Implementing HTTP
Endpoints
Chapter 10
When organizations need to make the data available
to users spread across various locations, they
implement Web applications. These Web
applications make use of certain services, known as
Web services that provide programming support and
help the applications to interact with the database
server. To allow communication between the Web
services and the database server, you need to
provide access through additional ports on the
Internet firewall. This increases the security threat to
the organization.
SQL Server 2005 provides native Hypertext
Transfer Protocol (HTTP) support that allows you to
create Web services on the database server. These
Web services expose Web methods that the Web
applications can access by using the HTTP
endpoints.
This chapter introduces you to Web services. Next,
it discusses the role of the HTTP endpoints in the
Web service architecture. Further, it explains how to
implement HTTP.
In this chapter, you will learn to:
 Define the Hypertext Transfer Protocol
endpoints
 Implement the Hypertext Transfer Protocol
endpoints for Web services
Objectives

¤NIIT Implementing HTTP Endpoints 10.3
Consider a scenario of a large-scale enterprise that has a number of sales executives. The
management has decided to provide Personal Desktop Assistant (PDA) devices to the
sales executives so that they can log the sales details online. In addition, the executives
need to connect the PDA device to the database server. Providing direct access from a
PDA device to the database server involves a high cost. Instead, the management can
implement Web services through which each sales executive can log the sales details.
A Web service is a collection of methods or functions where each method provides a
specific functionality. When a client sends a request, a Web service accesses data on a
predefined set of business logic from the server and returns the data to the client. SQL
Server 2005 provides the native support for Web services through the database engine
using HTTP. HTTP is the protocol used for communication over the Internet. With this
feature, you can create Web services in the SQL Server. Further, you can create the HTTP
endpoints to expose these services to the clients who can directly access these services
over the Internet.
The Web services are based on the Service-Oriented Architecture (SOA). Therefore,
before you understand how the Web services are implemented in the SQL Server, it is
essential to know about the SOA.
SOA is an extension of distributed computing based on the request/reply design pattern. It
follows the n-tier architecture where the business logic of an application is modularized
and presented as services. The architecture involves two types of entities, service provider
and service consumer. A service provider implements a set of services in the form of
functions. In addition, the service provider exposes its functionality through an interface.
A service consumer uses the interface to make requests to the service provider to use the
services.
Introduction to HTTP Endpoints
Introduction to SO
A
10.4 Implementing HTTP Endpoints ¤NIIT
The service provider processes the request and sends a reply to the consumer, as shown in

the following figure.
The SOA
Consider an example of a large business organization that has a number of clients using
diverse hardware and software platform, such as a PDA, laptop, Linux, Tablet PC, or a
mobile phone. In such a scenario, an architecture that enables communication between
different types of clients and servers is required. SOA allows creating interoperable
services that can be accessed from heterogeneous systems. Interoperability enables a
service provider to host a service on any hardware or software platform that can be
different from the platform on the consumer end.
In addition, SOA provides the following benefits:
1. Enables better reusability of existing business logic in the enterprise and allows you
to create applications that can be built on the new and existing applications. For
example, a service provides logic to validate the identity of a customer. If you need
to build two different business applications that need to validate identity of a
customer, you can use the same service for that purpose.
2. Enables changes to applications while keeping clients or service consumers isolated
from the changes. In the preceding example of a service that validates the identity of
a customer, if you need to update the logic of this service, you can only update the
service. You do not need to make any change in the business applications that use the
service.
A Web service is a set of functions that provide programmable logic used by client
applications over the Internet. These services are based on the SOA and communicate
through the Simple Object Access Protocol (SOAP). SOAP is an XML-based message
envelop based on HTTP. The clients send and receive messages in the XML format and
communicate with the service by using HTTP.
Introduction to Web Services
¤NIIT Implementing HTTP Endpoints 10.5
For example, a Web service provides the latest stock details of a stock exchange. Various
websites that need to display the stock details can use this service to get the latest updates.
This service will use SOAP to communicate with the clients.

A Web service is implemented in the Internet environment, as shown in the following
figure.
Web Services
A Web service encapsulates the implementation of the functions and provides an interface
through which the clients can call these functions. This interface is provided in the XML
format in an industry standard called Web Services Definition Language (WSDL). WSDL
is a document that is used by the Web clients to retrieve information about the names of
the methods and their parameters.
Each Web service needs to be published by using a protocol called Universal Description,
Discovery and Integration (UDDI). UDDI helps the client applications locate the
published Web services.
Web services provide the following benefits:
 Interoperability: A Web service communicates by using the HTTP protocol, which
is the standard protocol followed by the industry. Therefore, a Web service can be
used by any client application that can communicate through HTTP.
 Multilanguage support: A Web service can be created by using any programming
language.
10.6 Implementing HTTP Endpoints ¤NIIT
Just a minute:
 Reusability: A Web service created for a particular application can be reused in
other applications as it follows the industry standards for implementation and
communication.
Web Services in SQL Server
A Web service provides a programming logic to implement a business rule. It can also
manipulate data in a database server. SQL Server 2005 provides the native HTTP support
within the database engine that allows database developers to create Web services. This
allows the database users to interact with the database over the Internet by using a Web
service.
When you use the native Web services of the SQL Server, you can send SOAP messaging
requests to an instance of the SQL Server over HTTP to run the following:

 Transact-SQL batch statements, with or without parameters.
 Stored procedures and scalar-valued user-defined functions.
Which of the following describes the Web services?
1. WSDL
2. SOAP
3. UDDI
Answer:
1. WSDL
¤NIIT Implementing HTTP Endpoints 10.7
Just a minute:
Which of the following helps in finding a Web service?
1. WSDL
2. SOAP
3. UDDI
Answer:
3. UDDI
To use the native XML Web services of the SQL Server, you need to establish an HTTP
endpoint at the server. This endpoint is the gateway through which HTTP-based clients
can send queries to the server. An HTTP endpoint listens and receives client requests on
port 80. These requests are listened and routed to the endpoint by the Http.sys listener
process.
Identifying the Role of HTTP Endpoints in a Native Web
Service Architecture
10.8 Implementing HTTP Endpoints ¤NIIT
Just a minute:
The following figure shows how the HTTP endpoint allows users to communicate with
the Web services implemented on the SQL Server.
The HTTP Endpoint Architecture
After establishing an HTTP endpoint, you can create stored procedures or user-defined
functions that can be made available to endpoint users. These procedures and functions

are also called as Web methods. The Web methods together can be called a Web service.
The SQL Server instance provides a WSDL generator that helps generate the description
of a Web service in the WSDL format, which is used by the clients to send requests.
On which of the following ports does the SQL Server listen for HTTP requests?
1. 80
2. 90
3. 70
Answer:
1. 80
¤NIIT Implementing HTTP Endpoints 10.9
As a database developer, you can configure an instance of SQL Server 2005 as a Web
service that can listen natively for HTTP SOAP requests. To perform this task, you need
to create HTTP endpoints and define the properties and methods that an endpoint exposes.
An HTTP endpoint opens the database to all the trusted users of your data. At times, you
might need to restrict the access to the data to selected users only. Therefore, it is
important to secure the HTTP endpoints by granting permissions to only selected users to
access an HTTP endpoint.
As a database developer, you need to create HTTP endpoints to allow users to access a
Web service implement in the database engine. For example, for an organization, you
need to allow the sales executives to add or update order details in a database. For this,
you can create a Web service and an HTTP endpoint through which the users will execute
the service.
Before implementing an HTTP endpoint, you need to first create the database code that
provides the functionality to the client applications.
Creating the Required Database Code
To provide access of data to various users on the net, you need to create stored procedures
or functions which further will be converted into Web method. The code allows the users
to perform data manipulations or generate reports that are further accessed from the
Internet.
Consider an example, where the database users need to frequently generate reports that

display the aggregated sales data or to retrieve details of customers in a particular region
of an organization. You can create stored procedures that generate the desired results.
Creating an HTTP Endpoint Object
After creating the database objects, you need to create an HTTP endpoint. This object
provides the users with a connecting point through which they can access the
implemented functions.
When you create an HTTP endpoint, the SQL Server converts the database objects into
Web methods. These Web methods return data that is compatible with the Web standards.
These Web methods can be called from any client applications, regardless of the platform
of the client applications, to access data.
Implementing the HTTP Endpoints for Web Services
Creating HTTP Endpoints
10.10 Implementing HTTP Endpoints ¤NIIT
You can use the CREATE ENDPOINT statement to create an HTTP endpoint. The syntax
of the CREATE ENDPOINT statement is:
CREATE ENDPOINT endpoint_name
STATE = { STARTED | STOPPED | DISABLED }
AS HTTP ( AUTHENTICATION =( { BASIC | DIGEST |
INTEGRATED | NTLM | KERBEROS },
PATH = 'url',
PORTS = (CLEAR) )
FOR SOAP(
[ { WEBMETHOD [ 'namespace' .] 'method_alias'
( NAME = 'database.owner.name'
[ , SCHEMA = { NONE | STANDARD | DEFAULT } ]
[ , FORMAT = { ALL_RESULTS | ROWSETS_ONLY } ])

} [ , n ] ]
[ BATCHES = { ENABLED | DISABLED } ]
[ , WSDL = { NONE | DEFAULT | 'sp_name' } ]

where,
Endpoint_name is the name of the endpoint that you want to create.
STATE = { STARTED | STOPPED | DISABLED } specifies the state of the endpoint when
it is created.
AUTHENTICATION = ( { BASIC | DIGEST | NTLM | KERBEROS | INTEGRATED })
specifies the authentication method that will be used to verify the clients accessing the
endpoint. This parameter accepts any of the following values:
 BASIC: Basic authentication contains the user name and password in an encoded
format separated by a colon. It can be useful when the endpoint needs to be accessed
locally or on the server itself.
 DIGEST: In digest authentication, the user name and password is hashed by using
MD5, which is a one-way hashing algorithm. The username and password sent by
using digest authentication must be mapped to a windows account. Digest
authentication can be used for crucial data that needs to be accessed when required.
 NTLM: This protocol uses encryption for secure transmission of passwords. It provides
more security than Basic or Digest authentication.
 KERBEROS: Kerberos authentication is an internet standard authentication. While
using this mechanism, the SQL server must associate a Service Principal Name with
the account accessing the endpoint.
 INTEGRATED: Integrated authentication can use NTLM or Kerberos authentication to
authenticate the client. Integrated authentication can authenticate the client with the
type the client requests.
¤NIIT Implementing HTTP Endpoints 10.11
N
ote
PATH = 'url' specifies the Uniform Resource Locator (URL) path which is a the
location where the endpoint will be stored on the host computer. The name of the host
computer is specified by the SITE parameter.
PORTS= ( { CLEAR | SSL} [ , n ] ) specifies one or more listening port types that
are associated with the endpoint. This parameter can accept CLEAR or SSL. Clear

specifies that the incoming requests should be coming from HTTP where as SSL specifies
that the requests should come for secure http(HTTPS).
[ WEBMETHOD [ 'namespace' .] 'method_alias' ] is the method that will be used to
accept the requests from the http client. Method_alias specifies an alternate name for a
Web method that a client can use to access the method.
NAME = 'database.schema.name' specifies the name of the stored procedure or user-
defined function that corresponds to the SOAP method specified in WEBMETHOD.
[ SCHEMA = { NONE | STANDARD | DEFAULT } ] determines whether an inline XSD
schema will be returned for the current Web method in the SOAP responses. You can use
any of the following types with the SCHEMA parameter:
 NONE: The XSD schema is not returned for the SELECT statement results sent
through SOAP.
 STANDARD: The XSD schema is returned for the SELECT statement results sent
through SOAP.
 DEFAULT: Defaults to the endpoint SCHEMA option setting.
If a schema is not specified or if this option is set to DEFAULT, the SCHEMA option
specified for the endpoint determines whether the SCHEMA for the method result is
returned.
[ FORMAT = { ALL_RESULTS | ROWSETS_ONLY } ]
specifies what will be returned by
the Web method. The default is ALL_RESULTS. You can use any of the following with
the FORMAT parameter:
 ALL_RESULTS: Returns a result set, a row count, error messages, and warnings in the
SOAP response.
 ROWSETS_ONLY: Returns only the result sets.
BATCHES = { ENABLED | DISABLED } Specifies that whether the endpoint will process
the ad hoc requests or not.
WSDL = { NONE | DEFAULT | 'sp_name' } indicates whether the WSDL document
generation is supported for this endpoint. If NONE, no WSDL response is generated or
returned for the WSDL queries submitted to the endpoint. If DEFAULT, a default WSDL

10.12 Implementing HTTP Endpoints ¤NIIT
N
ote
response is generated and returned for the WSDL queries submitted to the endpoint. In
exceptional cases, where you are implementing custom WSDL support for the endpoint,
you can also specify a stored procedure by name that will return a modified WSDL
document.
You need to be a member of the sysadmin role to create an endpoint.
Consider an example. You have created a procedure, getSalesDetails that returns a result
set. You need to create an HTTP endpoint named sqlEndpoint to provide the
getSalesDetails procedure as a Web method. For this, you need to use the following
statement in the SQL Server:
CREATE ENDPOINT sqlEndpoint
STATE = STARTED AS HTTP(
PATH = '/sql',
AUTHENTICATION = (INTEGRATED ),
PORTS = ( CLEAR ), SITE = 'SERVER' )
FOR SOAP (
WEBMETHOD 'getSqlInfo' (name='master.dbo.xp_msver', SCHEMA=STANDARD
),
WEBMETHOD 'getSalesDetails' (name='master.sys.fn_MSdayasnumber'),
WSDL = DEFAULT, SCHEMA = STANDARD, DATABASE = 'master', NAMESPACE =
' );
In the preceding code, getSalesDetails is the name of the procedure that will be converted
into a Web method. The authentication type used is INTEGRATED and the URL of the
endpoint is “/sql”.
¤NIIT Implementing HTTP Endpoints 10.13
N
ote
Just a minute:

While creating the endpoint, you may get the following error
Msg 7890, Level 16, State 1, Line 1
An error occurred while attempting to register the endpoint 'hrDetails'. One or more of
the ports specified in the CREATE ENDPOINT statement may be bound to another
process. Attempt the statement again with a different port or use netstat to find the
application currently using the port and resolve the conflict.
This error occurs when the port 8080 is being used by some other service and is not
free to host any other service.
To resolve the error, you need to use the following statement:
PORTS = ( CLEAR ), Clear_Port = 8080, SITE = 'localhost' )
The preceding statement clears the port 8080 and allows you to
host the current endpoint at this port.
While creating an HTTP endpoint, which of the following format will you use to return
only the result set to the user?
1. ROWSET_ONLY
2. ALL_RESULT
3. NONE
Answer:
1. ROWSET_ONLY
A Web service displays data on the Internet to trusted suppliers, customers, or business
partners. However, you need to ensure that only appropriate people gain access to a
critical data. Therefore, it is important to secure the HTTP endpoint.
Securing HTTP Endpoints
10.14 Implementing HTTP Endpoints ¤NIIT
To secure endpoints, you need to perform the following steps:
1. Create appropriate user accounts within the database: You need to create
appropriate user accounts for the users who need to access the database.
2. Grant permissions for any stored procedure or user-defined functions that the
user or roles need to access by using the Web service: After allowing the users to
access the database, you need to provide the execute permissions on the database

objects that will be accessed by the endpoint.
3. Grant permissions to allow users or roles to connect to the HTTP endpoints: To
allow the users to execute the database objects over the Internet, you need to allow
the users to connect to the endpoint through which the users will connect to the Web
service.
¤NIIT Implementing HTTP Endpoints 10.15
Problem Statement
The database server of AdventureWorks, Inc. is located at Bothell. The organization has
various offices located at various locations spread across the globe.
According to the requirements, the users need to access the data of all the employees at
various locations. Users might also need to use PDAs or mobile phones to access these
details. As a database developer, you have decided to implement a Web service that
allows the users to access the data using the Internet.
How will you implement this service inside the AdventureWorks database?
Solution
To solve the preceding problem, you need to perform the following tasks:
1. Create a procedure.
2. Create an HTTP endpoint for SOAP.
3. Verify the creation of HTTP endpoint.
Task 1: Creating a Procedure
To create a procedure that will display the details of all the employees, you need to
perform the following steps:
1. Write the following statement in the Query Editor window of the Microsoft SQL
Server Management Studio window:
CREATE PROCEDURE hrDetails AS
SELECT e.employeeid AS 'Employee ID',
h.firstname AS 'Employee Name', g.name AS 'Department Name',
e.hiredate AS 'Date of Joining', j.addressline1 AS 'Employee
Address'
FROM HumanResources.Employee AS e

join HumanResources.EmployeeDepartmentHistory AS f ON
e.employeeid = f.employeeid join HumanResources.Department AS g
on f.departmentid = g.departmentid
JOIN Person.Contact AS h on e.contactid = h.contactid
JOIN HumanResources.EmployeeAddress AS i ON
e.employeeid = i.employeeid JOIN Person.Address AS j
ON i.addressid = j.addressid
Activity: Implementing HTTP Endpoints
10.16 Implementing HTTP Endpoints ¤NIIT
2. Press the F5 key to execute the statement.
Task 2: Creating an HTTP Endpoint for SOAP
To create an HTTP endpoint that will access the hrDetails, you need to perform the
following steps:
1. In the Query Editor window, type the following statement to create an HTTP
endpoint:
CREATE ENDPOINT hrDetails
STATE = STARTED AS HTTP(
PATH = '/AdventureWorks',
AUTHENTICATION = (INTEGRATED ),
PORTS = ( CLEAR ), SITE = 'localhost' )
FOR SOAP (
WEBMETHOD 'hrDetails' (name='AdventureWorks.dbo.hrDetails', FORMAT =
ROWSETS_ONLY),
WSDL = DEFAULT, SCHEMA = STANDARD,
DATABASE = 'AdventureWorks', NAMESPACE = ' );
2. Press the F5 key to execute the statement.
Task 3: Verifying the Creation of an HTTP Endpoint
To verify the creation of an HTTP endpoint, you can view the details of the Web method
in the Microsoft SQL Sever Management Studio window. For this, you need to expand
the Server ObjectsÆEndpointsÆSOAP nodes in the Object Explorer window.

¤NIIT Implementing HTTP Endpoints 10.17
You can view the hrDetails Web method listed under the SOAP node, as shown in the
following figure.
hrDetails Endpoint Listed in the Object Explorer Window
To verify the data being accessed by the endpoint, you need to create a client application.
You can write the client application in any of the .NET supported language. For example,
if you create the client application using C#, you need to first add a Web reference to the
WSDL document of the Web service running on http://localhost/AdventureWorks?wsdl
location. Next, you need to add a button and datagrid named but1 and grid1 to the user
interface. Next, you can write the following code in the click event of the button:

Client.localhost.hrDetails hr = new hrDetails();// makes the object
of the class
hr.Credentials = CredentialCache.DefaultCredentials;//uses the
default username and password to execute the code
DataSet ds = hr.CallhrDetails();//executes the webmethod and stores
the result in ds dataset
grid1.DataSource = ds.Tables[0].DefaultView;//displays the dataset to
the user
The preceding code will get the data from the Web service and display it in the datagrid
10.18 Implementing HTTP Endpoints ¤NIIT
N
ote
N
ote
If you are unable to view the Web service in the Object Explorer window, you need to
refresh the Object Explorer window several times.
To view the result of the Web service, you can also call the method from a client
application that refers to the Web service.
¤NIIT Implementing HTTP Endpoints 10.19

1. What is a Web service? How does it help in a database scenario?
2. What are the advantages of native Web services?
3. What is SOAP?
4. Which statement is used to create an HTTP endpoint in the SQL Server?
5. What is the usage of FORMAT in the syntax of creating an HTTP endpoint?
6. How will you secure an HTTP endpoint?
Practice Questions
10.20 Implementing HTTP Endpoints ¤NIIT
In this chapter, you learned that:
 A Web service is the piece of code that is exposed over the Internet.
 Web services have following advantages:
z Interoperability
z Multilanguage support
z Reusability
 SOAP is a standard communication protocol to interchange information in a
structured format in a distributed environment.
 WSDL is a markup language that describes a Web service.
 UDDI provides a standard mechanism to register and discover a Web service.
 HTTP endpoints allow you to create and use Web services within the SQL Server.
 Before creating an HTTP endpoint, you need to first create stored procedures or
functions that form a Web service.
 HTTP endpoints provide the users with a connecting point through which they can
access the implemented functions.
 You can create HTTP endpoints by using the CREATE ENDPOINT statement.
 To secure an HTTP endpoint, you can create users and assign permissions to the
users to execute a Web method or to connect to the endpoint.
Summary
¤NIIT Implementing HTTP Endpoints 10.21
N
ote

Exercise 1
Multiple business partners of AdventureWorks need to use the details of all the sales
stores stored in the AdventureWorks database server. The details include the name of the
store, name of the store owner, and e-mail address of the owner. As per the company’s
security policy, access to company’s databases cannot be provided to any external entity.
As a database developer, how will you make the list available to the other organizations
without any additional overhead?
If you are unable to view the Web service in the Object Explorer, you need to refresh
the Object Explorer window several times.
Exercises
10.22 Implementing HTTP Endpoints ¤NIIT