Web Service

Web Service enables you to set up metadata-driven, Web-Service queries that can be called by the ExecuteMethod web method in xWeb or the XslGenerator in CMS.

A Web Service consists of the following three records:

• Web Method - A Web Service will have one or more Web Methods. Each Web Method is like a query. For example, you might have one web method that returns a list of events, another that returns a list of sessions for a particular event, and another that returns a list of members based on a search criteria.
• Web Method Node - Each Web Method will have one Node. In the Node, enter the SQL Command and any parameters that will be run. When calling programs such as ExecuteMethod invoke a particular Web Method, it will run the SQL command in the Node and return those results as XML.
• Web Method Security - Each Web Method may have one or more security records that limit which users can run the method. This security structure is used in different ways by different calling programs.

Web Service

The Web Service is the parent record. Think of Web Service as a way to categorize or classify your Web Methods.

You will add a Web Service in the Toolkit module.

Enter the web service name and web service namespace.

Web Method

A Web Service will have at least one Web Method and may have as many as required.

• Web Method - The name of the web method. Must be unique within the Web Service.
• Notes - Used to record notes for internal use only.
• Allow Anonymous Access - Used in different ways by different programs. XslGenerator ignores this. ExecuteMethod will not check Web Method Security if this check box is selected, but will still require the program to Authenticate. Abila recommends clearing this check box.

Web Method Node

• Node Name - The name of the node. Enter xml.
• Node SQL - Enter the SQL command to run and enter any parameters with braces in order to parse values. The SQL command you enter must use FOR XML PATH mode. See xWeb: ExecuteMethod Case Study1 and XslGenerator: Event Calendar and Detail using FOR XML PATH for samples.

Web Method Security

Web Method Security is used in different ways by different programs.

• When setting up a Web Method for XslGenerator, this section is ignored.

• When setting up a Web Method for ExecuteMethod, add any xWeb Users who are authorized to run this Web Method by entering their user names in the Server IP field. Add one record for each xWeb user. If you select the allow anonymous access check box for the web method, you do not need to add any security records. We recommend not selecting allow anonymous access to better manage your security.

• When writing .NET code, use this security. See DynamicXmlBuilder class for more information.

Set Up

Using the authorized web servers child form on the Web Method page, you can assign which users are allowed to run which ExecuteMethod web methods via the userName parameter in Authenticate method.

ExecuteMethod will not allow a program to run the web method unless it has successfully authenticated with a valid userName/password.

With this approach, you can define many web methods but allow only certain users to run each web method. If a calling program passes a valid token but is not configured as an authorized user for that web method, an exception will be thrown by the web method.

You may turn off this security for any web method by selecting the allow anonymous access check box. Clearing this check box will not make this method callable by anyone. Any programming attempting to call this web service still must successfully call the Authenticate web method. ExecuteMethod does not implement table/column security in the way that GetQuery and other xWeb methods do. The assumption is that if you develop an ExecuteMethod web method definition, and permit a calling program to run it, you are OK with the data that program will get from calling the web method.

You may also enter the from date and through date. If these are left empty, access is indefinite. The server name is for internal reference and is not used by the system.

Metadata Caching

When making a change to the nodes, clear the cache. This will affect the ExecuteMethod web method.

For the ExecuteMethod implementation of this feature, the Web Method Security setup is cached with a 10-minute sliding expiration for performance purposes. xWeb checks the database for permissions and saves this in memory for 10 minutes after the last time it was accessed.