVC結(jié)合僅傳遞用于顯示的對(duì)象以REST調(diào)用為主與ASP.NETMVC結(jié)合publicclassCategoryController:Controller

{publicActionResultProducts(intid)

{returnJson(prods);//returnView();

}ASP.NETMVC業(yè)務(wù)邏輯層SOAPREST網(wǎng)絡(luò)訪問(wèn)WebService訪問(wèn)方式不同資源/REST

vs.調(diào)用/RPCREST具象狀態(tài)傳輸U(kuò)RI資源的狀態(tài)Http標(biāo)準(zhǔn)操作Get/PostRPC簡(jiǎn)單對(duì)象訪問(wèn)協(xié)議SOAP方法調(diào)用，復(fù)雜語(yǔ)義Http-BasedWebServiceSOAPREST網(wǎng)絡(luò)訪問(wèn)－RPC/SOAP方式效勞端處理WCF支持SOAP客戶端調(diào)用－Proxy使用VisualStudio菜單工具AddServiceReference命令行工具SLsvcutil.exeSilverlight版本的svcutil.exe基于ChannelModel開發(fā)最靈活的方式網(wǎng)絡(luò)訪問(wèn)－REST方式效勞端處理WCF支持REST[OperationContract][WebGet(UriTemplate="Northwind/Order/{orderId}")]OrderInfoMsgGetOrderInfo(stringorderId);客戶端調(diào)用WebClient數(shù)據(jù)處理XML:XmlReader,LinqtoXML,XmlSerializerJSON:LinqtoJSON,DataContractJsonSerializerRSS/AtomFeeds:網(wǎng)絡(luò)訪問(wèn)－REST與SOAP比較RESTSOAP互操作性更優(yōu)是伸縮性容易是復(fù)雜度簡(jiǎn)單較復(fù)雜協(xié)議僅HTTP多種協(xié)議安全性傳輸層加密消息層加密事務(wù)不支持支持處理邏輯面向資源面向調(diào)用平安機(jī)制認(rèn)證(Authentication)授權(quán)(Authorization)身份傳遞(Credential)消息加密(Encryption)平安機(jī)制–身份傳遞身份信息如何傳遞給后臺(tái)效勞？Browser-Based(自動(dòng))WindowsAuthenticationASP.NETFormAuthentication/CookiesMessage-Based(手工)URL參數(shù)消息頭包含Username/Password或TokenBrowser-BasedAuthenticationExamplewithCookies+FormsAuthBrowserE.g.:ASP.NETlogin

User:

Password:YourDomainCredentialsAuthinfo(cookie)Servicecalls+AuthinfoBrowser-BasedAuthentication LoginthroughSilverlightUser:

Password:YourDomainCallwithcredentialsto

ASP.NETAuthServiceReplycontainscookieServicecalls+AuthinfoASP.NETAuthServiceBrowserBrowser-BasedAuthenticationUsingWindowsAuthenticationWindowslogin

User:

Password:YourDomainServicecalls+CredsBrowserMyBankLogin

User:

Password:MyBankCredentialsAuthinfo(e.g.cookie)惡意請(qǐng)求+Authinfo惡意網(wǎng)站惡意程序Couldstealor

changedata

ifprotectionwasn’tinplace

Browser-BasedAuthentication:

Cross-DomainThreatMessage-BasedAuthenticationIdentitymanagedbySilverlight,nottheBrowserUser:

Password:YourDomainCredsareaddedbySilverlight,notbrowserNo

credsBrowser惡意網(wǎng)站Message-BasedAuthentication:選擇1:修改接口[OperationContract]publicdecimalGetActBal

(intactID,stringuser,stringpwd);選擇2:通過(guò)WCF的WS-Security在SOAP包頭中自動(dòng)插入身份信息<basicHttpBinding><bindingname="myBinding"><securitymode="TransportWithMessageCredential"><messageclientCredentialType="UserName"/></security><sTransport/></binding></basicHttpBinding>平安機(jī)制–認(rèn)證和授權(quán)效勞端如何認(rèn)證和授權(quán)？Message-Based身份if(!OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.IsAuthenticated)thrownewSecurityException();//標(biāo)準(zhǔn)WCF方法Browser-Based身份if(!.Identity.IsAuthenticated)thrownewSecurityException();//ASP.NETMembership平安機(jī)制–消息加密傳輸層加密消息層加密點(diǎn)到點(diǎn)安全，從Brower到Server端到端安全，從App到App對(duì)整個(gè)消息加密可以對(duì)消息的局部加密支持單一傳輸協(xié)議，例如HTTP支持混合傳輸協(xié)議，例如HTTP+TCP常用實(shí)現(xiàn)：HTTPS,SSL常用實(shí)現(xiàn)：SOAPWS-Security完整，真實(shí)，防篡改兩種選擇：傳輸層加密，消息層加密Silverlight應(yīng)用架構(gòu)界面模型邏輯分層網(wǎng)絡(luò)訪問(wèn)平安機(jī)制百度應(yīng)用Silverlight版百度Hi界面模型選擇單體RIA源自Web版的風(fēng)格Silverlight3.0暫時(shí)缺乏多窗口模型單體RIA的問(wèn)題耦合度高，難以維護(hù)——來(lái)自Web版的經(jīng)驗(yàn)利用MVC別離來(lái)解決Code-BehindASPX/XAML(View)CS/VB(Code-Behind)從Win/WebForms到MVC<ButtonOnClick=“…〞>…</Button>privatevoidButton_OnClick(…){…}從Win/WebForms到MVCMVCASPX(View)CS/VB(Controller)<formaction=“…〞>…</form>publicActionResultSearch(…){ViewData=…;returnView();}ViewDataSilverlightMVC實(shí)踐BindingXAML(View)CS/VB(Controller)<ButtonClick=“…〞>…</Button>privatevoidButton_Click(…){…Counter.Value++;}BindingSilverlightMVC實(shí)踐BuilderXAML(View)CS/VB(Controller)<ButtonClick=“…〞>…</Button>privatevoidButton_Click(…){Counter.Value++;builder.Update();}Builder邏輯分層統(tǒng)一調(diào)用百度IMAPI隱藏后端邏輯百度IMAPISilverlight版百度Hi網(wǎng)頁(yè)版百度Hi第三方客戶端〔方案支持〕異步模型調(diào)用單個(gè)異步函數(shù)RetrieveUserAsync(username)

.AddCallback(user

=>ProcessUser(user));多個(gè)異步函數(shù)組成工作流Async.Chain()

.Next(context=>FirstStep(context))

.Next(context=>SecondStep(context))

.Next(context=>Th