wcf faq part 3.doc
TRANSCRIPT
-
8/10/2019 WCF FAQ Part 3.doc
1/34
WCF FAQ Part 3 10 security related FAQ
Introduction and Goal
WCF FAQ Part 1 and 2 series
What are the core security features that WCF addresses?
What is transport leel and !essa"e leel security?
For #hich $indin"s are transport% !essa"e and !i&ed !ode
supported?
'o #hat are the scenarios% adanta"es and disadanta"es of
transport (' !essa"e security?
Can you e&plain a si!ple e&a!ple of ho# to i!ple!enttransport security?
Can you sho# a si!ple e&a!ple of !essa"e leel security ?
What is the difference $et#een )asic*ttp)indin" and
Ws*ttp)indin" ?
Can you sho# the security differences $et#een)asic*ttp)indin" (' Ws*ttp)indin" ?
When should #e use Ws*ttp as co!pared to )asic*ttp ?
*o# can #e ena$le #indo#s authentication on WCF usin"
+)asic*ttp)indin",?
'ource Code
Introduction and Goal
In this article we will start with transport and message security understanding. Wewill then see simple code samples of how to implement transport and message
security using WsHTTP bindings. We will also see what is the difference betweenBasicHttpBinding and WsHttpBinding with the help of a simple source code. WC
security is a huge topic by itself! but we are sure with this article you will get a "uic#
start of how to go about WC security.
I ha$e collected around %&& '( "uestions and answers in WC! WP! WW!
)harePoint! design patterns! *+, etc. eel free to download these '( P-s frommy site http//www."uestpond.com
WCF FAQ Part 1 and 2 series
http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Introduction%20and%20Goal%23Introduction%20and%20Goalhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#WCF%20FAQ%20Part%201%20and%202%20series%23WCF%20FAQ%20Part%201%20and%202%20serieshttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#What%20are%20the%20core%20security%20features%20that%20WCF%20addresses%23What%20are%20the%20core%20security%20features%20that%20WCF%20addresseshttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#What%20is%20transport%20level%20and%20message%20level%20security%23What%20is%20transport%20level%20and%20message%20level%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#For%20which%20bindings%20are%20transport,%20message%20and%20mixed%20mode%20supported%23For%20which%20bindings%20are%20transport,%20message%20and%20mixed%20mode%20supportedhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#For%20which%20bindings%20are%20transport,%20message%20and%20mixed%20mode%20supported%23For%20which%20bindings%20are%20transport,%20message%20and%20mixed%20mode%20supportedhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#So%20what%20are%20the%20scenarios,%20advantages%20and%20disadvantages%20of%20transport%20VS%20message%20security%23So%20what%20are%20the%20scenarios,%20advantages%20and%20disadvantages%20of%20transport%20VS%20message%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#So%20what%20are%20the%20scenarios,%20advantages%20and%20disadvantages%20of%20transport%20VS%20message%20security%23So%20what%20are%20the%20scenarios,%20advantages%20and%20disadvantages%20of%20transport%20VS%20message%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Can%20you%20explain%20a%20simple%20example%20of%20how%20to%20implement%20transport%20security%23Can%20you%20explain%20a%20simple%20example%20of%20how%20to%20implement%20transport%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Can%20you%20explain%20a%20simple%20example%20of%20how%20to%20implement%20transport%20security%23Can%20you%20explain%20a%20simple%20example%20of%20how%20to%20implement%20transport%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Can%20you%20show%20a%20simple%20example%20of%20message%20level%20security%23Can%20you%20show%20a%20simple%20example%20of%20message%20level%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#What%20is%20the%20difference%20between%20BasicHttpBinding%20and%20WsHttpBinding%23What%20is%20the%20difference%20between%20BasicHttpBinding%20and%20WsHttpBindinghttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#What%20is%20the%20difference%20between%20BasicHttpBinding%20and%20WsHttpBinding%23What%20is%20the%20difference%20between%20BasicHttpBinding%20and%20WsHttpBindinghttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Can%20you%20show%20the%20security%20differences%20between%20BasicHttpBinding%20VS%20WsHttpBinding%23Can%20you%20show%20the%20security%20differences%20between%20BasicHttpBinding%20VS%20WsHttpBindinghttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Can%20you%20show%20the%20security%20differences%20between%20BasicHttpBinding%20VS%20WsHttpBinding%23Can%20you%20show%20the%20security%20differences%20between%20BasicHttpBinding%20VS%20WsHttpBindinghttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#When%20should%20we%20use%20WsHttp%20as%20compared%20to%20BasicHttp%23When%20should%20we%20use%20WsHttp%20as%20compared%20to%20BasicHttphttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#How%20can%20we%20enable%20windows%20authentication%20on%20WCF%20using%20%E2%80%98BasicHttpBinding%E2%80%99%23How%20can%20we%20enable%20windows%20authentication%20on%20WCF%20using%20%E2%80%98BasicHttpBinding%E2%80%99http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#How%20can%20we%20enable%20windows%20authentication%20on%20WCF%20using%20%E2%80%98BasicHttpBinding%E2%80%99%23How%20can%20we%20enable%20windows%20authentication%20on%20WCF%20using%20%E2%80%98BasicHttpBinding%E2%80%99http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Source%20Code%23Source%20Codehttp://www.questpond.com/http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Introduction%20and%20Goal%23Introduction%20and%20Goalhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#WCF%20FAQ%20Part%201%20and%202%20series%23WCF%20FAQ%20Part%201%20and%202%20serieshttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#What%20are%20the%20core%20security%20features%20that%20WCF%20addresses%23What%20are%20the%20core%20security%20features%20that%20WCF%20addresseshttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#What%20is%20transport%20level%20and%20message%20level%20security%23What%20is%20transport%20level%20and%20message%20level%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#For%20which%20bindings%20are%20transport,%20message%20and%20mixed%20mode%20supported%23For%20which%20bindings%20are%20transport,%20message%20and%20mixed%20mode%20supportedhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#For%20which%20bindings%20are%20transport,%20message%20and%20mixed%20mode%20supported%23For%20which%20bindings%20are%20transport,%20message%20and%20mixed%20mode%20supportedhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#So%20what%20are%20the%20scenarios,%20advantages%20and%20disadvantages%20of%20transport%20VS%20message%20security%23So%20what%20are%20the%20scenarios,%20advantages%20and%20disadvantages%20of%20transport%20VS%20message%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#So%20what%20are%20the%20scenarios,%20advantages%20and%20disadvantages%20of%20transport%20VS%20message%20security%23So%20what%20are%20the%20scenarios,%20advantages%20and%20disadvantages%20of%20transport%20VS%20message%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Can%20you%20explain%20a%20simple%20example%20of%20how%20to%20implement%20transport%20security%23Can%20you%20explain%20a%20simple%20example%20of%20how%20to%20implement%20transport%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Can%20you%20explain%20a%20simple%20example%20of%20how%20to%20implement%20transport%20security%23Can%20you%20explain%20a%20simple%20example%20of%20how%20to%20implement%20transport%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Can%20you%20show%20a%20simple%20example%20of%20message%20level%20security%23Can%20you%20show%20a%20simple%20example%20of%20message%20level%20securityhttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#What%20is%20the%20difference%20between%20BasicHttpBinding%20and%20WsHttpBinding%23What%20is%20the%20difference%20between%20BasicHttpBinding%20and%20WsHttpBindinghttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#What%20is%20the%20difference%20between%20BasicHttpBinding%20and%20WsHttpBinding%23What%20is%20the%20difference%20between%20BasicHttpBinding%20and%20WsHttpBindinghttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Can%20you%20show%20the%20security%20differences%20between%20BasicHttpBinding%20VS%20WsHttpBinding%23Can%20you%20show%20the%20security%20differences%20between%20BasicHttpBinding%20VS%20WsHttpBindinghttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Can%20you%20show%20the%20security%20differences%20between%20BasicHttpBinding%20VS%20WsHttpBinding%23Can%20you%20show%20the%20security%20differences%20between%20BasicHttpBinding%20VS%20WsHttpBindinghttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#When%20should%20we%20use%20WsHttp%20as%20compared%20to%20BasicHttp%23When%20should%20we%20use%20WsHttp%20as%20compared%20to%20BasicHttphttp://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#How%20can%20we%20enable%20windows%20authentication%20on%20WCF%20using%20%E2%80%98BasicHttpBinding%E2%80%99%23How%20can%20we%20enable%20windows%20authentication%20on%20WCF%20using%20%E2%80%98BasicHttpBinding%E2%80%99http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#How%20can%20we%20enable%20windows%20authentication%20on%20WCF%20using%20%E2%80%98BasicHttpBinding%E2%80%99%23How%20can%20we%20enable%20windows%20authentication%20on%20WCF%20using%20%E2%80%98BasicHttpBinding%E2%80%99http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#Source%20Code%23Source%20Codehttp://www.questpond.com/ -
8/10/2019 WCF FAQ Part 3.doc
2/34
-
8/10/2019 WCF FAQ Part 3.doc
3/34
What is transport leel and !essa"e leel security?
When we tal# about WC security there are two aspects! the first is the data and thesecond is the medium on which the data tra$els i.e. the protocol. WC has the ability
to apply security at the transport le$el 6i.e. protocol le$el7 and also at message le$el6i.e. data7.
-
8/10/2019 WCF FAQ Part 3.doc
4/34
Figure: - Transport and Message level security
Transport le$el security happens at the channel le$el. Transport le$el security is theeasiest to implement as it happens at the communication le$el. WC uses transport
protocols li#e TCP! HTTP! +)+( etc and e$ery of these protocols ha$e their ownsecurity mechanisms. 8ne of the common implementation of transport le$el security
is HTTP). HTTP) is implemented o$er HTTP protocols with )), pro$iding the security
mechanism. 9o coding change is re"uired its more of using the e3isting securitymechanism pro$ided by the protocol.
+essage le$el security is implemented with message data itself. -ue to this it isindependent of the protocol. )ome of the common ways of implementing message
le$el security is by encrypting data using some standard encryption algorithm.
For #hich $indin"s are transport% !essa"e and !i&ed !odesupported?
Note :- The below table is taken from book Pro WF: Practical Microsoft !"#$mplementation -- hris peiris and %enis mulder & #press '(()
Below is a table which shows for which binding which mode is supported. We did not
discuss the mi3ed mode. Its nothing but combination of transport and mi3ed mode.or instance data encrypted and passed o$er WsHttp using HTTP) is a mi3ed mode
of security. 4ncryption is nothing but message security and HTTP) is a transport
mode. In a combination they form mi3ed mode.
-
8/10/2019 WCF FAQ Part 3.doc
5/34
)indin"/ransportode?
essa"eode?
i&edode?
BasicHttpBinding :es :es :es
WsHttpBinding :es :es :es
Ws-ualHttpBinding 9o :es 9o
9etTcpBinding :es :es :es
9et9amedPipeBinding :es 9o 9o
9et+sm"Binding :es :es 9o
+sm"IntegrationBinding :es 9o 9o
'o #hat are the scenarios% adanta"es and disadanta"es oftransport (' !essa"e security?
/ransport essa"e
'cenarios #hen#e should $e
usin" one of the!
When there are no intermediate systems
in between this is the best methodology.
If its an intranet type of solution this is
most recommended methodology.
When there are intermediate
systems li#e one more WC ser$ithrough which message is routed
then message security is the way
go.
Adanta"es
-oes not need any e3tra coding
as protocol inherent security is
used. Performance is better as we can
use hardware accelerators toenhance performance.
There is lot of interoperability
support and communicating
clients do not need to understandW) security as its built in the
protocol itself.
Pro$ides end to end secur
as its not dependent on
protocol. 'ny intermediate
hop in networ# does notaffect the application.
)upports wide set of secu
options as it is not depend
on protocol. We can also
implement custom securit
isadanta"es 's its a protocol implemented
security so it wor#s only point to
point.
's security is dependent on
9eeds application refactor
to implement security.
's e$ery message is
encrypted and signed ther
-
8/10/2019 WCF FAQ Part 3.doc
6/34
protocol it has limited security
support and is bounded to theprotocol security limitations.
are performance issues.
-oes not support
interoperability with old '
webser$ices/
Figure: - *oute paths
Can you e&plain a si!ple e&a!ple of ho# to i!ple!ent transport
security?
,ets ma#e a simple sample which will demonstrate how we can use transportsecurity using WsHttp binding with HTTP) security.
'tep 1- Create a si!ple serice usin" WCF proect
The first step is to create a simple WC pro
-
8/10/2019 WCF FAQ Part 3.doc
7/34
Collapse Copy CodepublicclassService1 : IService1{publicstringGetData(intvalue){returnstring.Format("You entered: {!" value)#!public$omposite%&pe GetData'singData$ontract($omposite%&pe composite){i(composite.ool*alue){composite.String*alue +, "Sui-"#!returncomposite#!!
'tep 2 - 4na$le transport leel security in the #e$5confi" file of the
serice
9e3t step is to enable transport security in WsHttp binding. This is done using the)ecurity ;+, tag as shown in the below code snippet.
Collapse Copy Codebindings/0sttpinding/binding name,"%ransportSecurit&"/securit& mode,"%ransport"/transport client$redential%&pe,"2one"3/3securit&/3binding/30sttpinding/
3bindings/
'tep 3- /ie up the $indin" and specify *//P' confi"uration
We need now tie up the bindings with the end points. )o use thebindingConfiguration tag to specify the binding name. We also need to specify the
address where the ser$ice is hosted. Please note the HTT) in the address tag.
Change me3HttpBinding to me3HttpsBinding in the second end point.
Collapse Copy Codeservice name,"4$F4Sttps.Service1"be5avior$oniguration,"4$F4Sttps.Service1e5avior"/677 Service 8ndpoints 77/endpoint address,"5ttps:33local5ost34$F4Sttps3Service1.svc"binding,"0sttpinding"binding$oniguration,"%ransportSecurit&"contract,"4$F4Sttps.IService1"3/endpoint address,"me-"binding,"me-ttpsinding"contract,"I9etadata8-c5ange"3/3service/
Collapse Copy Code
http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23 -
8/10/2019 WCF FAQ Part 3.doc
8/34
In t5e service9etadata; 0e also need to c5ange 5ttpGet8nabled; to5ttpsGet8nabled;.
Collapse Copy Codeservicee5aviors/.................service9etadata 5ttpsGet8nabled,"true"3/..................3servicee5aviors/
'tep 6- a7e the #e$ application *//P' ena$led
9ow that we are done with the WC ser$ice pro
-
8/10/2019 WCF FAQ Part 3.doc
9/34
9ow its time to assign this certificate to your II) website. )o go to II) properties !clic# on directory security tab and you should see ser$er certificate tab.
)o clic# on the ser$er certificate tab and you will then be wal#ed through an II)certificate wi5ard. Clic# 'ssign a e3isting certificate from the wi5ard.
-
8/10/2019 WCF FAQ Part 3.doc
10/34
:ou can see a list of certificates. The @compa"1
-
8/10/2019 WCF FAQ Part 3.doc
11/34
-
8/10/2019 WCF FAQ Part 3.doc
12/34
-o not forget to enable II) anonymous access.
'tep 8- Consu!e the serice in a #e$ application
Its time to consume the ser$ice application in ')P.94T web. )o clic# on add ser$icereference and specify your ser$ice *,. :ou will shown a warning bo3 as shown in
the below figure. When we used ma#ecert.e3e we did not specify the host name as
the ser$ice *,. )o
-
8/10/2019 WCF FAQ Part 3.doc
13/34
'tep 9- 'uppress the *//P' errors
ma#ecert.e3e creates test certificates. In other words its not signed by C'. )o weneed to suppress those errors in our ')P.94T client consumer. )o we ha$e created afunction called as IgnoreCertificate4rrorHandler which return true e$en if there are
errors. This function is attached as a callbac# to)er$icePoint+anager.)er$erCertificatealidationCallbac#.
In the same code you can also see ser$ice consuming code which calls the =et-ata
function.
Collapse Copy CodeusingS&stem#usingS&stem.$ollections.Generic#usingS&stem.pplication$onsumer.Service?eerence1#usingS&stem.2et#usingS&stem.2et.SecuritusingS&stem.Securit&.$r&ptograp5&.@AB$ertiicates#
namespace4eb>pplication$onsumer
http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23 -
8/10/2019 WCF FAQ Part 3.doc
14/34
{publicpartial classCDeault : S&stem.4eb.'I.age{
protectedvoidageCrgs e){Serviceoint9anager.Server$ertiicate*alidation$allbac , ne0
?emote$ertiicate*alidation$allbac(Ignore$ertiicate8rrorandler)#Service1$lient obE , ne0Service1$lient()#?esponse.4rite(obE.GetData(1))#!publicstaticboolIgnore$ertiicate8rrorandler(obEectsender @AB$ertiicatecertiicate @AB$5ain c5ain Sslolic&8rrors sslolic&8rrors){returntrue#!!!
'tep :- 4noy success
9ow to the easiest step! compile you ')P.94T client and en
-
8/10/2019 WCF FAQ Part 3.doc
15/34
makecert4e6e -sr urrent7ser -ss My -a sha1 -n N,Wf!erver -skye6change -pe
makecert4e6e -sr urrent7ser -ss My -a sha1 -n N,Wcflient -skye6change -pe
Below is a detailed e3planation of $arious attributes specified in the ma#ecert.e3e.
Attri$ute 4&planation
1sr
)pecifies the registry location of the certificate store. The)ub or )H'0.
1n
)pecifies a name for the certificate. This name must conform to the;.>&& standard. The simplest method is to use the KC9L+y9ameK
format.If the /n switch is not specifiedM the default name of thecertificate is KNoeOs )oftware 4mporiumK.
1s#y)pecifies how will be the #ey type. Can be either e3change orsignature.
1pe This ma#es the #ey e3portable.
Note: - Makecert4e6e is a free tool provided by Microsoft which helps tocreate 843(9 certificate that is signed by a system test root key or by
another specified key4 This is a test certificate and not a real one and should
not be used for production purpose4 For production buy proper certificatesfrom Thawte ;erisign
-
8/10/2019 WCF FAQ Part 3.doc
16/34
'tep 2 - Copy the certificates in trusted people certificates
run and type ++C and press enter. :ou will be popped with the=o to start
'dd/remo$e snap1in.++C console. Clic# on file
:ou will be popped up with a 'dd/emo$e )nap1in ! clic# on the add button ! selectcertificates and select +y user 'ccount.
-
8/10/2019 WCF FAQ Part 3.doc
17/34
:ou can see the certificates created for client and ser$er in the personal certificates
folder. certificates folder.We need to copy those certificates in trusted people
'tep 3 - 'pecify the certification path and !ode in the WCF serice
#e$5confi" file
9ow that we ha$e created both the certificates we need to refer these certificates inour WC pro
-
8/10/2019 WCF FAQ Part 3.doc
18/34
,ets open the web.config file of the WC ser$ice and enter two important things1
Where the certificate is stored! location and how WC application should find thesame. This is defined using ser$iceCertificate tag as shown in the below snippet.
The certification$alidationmode defines how client certificates will beauthenticated.
Certification alidation !ode escription
Chain trustIn this situation the client certificate is $alidated
against the root certificate.
Peer trustPeerTrust ensures that the public #ey portion ofthe certificate is in the Trusted People certificate
folder on the clients computer
Chain8Peertrust This is
-
8/10/2019 WCF FAQ Part 3.doc
19/34
service$ertiicate ind*alue,"4$Server"store$HG?'2D7$$HG?'2D7$
-
8/10/2019 WCF FAQ Part 3.doc
20/34
usingS&stem.4eb.'I#usingS&stem.4eb.'I.4eb$ontrols#">$HG?'2D7$$HG?'2D7$$HG?'2D7$
-
8/10/2019 WCF FAQ Part 3.doc
21/34
3endpointe5aviors/3be5aviors/
'tep ; - /ie up the $ehaior #ith end point on WCF client
We need to tie up the abo$e defined beha$ior with the end point. :ou can see weha$e bounded the beha$ior using beha$iorConfiguration property. We also need tospecify that the -9) $alue will be Wcf)er$er which your ser$er certificate name.
Collapse Copy Codeclient/endpoint address,"5ttp:33local5ost:1KLM3Service1.svc"binding,"0sttpinding"binding$oniguration,"4SttpindingCIService1"contract,"Service?eerence1.IService1"name,"4SttpindingCIService1"">$HG?'2D7$$HG?'2D7$
-
8/10/2019 WCF FAQ Part 3.doc
22/34
Below is a detailed comparison table between both the entities from security!
compatibility! reliability and )8'P $ersion perspecti$e.
Criteria )asic*ttp)indin" Ws*ttp)indin"
)ecurity support This supports the old ')+;style i.e W)1BasicProfile 0.0.
This e3poses web ser$icesusing W)1Q specifications.
Compatibility
This is aimed for clients who
do not ha$e .9et G.& installed
and it supports wider rangesof client. +any of clients li#e
Windows 2&&& still do not
run .94T G.&. )o older $ersionof .94T can consume this
ser$ice.
's its built using W)1Q
specifications it does notsupport wider ranges of client
and it cannot be consumed by
older .94T $ersion less than G$ersion.
)oap $ersion )8'P 0.0)8'P 0.2 and W)1'ddressing
specification.
eliable messaging
9ot supported. In other words
if a client fires two or threecalls you really do not #now
they will return bac# in thesame order.
)upported as it supports W)1Q
specifications.
-efault securityoptions
By default there is not securitypro$ided for messages when
the client calls happen. Inother words data is sent as
plain te3t.
's WsHttBinding supports W)1
Q it has W)1)ecurity enabledby default. )o the data is not
sent in plain te3t.
)ecurity options
9one
Windows R default
authentication.
Basic
Certificate
9one
Transport.
+essage.
Transport with message
credentials.
8ne of the biggest differences you must ha$e noticed is the security aspect. By
default BasicHttpBinding sends data in plain te3t while WsHttpBinding sends inencrypted and secured manner. To demonstrate the same lets ma#e two ser$ices
one using BasicHttpBinding and the other using WsHttpBinding and then lets see
the security aspect in a more detailed manner.
We will do a small sample to see how BasicHttpBinding sends data in plain te3tformat and how WsHttpBinding encrypts data.
Note :- =y %efault security is not enabled on >=asic?ttp=inding@ forinteroperability purpose4 $n other words it like our old webservice i4e4
#!M84 =ut that does not mean we cannot enable security in
-
8/10/2019 WCF FAQ Part 3.doc
23/34
>=asic?ttp=inding@4 !ometimes back we had a written a article on how toenable security on >=asic?ttp=inding@ WF=asic?ttp=inding4asp6
Can you sho# the security differences $et#een )asic*ttp)indin" ('
Ws*ttp)indin" ?
In order to understand the security differences between both these entities we will
do a small pro
-
8/10/2019 WCF FAQ Part 3.doc
24/34
677 %o avoid disclosing metadata inormation set t5e valuebelo0 to alseandremove t5e metadata endpoint above beore deplo&ment 77/service9etadata 5ttpGet8nabled,"true"3/677 %o receive e-ception details inaults ordebugging purposes set t5evaluebelo0 to true. Set to alsebeore deplo&ment to avoid disclosinge-ception inormation 77/serviceDebug include8-ceptionDetailInFaults,"alse"3/
3be5avior/3servicee5aviors/3be5aviors/
3s&stem.service9odel/
'tep 2 -We also need to create one more ser$ice using WsHttpBinding. or that
you do not need to anything special as such. By default WC pro
-
8/10/2019 WCF FAQ Part 3.doc
25/34
=et-ata function which returns a string. The =et-ata function is a default functioncreated WC pro
-
8/10/2019 WCF FAQ Part 3.doc
26/34
)tep > 1 )o now we are ready with the complete pro
-
8/10/2019 WCF FAQ Part 3.doc
27/34
When should #e use Ws*ttp as co!pared to )asic*ttp ?
If you are loo#ing for bac# ward compatibility and to support lot of clients then basichttp binding is the way to go or else WsHttp is the great way to start if you are
seeing your clients made in .94T G.& and abo$e.
*o# can #e ena$le #indo#s authentication on WCF usin"
+)asic*ttp)indin",?
'tep 1-Create a pro
-
8/10/2019 WCF FAQ Part 3.doc
28/34
'elect thisCircle WCF serice application
By default the WC pro
-
8/10/2019 WCF FAQ Part 3.doc
29/34
'tep 3-The third step is to define the bindings and the transport type. To definethe bindings we need to enter basicHttpBinding element inside the bindings ;+,
tag. We also need to define the clientCredentialType as windows.
Collapse Copy Codes&stem.service9odel/bindings/basicttpinding/binding name,"asicttp8ndpointinding"/securit& mode,"%ransport$redentialnl&"/transport client$redential%&pe,"4indo0s"3/3securit&/3binding/3basicttpinding/3bindings/services/..................3s&stem.service9odel/
'tep 6-9ow the bindings defined needs to be associated with ser$ice interface i.e.
ser$ice0. )o we need to modify the ser$ices elements as shown below. :ou can notethat we ha$e defined a end point which has the binding association.
Collapse Copy Codes&stem.service9odel/........................services/service be5avior$oniguration,"4$F4indo0sasicttpinding.Service1e5avior"
name,"4$F4indo0sasicttpinding.Service1"/endpoint address,""binding,"basicttpinding"binding$oniguration,"asicttp8ndpointinding"name,"asicttp8ndpoint"contract,"4$F4indo0sasicttpinding.IService1"/identit&/dns value,"local5ost"3/3identit&/3endpoint/3service/3services/....................................3s&stem.service9odel/
)o o$er all your Ssystem.ser$ice+odel ;+, part as whole with bindings andser$ices is a shown below.
Collapse Copy Codes&stem.service9odel/bindings/basicttpinding/
http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx#%23 -
8/10/2019 WCF FAQ Part 3.doc
30/34
binding name,"asicttp8ndpointinding"/securit& mode,"%ransport$redentialnl&"/transport client$redential%&pe,"4indo0s"3/3securit&/3binding/3basicttpinding/3bindings/
services/service be5avior$oniguration,"4$F4indo0sasicttpinding.Service1e5avior"name,"4$F4indo0sasicttpinding.Service1"/endpoint address,""binding,"basicttpinding"binding$oniguration,"asicttp8ndpointinding"name,"asicttp8ndpoint"contract,"4$F4indo0sasicttpinding.IService1"/identit&/dns value,"local5ost"3/3identit&/3endpoint/3service/3services/be5aviors/servicee5aviors/be5avior name,"4$F4indo0sasicttpinding.Service1e5avior"/
677 %o avoid disclosing metadata inormation set t5e valuebelo0 to alseandremove t5e metadata endpoint above beore deplo&ment 77/service9etadata 5ttpGet8nabled,"true"3/677 %o receive e-ception details inaults ordebugging purposes set t5evaluebelo0 to true. Set to alsebeore deplo&ment to avoid disclosinge-ception inormation 77/serviceDebug include8-ceptionDetailInFaults,"alse"3/3be5avior/3servicee5aviors/3be5aviors/3s&stem.service9odel/
'tep 8 -=o to II) properties and clic# on security tab and ensure that anonymousaccess is disabled and only windows authentication is enabled.
-
8/10/2019 WCF FAQ Part 3.doc
31/34
'tep 9-We need to host our ser$ice in the II). )o ma#e the directory as an II)application so that your ser$ice can be hosted. 9ow if you try to browse the ser$ice
i.e. the )C file you will see that it pops up the authentication authori5ation security
dialog bo3. )o this ser$ice cannot be e3ecuted with windows authentication.
-
8/10/2019 WCF FAQ Part 3.doc
32/34
'tep :- )o lets consume this WC ser$ices. )o add an ')P.94T webapplication and
do a add webreference. :ou will be popped up with a dialog bo3 as shown below.Clic# on add reference so that a pro3y is generated for the WC ser$ice.
-
8/10/2019 WCF FAQ Part 3.doc
33/34
'tep ;-Type in the following code snippet in your page load. )o add the namespace
reference and call the method =et-ata. The most important step to note is thecredential supplied. -efaultCredentials passes the current windows identity to the
WC ser$ice.
If you e3ecute the ser$ice you should get the following display as shown below.
-
8/10/2019 WCF FAQ Part 3.doc
34/34