Академический Документы
Профессиональный Документы
Культура Документы
g a
j a r
g a
j a r
g a
j a r
g a
j a r
g a
j a r
g a
j a r
g a
j a r
WSHttpBinding WSDualHttpBinding
<wsHttpBinding> <wsDualHttpBinding>
WSFederationHttpBindin <wsFederationHttpBinding> A secure and interoperable binding that supports the WS-Federation protocol g that enables organizations that are in a federation to efficiently authenticate and authorize users. NetTcpBinding <netTcpBinding> A secure and optimized binding suitable for cross-machine communication between WCF applications. NetNamedPipeBinding <netNamedPipeBinding> A secure, reliable, optimized binding that is suitable for on-machine communication between WCF applications. NetMsmqBinding <netMsmqBinding> A queued binding that is suitable for cross-machine communication between WCF applications. NetPeerTcpBinding <netPeerTcpBinding> A binding that enables secure, multiple machine communication. MsmqIntegrationBinding <msmqIntegrationBinding> A binding that is suitable for cross-machine communication between a WCF application and existing Message Queuing applications. BasicHttpContextBinding <basicHttpContextBinding> A binding that is suitable for communicating with WS-Basic Profile conformant Web services that enables HTTP cookies to be used to exchange context. NetTcpContextBinding
WebHttpBinding
<netTcpContextBinding>
g a
j a r
<webHttpBinding>
A secure and optimized binding suitable for cross-machine communication between WCF applications that enables SOAP headers to be used to exchange context. A binding used to configure endpoints for WCF Web services that are exposed through HTTP requests instead of SOAP messages. A secure and interoperable binding that is suitable for non-duplex service contracts that enables SOAP headers to be used to exchange context.
WSHttpContextBinding
<wsHttpContextBinding>
The following table shows the features of each of the system-provided bindings.
Binding BasicHttpBinding Interoperabilit Security (Default) y Basic Profile 1.1 (None), Transport, Message, Mixed Transport, (Message), Mixed (Message), None (Message), Mixed, None (Transport), Message, None, Mixed (Transport), None Session (Default) (None) Transactions (None) Duplex Encoding (Default) n/a Text, (MTOM) Streaming (Default) Yes (buffered) WSHttpBinding WS (None), Reliable Session, Security Session (None), Yes n/a Yes No Yes (Text), MTOM (Text), MTOM (Text), MTOM Binary No
(Reliable Session), Security (None), Yes Session (None), Reliable Session, Security Session (Transport), Reliable Session, Security Session None, (Transport) (None), Yes (None), Yes
.NET
.NET Peer
N
.NET
g a
j a r
(None), Transport (None) (None) (None) (Transport), Reliable Session, Security Session (None) (None), Reliable Session, Security Session
(None), Yes
W
Yes No Yes n/a n/a
F
No No Yes (buffered) Yes (buffered) No No
Binary
Binary
No Yes (buffered)
(None), Yes
Yes
Binary
Yes (buffered)
(None), No
No
(Text)
No
WSHttpContextBin WS ding
(None), Yes
n/a
Text, (MTOM)
Setting
Features
Server authentication Client authentication Point-to-point security Interoperability Hardware acceleration High throughput Secure firewall High-latency applications Re-encryption across multiple hops Server authentication Client authentication End-to-end security Interoperability Rich claims Federation Multifactor authentication Custom tokens Notary/timestamp service High-latency applications Persistence of message signatures Server authentication Client authentication Point-to-point security Interoperability Hardware acceleration High throughput Rich client claims Federation Multifactor authentication Custom tokens Secure firewall High-latency applications Re-encryption across multiple hops
Transport
Binding Choices Use this table to help you find the security features your application requires.
Message
g a
j a r
TransportWithMessageCredential
g a
j a r
Yes No Yes No Yes
W
Yes No No No Yes
No
g a
j a r
InstanceContextMode value
PerCall
Required
Allowed
NotAllowed
Behavior with sessionful channel: A session and InstanceContext for each call. Behavior with sessionless channel: An exception is thrown. Behavior with sessionful channel: A session and InstanceContext for each channel. Behavior with sessionless channel: An exception is thrown.
PerSession
Single
g a
Behavior with sessionful channel: A session and one InstanceContext for all calls. Behavior with sessionless channel: An exception is thrown.
j a r
Behavior with sessionful channel: A session and InstanceContext for each call. Behavior with sessionless channel: An InstanceContext for each call. Behavior with sessionful channel: A session and InstanceContext for each channel. Behavior with sessionless channel: An InstanceContext for each call. Behavior with sessionful channel: A session and InstanceContext for the created or user-specified singleton. Behavior with sessionless channel: An InstanceContext for the created or user-specified singleton.
Behavior with sessionful channel: An exception is thrown. Behavior with sessionless channel: An InstanceContext for each call. Behavior with sessionful channel: An exception is thrown. Behavior with sessionless channel: An InstanceContext for each call. Behavior with sessionful channel: An exception is thrown. Behavior with sessionless channel: An InstanceContext for each created singleton or for the user-specified singleton.
g a
j a r
Choosing a transport
Attribute Diagnostics Description Favored transports Diagnostics allow you to automatically detect transport connectivity problems. All transports support the None ability to send back fault information that describes connectivity. However, WCF does not include diagnostic tools for investigating network issues. All WCF endpoints must be hosted inside an application. IIS 6.0 and earlier support only hosting applications that use the HTTP transport. On Windows Vista, support is added for hosting all WCF transports, including TCP and named pipes. For more information, see Hosting in Internet Information Services and Hosting in Windows Process Activation Service. HTTP
Hosting
Inspection
Inspection is the ability to extract and process information from messages during transmission. The HTTP HTTP protocol separates routing and control information from data, making it easier to build tools that inspect and analyze messages. Transports that are easy to inspect may also require less processing power in network appliances. The level of security used impacts whether messages can be inspected. Latency is the minimum amount of time required to complete an exchange of messages. All network operations have more or less latency depending on the choice of transport. Using duplex or one-way communication with a transport whose native message exchange pattern is request-reply, such as HTTP, can cause additional latency due to the forced correlation of messages. In this situation, consider using a transport whose native message exchange pattern is duplex, such as TCP.
Latency
Reach
The reach of a transport reflects how capable the transport is at connecting with other systems. The named HTTP, TCP pipe transport has very little reach; it can only connect to services running on the same machine. The TCP and HTTP transports both have excellent reach and can penetrate some NAT and firewall configurations. For more information, see Working with NATs and Firewalls. Security is the ability to protect messages during transfer by supplying confidentiality, integrity, or authentication. Confidentiality protects a message from being examined, integrity protects a message from being modified, and authentication gives assurances about the sender or receiver of the message. WCF supports transfer security both at the message level and transport level. Message security composes with a transport if the transport supports a buffered transfer mode. Support for transport security varies depending on the chosen transport. The HTTP, TCP, and named pipe transports have reasonable parity in their support for transport security. All
Security
Throughput
Throughput measures the amount of data that can be transmitted and processed in a specified period of TCP, named pipe time. Like latency, the chosen transport can affect the throughput for service operations. Maximizing throughput for a transport requires minimizing both the overhead of transmitting content as well as minimizing the time spent waiting for message exchanges to complete. Both the TCP and named pipe transports add little overhead to the message body and support a native duplex shape that reduces the wait for message replies. Tooling represents third-party application support for a protocol for development, diagnosis, hosting, and other activities. Developing tools and software to work with the HTTP protocol signifies a particularly large investment. HTTP
g a
j a r
C
Pipe
TCP, Named
Tooling
g a
j a r
Description Specifies that the client does not need to present any credential. This translates to an anonymous client. Specifies basic authentication. For additional information, see RFC2617, "HTTP Authentication: Basic and Digest Authentication."
Specifies digest authentication. For additional information, see RFC2617, "HTTP Authentication: Basic and Digest Authentication." Specifies Windows authentication using SSPI negotiation on a Windows domain. SSPI negotiation results in using either the Kerberos protocol or NT LanMan (NTLM). Specifies Windows authentication using SSPI on a Windows domain. SSPI picks from either the Kerberos protocol or NTLM as authentication service. SSPI tries Kerberos protocol first; if that fails, it then uses NTLM. Performs client authentication using a certificate, typically X.509.
Windows
Certificate
g a
j a r
Mode None
Description No security is provided at the transport layer or at the message layer. None of the predefined bindings use this mode by default except the <basicHttpBinding> element or, when using code, the BasicHttpBinding class. Transport Uses a secure transport such as HTTPS for integrity, confidentiality, and mutual authentication. Message Uses SOAP-message security for integrity, confidentiality, and mutual authentication. SOAP messages are secured according to the WS-Security standards. Mixed Uses transport security for integrity, confidentiality, and server Mode authentication. Uses message security (WS-Security and other standards) for client authentication.
Both
(This enumeration for this mode is TransportWithMessageCredential.) Performs protection and authentication at both levels. This mode is available only in the <netMsmqBinding> element.
g a
j a r
g a
j a r
g a
j a r
Intranet Unsecured Client and Service The following illustration depicts a simple Windows Communication Foundation (WCF) service developed to provide information on a secure private network to a WCF application.
g a
j a r
Transport Security with Basic Authentication The following illustration shows a Windows Communication Foundation (WCF) service and client.
g a
j a r
Transport Security with Windows Authentication The following scenario shows a Windows Communication Foundation (WCF) client and service secured by Windows security.
g a
j a r
g a
j a r
g a
j a r
g a
j a r
Message Security with a User Name Client The following illustration shows an Windows Communication Foundation (WCF) service and client secured using message-level security. The service is authenticated with an X.509 certificate. The client authenticates using a user name and password.
g a
j a r
g a
j a r
g a
j a r
g a
j a r
g a
j a r
g a
j a r
Trusted Subsystem
g a
j a r
XML Schema
WS Policy
WS Policy Attachments
WCF uses the WS-Policy 1.2 or 1.5 specifications with domain-specific assertions to describe service requirements and capabilities. Web Services Policy 1.2 - Attachment (WS-PolicyAttachment) WCF implements WS-Policy Attachments to attach policy expressions at various scopes in WSDL. Web Services Metadata Exchange (WS-MetadataExchange) version 1.1 WCF implements WS-MetadataExchange to retrieve XML Schema, WSDL, and WS-Policy. Web Services Addressing 1.0 - WSDL Binding WCF implements WS-Addressing Binding for WSDL to attach addressing information in WSDL.
WS Metadata Exchange
g a
j a r
HttpDigest
IssuedToken
Returns an IssuedTokenClientCredential
Peer
ServiceCertificate
UserName Windows
g a
j a r
Returns a PeerCredential
Represents a custom security token issued by a Security Token Service, commonly used in federation scenarios. Represents a Peer credential for participation in a Peer mesh on a Windows domain.
Returns an Represents an X.509 certificate X509CertificateRecipientClientCrede provided by the service in an outntial of-band negotiation. Returns a UserNamePasswordClientCredential Returns a WindowsClientCredential Represents a user name and password pair. Represents a Windows client credential (a Kerberos credential). The properties of the class are read-only.
The following table illustrates several possible addressing scenarios for WAS sites with both HTTP and non-HTTP site bindings
Scenario
Site bindings
Application path
HTTP Only
http: *:80:*
/appTwo
/appTwo
Non-HTTP only
net.pipe: *
g a
j a r
/appThree
net.pipe://appThree/
g a
j a r
g a
j a r
g a
j a r
COM+ attribute
RequiresNew
WCF attributes
TransactionFlowAttribute is set to NotAllowed. TransactionScopeRequired is true.
The TransactionFlow attribute in the binding element is false. Required TransactionFlowAttribute is set to Allowed. TransactionScopeRequired is true.
The TransactionFlow attribute in the binding element is true. Supported NotSupported Disabled There is no direct equivalent. In general, you should adopt the behavior specified for Required instead. TransactionScopeRequired is false. The TransactionFlow attribute in the binding element is false. There is no direct equivalent. In general, you should adopt the behavior specified for NotSupported instead.
g a
j a r
g a
j a r
The significant differences between different serializers are summarized in the following table
ASP.NET AJAX JavaScriptSerializer null
Category of Differences Deserializing the empty buffer (new byte[0]) into Object (or Uri, or some other classes). Serialization of Value Serialization of the private members of [Serializable] types. Serialization of the public properties of ISerializable types. "Extensions" of JSON
DataContractJsonSerializer SerializationException
Adheres to the JSON specification, Supports the names of object which requires quotes on object members without quotes member names ({"a":"hello"}). ({a:"hello"}). Does not support format "\/Date(123456789U)\/" or "\/Date\(\d+(U|(\+\[\d{4}]))?\)\\/)".
Representation of dictionaries
Escaped characters
g a
j a r
Supports format "\/Date(123456789U)\/" and "\/Date\(\d+(U|(\+\[\d{4}]))?\)\\/)" as DateTime values. As actual JSON objects - but only handles key types that are strings.
Always with an escape forward With an escape forward slash (/) slash (/); never allows un-escaped for DateTime values. invalid JSON characters, such as "\n".
XmlQualifiedName
String
Array of type Byte Datetime DatetimeOffset XML and ADO.NET types (XmlElement, XElement. Arrays of XmlNode, ISerializable, DataSet). DBNull
Collections, dictionaries, and arrays Complex types (with the DataContractAttribute or SerializableAttribute applied)
Complex types implementing the ISerializable interface) Null value for any type
g a
Empty complex type Array Complex type Complex type Null
a
--
j a r
See the Collections, Dictionaries, and Arrays section of this topic. Data members become members of the Javascript complex type.
Same as other complex types but some ISerializable types are not supported see the ISerializable Support part of the Advanced Information section of this topic. Nullable types are also supported and map to JSON in the same way as non-nullable types.
g a
j a r
The following illustration shows how a message is secured on the client when using the Message security mode
g a
j a r
The following illustration shows the processes that occur when a secure message is extracted from the wire and verified on the receiving side:
g a
j a r
g a
j a r
g a
j a r
The following diagram compares the channel stack with other communication stacks, for example TCP/IP.
g a
j a r
g a
j a r
g a
j a r
Dispatchers
g a
j a r
g a
j a r
The following diagram shows the main classes used, the classes they inherit from (shown by an upward-pointing arrow), and the return types of certain methods and properties.
g a
j a r
The following diagram shows the classes involved in the custom binding, and how the custom identity verifier is linked
g a
j a r
g a
j a r
Required to support reliable messaging. Required if you want to use IIS to host your application. Required if you want to use WAS to host your application.
The following table lists some tools and provides their brief description.
Tool ServiceModel Metadata Utility Tool (Svcutil.exe) Find Private Key Tool (FindPrivateKey.exe) ServiceModel Registration Tool (ServiceModelReg.exe) COM+ Service Model Configuration Tool (ComSvcConfig.exe) Configuration Editor Tool (SvcConfigEditor.exe) Service Trace Viewer Tool (SvcTraceViewer.exe)
Description Generates service model code from metadata documents and metadata documents from service model code. Retrieves the private key from a specified store. Manages the registration and un-registration of ServiceModel on a single machine.
WorkFlow Service Registration Tool (WFServicesReg.exe) WCF Service Auto Host WCF Test Client
g a
j a r
Creates and modifies configuration settings for WCF services. Helps you view, group, and filter trace messages so that you can diagnose, repair, and verify issues with WCF services. Configures basic WS-AtomicTransaction support settings using a command line tool. Configures basic WS-AtomicTransaction support settings using a MMC snap-in. Registers a Windows Workflow service. Hosts WCF services contained in libraries (*.dll) files A GUI tool that allows you to input parameters of arbitrary types, submit that input to the service, and view the response the service sends back.
<system.serviceModel>
Element <behaviors>
Child Elements
Description This element defines two child collections named endpointBehaviors and serviceBehaviors. Each collection defines behavior elements consumed by endpoints and services respectively. Each behavior element is identified by its unique name attribute.
<bindings>
This element holds a collection of standard and custom bindings. Each entry is identified by its unique name. Services use bindings by linking them using the name. This element contains a list of endpoints a client uses to connect to a service. This element defines COM contracts enabled for WCF and COM interop.
This element can only be defined in the machine.config file. It defines two child collections named endpointBehaviors and serviceBehaviors. Each collection defines behavior elements consumed by all WCF endpoints and services on the machine respectively. If a behavior is defined in both <commonBehaviors> and <behaviors> sections, the behavior in the <behaviors> section is given preference. This element contains a collection of extensions, which enable the user to create user-defined bindings, behaviors, and other aspects of extensions. This element contains settings for the diagnostics features of WCF. The user can enable/disable tracing, performance counters, and the WMI provider, and can add custom message filters. This element defines what type the service hosting environment instantiates for a particular transport. If this section is empty, the default type is used. The element contains a collection of services. For each service defined in the assembly, this element contains a service element specifying settings for the service.
<extensions> section
<diagnostics>
<serviceHostingEnvironment> <services>
g a
j a r
g a
j a r
The following table summarizes some of the key benefits and scenarios associated with each of the hosting options.
Hosting Environment Managed Application ("Self-Hosted") Common Scenarios Console applications used during development. Rich WinForm and WPF client applications accessing services.
Key Benefits and Limitations Flexible. Easy to deploy. Not an enterprise solution for services.
Running a WCF service side-by-side with ASP.NET content on the Internet using the HTTP protocol.
IIS 7.0
g a
Running a WCF service without installing IIS on the Internet using various transport protocols.
j a r
Running a WCF service with ASP.NET content. Running a WCF service on the Internet using various transport protocols.
Service process lifetime controlled by the operating system, not messageactivated. Supported by all versions of Windows. Secure environment. Process recycling. Idle shutdown. Process health monitoring. Message-based activation. HTTP only. IIS is not required. Process recycling. Idle shutdown. Process health monitoring. Message-based activation. Works with HTTP, TCP, named pipes, and MSMQ. WAS benefits. Integrated with ASP.NET and IIS content.
Platform Availability Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 Windows XP Windows Server 2003 Windows Vista, Windows Server 2008
Transports Supported HTTP, net.tcp, net.pipe, net.msmq HTTP, net.tcp, net.pipe, net.msmq HTTP HTTP HTTP, net.tcp, net.pipe, net.msmq
Windows Services (formerly known as NT services) IIS 5.1 IIS 6.0 Windows Process Activation Service (WAS)
g a
j a r
W
Yes Yes Yes
No