Tags: wcf |
Posted by
blockwood on
1/21/2010 5:44 AM |
Comments (0)
Here is a great post found on codeproject.com http://www.codeproject.com/KB/WCF/WCFFAQPart3.aspx
Below are some worth looking into:
Note :- The below table is taken from book Pro WCF: Practical Microsoft SOA Implementation -- Chris peiris and Denis mulder – Apress 2007
Below is a table which shows for which binding which mode is supported. We did not discuss the mixed mode. It’s nothing but combination of transport and mixed mode. For instance data encrypted and passed over WsHttp using HTTPS is a mixed mode of security. Encryption is nothing but message security and HTTPS is a transport mode. In a combination they form mixed mode.
|
Binding
|
Transport Mode?
|
Message Mode?
|
Mixed Mode?
|
|
BasicHttpBinding
|
Yes
|
Yes
|
Yes
|
|
WsHttpBinding
|
Yes
|
Yes
|
Yes
|
|
WsDualHttpBinding
|
No
|
Yes
|
No
|
|
NetTcpBinding
|
Yes
|
Yes
|
Yes
|
|
NetNamedPipeBinding
|
Yes
|
No
|
No
|
|
NetMsmqBinding
|
Yes
|
Yes
|
No
|
|
MsmqIntegrationBinding
|
Yes
|
No
|
No
|
So what are the scenarios, advantages and disadvantages of transport VS message security?
|
|
Transport
|
Message
|
|
Scenarios when we should be using one of them
|
When there are no intermediate systems in between this is the best methodology.
If it’s an intranet type of solution this is most recommended methodology.
|
When there are intermediate systems like one more WCF service through which message is routed then message security is the way to go.
|
|
Advantages
|
- Does not need any extra coding as protocol inherent security is used.
- Performance is better as we can use hardware accelerators to enhance performance.
- There is lot of interoperability support and communicating clients do not need to understand WS security as it’s built in the protocol itself.
|
- Provides end to end security as it’s not dependent on protocol. Any intermediate hop in network does not affect the application.
- Supports wide set of security options as it is not dependent on protocol. We can also implement custom security.
|
|
Disadvantages
|
- As it’s a protocol implemented security so it works only point to point.
- As security is dependent on protocol it has limited security support and is bounded to the protocol security limitations.
|
- Needs application refactoring to implement security.
- As every message is encrypted and signed there are performance issues.
- Does not support interoperability with old ASMX webservices/
|
The following table is referenced from the 6461 Microsoft Official Courseware:
Not all bindings provide all security modes. The main reason that a binding may not provide all security modes is because the binding does not support some fundamental characteristic that the security mode requires. The following table lists which bindings support which modes.
|
Binding
|
Transport Security
|
Message Security
|
|
BasicHttp
|
HTTPS
|
WS-Security
|
| WSHttp |
HTTPS |
WS-Security
|
|
WSDualHttp
|
Not supported
|
WS-Security
|
|
NetTcp
|
Transport Layer Security (TLS)
|
WS-Security
|
|
NetNamedPipe
|
Transport Layer Security (TLS)
|
Not supported
|
|
MsmqIntegration
|
MSMQ Transport Security
|
Not supported
|
|
NetMsmq
|
MSMQ Transport Security
|
WS-Security
|
|
WSFederationHttp
|
HTTPS
|
WS-Security
|
Be the first to rate this post
- Currently 0/5 Stars.
- 1
- 2
- 3
- 4
- 5