Feeds

Project Astoria a hit at TechEd

Cleaner than SOAP

Combat fraud and increase customer satisfaction

There was a buzz last week at TechEd about Project Astoria. The reason is that it promises to simplify development of web applications that deal with data - which is most of them. Astoria is a REST API for ADO.NET, and hooks into the new Entity Framework object-relational mapping layer. Therefore, it solves two problems in one go.

Here's a quick look at how it works. Let's assume you have a database which stores some information you want to present in your web application. Step one is to use Visual Studio to generate an Entity Data Model from your database.

Next, you tweak the model so it looks as close as possible to the objects you are storing. The framework should deal with the complexities of mapping collections to linked tables and so on.

Now you create a new ADO.NET Data Service (sadly, this may well be the official name for Astoria), and point the service at your model. By default a new service does not expose any data, for security reasons, but by writing an InitializeService method you can configure which objects you want to publish.

Run the service, and the objects in your model are now URL-addressable. It's pretty flexible. For example:

[serviceurl]/Products : return all the products (yes, you can do paging).

[serviceurl]/Products[2]: return the product with an ID of 2.

[serviceurl]/Products[Color eq 'Blue']: return all the blue products.

[serviceurl]/Customers[2]/Orders/:return all the orders for the customer with an ID of 2.

The data comes back in either ATOM or JSON format. Naturally, each element in the returned data includes its URL. Let's say you have an AJAX application so you are calling this service from JavaScript. Iterating through the results and populating an HTML list or table is easy, especially as Astoria includes a client JavaScript library. There is also a client library for .NET applications. You can also add or update data with HTTP PUT, or remove it with DELETE.

You can extend your Astoria API by adding arbitrary methods that have the [WebGet] (or presumably [WebPut] or [WebDelete]) attribute. You can also add "interceptors" - code that gets called just before requests are executed, to enable validation or custom security.

Presuming it works as advertised, Astoria is a more natural and concise way to handle data than SOAP web services, and easier than devising your own techniques. It should work well with other technologies such as Adobe's Flex. It will play nicely with mash-ups, since many other services out there use ATOM or JSON. It is a natural fit with AJAX and will work well with Silverlight - see here (Silverlight 1.1 Alpha required) for an example.

Astoria will not be finished in time for the initial release of Visual Studio 2008, though reading between the lines it might be done in time for SQL Server 2008. It will work with any database server for which there is an Entity Framework provider. I was assured that creating such a provider is relatively easy, if you already have an ADO.NET 2.0 provider, so it is reasonable to expect wide support.

I think this will be popular.

This article originally appeared in ITWriting.

Copyright (c) 2007, ITWriting.

A freelance journalist since 1992, Tim Anderson specialises in programming and internet development topics. He has columns in Personal Computer World and IT Week, and also contributes regularly to The Register. He writes from time to time for other periodicals including Developer Network Journal Online, and Hardcopy.

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.