First things first: my trial period is over, so since this month I’m a “real” employee of Olbico
I’ve created dynamic web services. Turned out to be a bit more difficult then I expected, since the requirements were quite strict: secure communication, but no client-installs, and the response had to be dynamic, specific for the user that logged in.
First problem was that the default serializing of dynamic objects in WCF doesn’t quite work like you would expect (you can’t deserialize the XML to a proper object anymore), so a custom serializer for the dynamic objects (to be used in the response).
To further complicate things, the WSDL needed to be user-specific. A users logs in and request his/her WSDL. This turned out to be not too difficult, except for the “logs in” part. We didn’t want to work with client certificates, but we had decided to create some security by communicating over HTTPS. To do that with WCF, I needed to create a custom user-authenticator that supports a username/password digest in the request-headers. Google is your friend!
So customers now have (well: will have, it’s not in production yet) their own WSDL, and they can create strong-typed clients on their side, and all data is transferred over in an encrypted way. YEAH!
From our point of view, we only have to maintain one web service/endpoint. All configuration is done in the database. So a new customer gets a login, we define what can be requested (that’s a subscription/payment thing), and the web service now does the rest. No reconfiguration needed. Double YEAH!!