WCF Binding: BasicHttpBinding vs WsHttpBinding
WSHttpBinding messaging is based on SOAP 1.2 and WS-Addressing Specifications while BasicHttpBinding messaging is based on SOAP 1.1 specifications. Implementing the WS-Addressing specifications enables more features in this binding like asynchronous messaging, message correlation, and transport-neutral addressing mechanisms which for sure adds some processing overhead.
In addition, BasicHttpBinding provides fewer security options which are Message security, User name token, Kerberos and X509 tokens. WSHttpBinding provides more in addition to the list above which are WS-Trust and WS Secure conversation.
In Additions WSHttpBinding supports reliable messaging, atomic and distributed transactions.
WCF : BasicHttpBinding compared to WSHttpBinding at SOAP packet level.
The first thing developers starting to implement Windows Communication Foundation (WCF) should know is the difference between the BasicHttpBinding and the WSHttpBinding.
This is very important as the BasicHttpBinding has some major drawbacks compared to the WSHttpBinding. From the functional view it makes no difference, it's just a client invoking an operation on a service, but there is a world of difference concerning the low level exchange of SOAP packets to achieve this.
BasicHttpBinding is there only to support the old .ASMX style of working (based on WS-BasicProfile 1.1) and aimed for clients which do not have .NET 3.0 installed. As lots of Windows 2000, which cannot run .NET 3.0, are still out there this is the only way to work with WCF. So the BasicHttpBinding it's there mainly for compatibility reasons.
But you have to be familiar with the idea that this basic profile binding is out-of-date and that the protocol does not have enough quality on board to support the requirements of enterprise oriented services, which can have a high SLA.
ASMX does not support secure messaging (I mean by default, without the WS enhancements). When a client calls an operation on a service, all data in the payload is send as a plain XML, human readable, SOAP packet. Scary? Isn’t? It also does not support reliability and ordered delivery. When a call is lost somewhere, the client is not informed and just waits for a timeout and can not know for sure if the call has arrived at the server and if the logic behind it got executed. Also lacking in the basic profile is ordered delivery. This means when a client fires multiple calls to the service it's not guaranteed that they arrive in the same order. Maybe somewhere a router could drop a packet allowing the second call to arrive earlier than the retransmission of the first. This can lead to disasters, which cannot be allowed in enterprise solutions.
In a sentence: do not use basicHttpBinding binding.
The WSHttpBinding fully supports these requirements on security, reliability and ordered delivery. Some of them as default, others have to be configured. But remember this tuning does not influence the functional development; it's all done under the covers!
So there is no excuse to not use the WSHttpBinding.
WSHttpBinding uses (as the name implies) the WS-* protocols. This results in having some additional handshake messaging and other back-and-forth exercises to accomplish this. This means that not only SOAP requests are sent for the operation calls but also to have the client and service agree on some context and to inform each other on the success of the calls.
wsHttpBinding Configuration Settings / Attributes
<wsHttpBinding>
<binding
allowCookies="Boolean"
bypassProxyOnLocal="Boolean"
closeTimeout="TimeSpan"
hostNameComparisonMode="StrongWildCard/Exact/WeakWildcard"
maxBufferPoolSize="integer"
maxReceivedMessageSize="Integer"
messageEncoding="Text/Mtom"
name="string"
openTimeout="TimeSpan"
proxyAddress="URI"
receiveTimeout="TimeSpan"
sendTimeout="TimeSpan"
textEncoding="UnicodeFffeTextEncoding/Utf16TextEncoding/Utf8TextEncoding"
transactionFlow="Boolean"
useDefaultWebProxy="Boolean">
<reliableSession ordered="Boolean"
inactivityTimeout="TimeSpan"
enabled="Boolean" />
<security mode="Message/None/Transport/TransportWithCredential">
<transport clientCredentialType="Basic/Certificate/Digest/None/Ntlm/Windows"
proxyCredentialType="Basic/Digest/None/Ntlm/Windows"
realm="string" />
<message
algorithmSuite="Basic128/Basic192/Basic256/Basic128Rsa15/
Basic256Rsa15/TripleDes/TripleDesRsa15/Basic128Sha256/
Basic192Sha256/TripleDesSha256/Basic128Sha256Rsa15/
Basic192Sha256Rsa15/Basic256Sha256Rsa15/TripleDesSha256Rsa15"
clientCredentialType="Certificate/IssuedToken/None/UserName/Windows"
establishSecurityContext="Boolean"
negotiateServiceCredential="Boolean" />
</security>
<readerQuotas maxDepth="integer"
maxStringContentLength="integer"
maxByteArrayContentLength="integer"
maxBytesPerRead="integer"
maxNameTableCharCount="integer" />
</binding>
</wsHttpBinding>
More great information:
http://geekswithblogs.net/claeyskurt/archive/2008/04/22/121508.aspx
Thursday, September 11, 2008 2:49:38 PM