Home > Articles > Data > SQL Server

SQL Server Reference Guide

Hosted by

Using SQL Server as a Web Service

Last updated Mar 28, 2003.

All versions of Microsoft SQL Server versions can be networked and support TCP/IP. And all versions and releases can certainly be used as a “back end” to an Internet or Web Page based system. But SQL Server can also provide specific services aimed at the Internet. In this overview I'll introduce you to a few functions and features in SQL Server that make it a great platform to serve web-based applications, as a service. Since this is big topic, this overview seeks to uncover some of the bigger concepts and a couple of features you can use to make SQL Server act as a true web service.

In the past, most relational database systems, SQL Server included, were only one part of an application that could truthfully be called a "Web Service." The W3C formally defines a Web Service as clients and servers that communicate XML messages that follow the Simple Object Access Protocol (SOAP) standard.

Actually, it involves more than just that simple definition. To be properly considered as a Web Service, your application should contain at least a Service Provider, a Service Broker, and a Service Requester.

A Service Provider is a set of code that can transmit and receive an XML Message. This often means that the files are in the Web Services Description Language (WSDL) format, which is just an XML file that contains the description of either code that the system can run or the data it needs.

The Service Broker function is implemented differently based on which vendor or product you look at. As a broad-description, the Service Broker is the connection and message manager for a Web Service. What that means is that an application requests a service from the Service Broker, which then locates a Service Provider (which might be on the same system) to fulfill the request and do something — at least this is one implementation of a Web Service. Again, it's different based on which vendor has implemented the solution, as some have the client talk directly to the Service Provider component, by passing the Service Broker entirely.

The Service Requester is just the client. Keep in mind that the "client" might even be another application, or in some implementations this component might also contain another Service Broker.

Let's take a concrete example of a Web Service based application. In a smaller environment, a server usually fills several roles. The organization might run its entire financial system on one application, In larger environments, however, multiple servers and applications might be used to run even just one aspect of a financial system. One server might control inventory, and another server might handle accounts payable. The Accounts Payable system usually contains the names of the organization's clients. Why store that data twice? It would be more useful if the inventory application could contact the Accounts Payable system and ask for the name and location of the client. In fact, if the inventory control system is not in the same physical location as the Accounts Payable system, you have an additional requirement. The systems need to be able to communicate not only across a network you own, but the public network, or Internet. This is where Web Service architectures come into play. The inventory control system sends out a secure request for data from the local Service Broker to the Service Broker on the other side of the public network. That Service Broker knows which servers can answer the request, and run a program to get the data from the Service Provider, routes it back to the calling Service Broker, which sends it back to the calling application. The user is completely unaware of all this traffic.

Another, simpler example is the Web itself. If you're reading this overview in a web browser, then a server has the data (text and graphics) waiting all the time for someone to call for it. Your browser acts as the Service Requester, and the HTTP engine on the Web Server here at InformIT responds. Of course this interaction doesn't involve a formal Service Broker, or use the WSDL formats. But it still fits the broader definition of a web service.

Earlier I mentioned that most database systems were only part of a Web Service. The reason is that the database platform served data or responded to requests from a more traditional application, even if that application was fired from a formal Web Services request. In some ways, this is still true when people discuss how their database platforms perform as a Web Service.

But in a more inclusive definition, you can also think of any method that ends up serving SQL Server data to an HTML or HTTP output as a Web Service — or a Service on the Web. I think that's a fair definition, at least from the standpoint of a read-based operation.

For SQL Server, this definition is what I use when I talk about versions prior to 2000. SQL Server version 7 didn't have many Web-based innovations, other than one: The Web Assistant Wizard, which I've covered in another tutorial. This handy tool basically takes a query, view or stored procedure and creates a web page from the results, and you can store the page locally or on another server. You can also schedule the results for on-demand, on a schedule, or even when data changes. I still find this a useful tool to watch the results of my maintenance plans. By querying other maintenance data in SQL Server, you can use this simple, easy-to-create result set as a quick reporting system.

Beginning in SQL Server 2000, Microsoft included some basic XML features in the database. Still in the category of being only part of a Web Service, I've explained how you can use it to create Really Simple Syndication (RSS) feeds from a SQL Server database. You can still do that with the current version of SQL Server.

Also beginning in SQL Server 2000 (although as an add-on), Microsoft added the Reporting Services application so that SQL Server data can be displayed in a very rich format to the Web. In SQL Server 2005, this service ships with the Engine, although you don't have to install it. In both cases Reporting Services still requires the Windows Internet Information Server to be able to render the reports. I've explained how you can use this application in another tutorial.

You can also use Using HTTP with SQL Server XML, as I've explained here. In this application, you can receive and send data back and forth to a SQL Server database. There is some danger here, however, because of a well-known exploit on SQL Server called "SQL Injection Attacks." This happens when you have an application that either sends a query using the URL bar (as in my examples) or allow the user to enter fields that are part of a query. All an attacker has to do is enter characters that break the query in half, and then insert his own query. So obviously this kind of Web interactions has risks involved. By the way, there are ways to mitigate these attacks, such as limiting the kind of entries that can go in a box and not sending the query through a URL.

But starting in SQL Server 2005, the database platform has the bragging rights to actually be a full-fledged Web Service platform. That came with the introduction of the Service Broker, which I explain briefly in another tutorial. The Service Broker is the true middle component I described earlier, and it has the technology built right into the database engine, so you don't have to use Windows Internet Information Server to interact with the Web.

In fact, starting in SQL Server 2008, you no longer require Internet Information Services (IIS) in Windows to run Reporting Services in SQL Server

With the Service Broker, you can create Endpoints, which are ports in the server that listen for WSDL traffic. You can use them to connect two systems or speak directly to an application, and you can schedule and batch operations that return data or even do other work. You can also string them together to form a complete chain of actions. It's a big topic, so I suggest you read the overview I mentioned earlier as a good starting point.

As you can see, Microsoft SQL Server has come into its own regarding Web Services. Over time, you'll see more and more of these implementations as Service Oriented Architectures (SOA) become more prominent.