原文地址:Difference between BasicHttpBinding and WsHttpBindingweb
一、简介安全
WCF引入了不少的绑定和协议。本文重点讨论两个协议,BasicHttpBinding和WsHttpBinding,他们看起来很类似,可是却有很大的不一样。所以,咱们首先看一下他们的不一样点,而后经过一个小项目看看他们到底有什么不一样。app
做者还总结了400多个.NET相关的话题,例如:WCF,WPF,WWF,Ajax,Core .NET,SQL Server,Architecture等等。less
下载地址:/Files/virusswb/SampleDotNetInterviewQuestionBook.zipwebapp
二、预备知识ide
若是你第一次接触WCF,能够经过下面的连接了解一下相关的知识。在本文就不讲述WCF的基础知识点了:函数
三、BasicHttpBinding和WsHttpBinding的不一样点post
若是非要用一句话概述BasicHttpBinding和WsHttpBinding的不一样的话,那就是WsHttpBinding支持WS-Security specifications,WS-Security specifications具备扩展web service的能力。ui
下面的表格式是对二者在安全、兼容性、可靠性和SOAP版本方面的比较。
| Criteria | BasicHttpBinding | WsHttpBinding |
| Security support | This supports the old ASMX style, i.e. WS-BasicProfile 1.1. | This exposes web services using WS-* specifications. |
| Compatibility | This is aimed for clients who do not have .NET 3.0 installed and it supports wider ranges of clients. Many of the clients like Windows 2000 still do not run .NET 3.0. So older version of .NET can consume this service. | As its built using WS-* specifications, it does not support wider ranges of client and it cannot be consumed by older .NET version less than 3 version. |
| Soap version | SOAP 1.1 | SOAP 1.2 and WS-Addressing specification. |
| Reliable messaging | Not supported. In other words, if a client fires two or three calls you really do not know if they will return back in the same order. | Supported as it supports WS-* specifications. |
| Default security options | By default, there is no security provided for messages when the client calls happen. In other words, data is sent as plain text. | As WsHttBinding supports WS-*, it has WS-Security enabled by default. So the data is not sent in plain text. |
| Security options |
|
|
二者之间最大的不一样你必定已经注意到了,那就是安全。默认状况下,BasicHttpBinding发送的是明文数据,而WsHttpBinding发送的是加密和更加安全的数据。为了证实这一点,咱们新建两个服务,一个使用BasicHttpBinding,一个使用WsHttpBinding,而后详细查看一下他们的安全方面。
咱们建立一个小例子,看看basicHttpBinding是如何明文发送数据的,wsHttpBinding是如何加密数据的。
说明:默认状况下,使用basicHttpBinding的时候,安全是没有启用的。换句话说,它很像之前的webservice,也就是.asmx。可是不意味着咱们不能启用安全。稍后,我会写一篇关于basicHttpBinding启用安全的文章。
四、经过5步比较他们的不一样点
为了它们之间实际的不一样点,咱们建立一个小工程。在工程中,建立两个服务,一个使用basicHttpBinding,一个使用wsHttpBinding。
第一步:使用basicHttpBinding建立一个服务,system.serviceModel配置以下
<services>
<service name="WCFBasicHttpBinding.Service1" behaviorConfiguration="WCFBasicHttpBinding.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="basicHttpBinding" contract="WCFBasicHttpBinding.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFBasicHttpBinding.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
第二步:建立一个WsHttpBinding的服务,配置以下
<services>
<service name="WCFWsHttpBindingHttps.Service1" behaviorConfiguration="WCFWsHttpBindingHttps.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="wsHttpBinding" contract="WCFWsHttpBindingHttps.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFWsHttpBindingHttps.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
第三步:咱们不建立任何新函数,就是用默认建立的两个函数,以下
{
public string GetData(int value)
{
return string.Format("You entered: {0}", value);
}
public CompositeType GetDataUsingDataContract(CompositeType composite)
{
if (composite.BoolValue)
{
composite.StringValue += "Suffix";
}
return composite;
}
}
第四步:服务已经建立好了,咱们建立一个消费服务的客户端。在这里,咱们建立一个WebApplication,添加两个引用,一个是service reference,WsHttpBinding;另一个是web reference,BasicHttpBinding。请记住,在你右键添加引用的时候,经过service reference添加WsHttpBinding,经过web reference添加BasicHttpBinding。
咱们在webapplication的default页面上添加两个button,一个调用HTTP Service,另一个调用wshttp service。下面是它们如何调用服务的GetData方法。
第五步:到这里咱们准备完成这个项目,到了嗅探的时候了,看看数据在客户端和两个服务之间是如何传输的。咱们下载并使用HTTP数据记录器,IE Inspector。咱们将一个一个的点击button,来记录数据的传输。你将会看到在basicHttpBinding的状况下,数据明文的经过xml发送;在wsHttpBinding的状况下,数据被加密发送。
总之,尽可能避免使用BasicHttpBinding。
五、何时使用BasicHttpBinding,何时使用WsHttpBinding
若是你但愿有向后兼容的能力,而且支持更多的客户端,你能够选择basicHttpBinding,若是你肯定你的客户端使用的是.NET 3.0甚至更高的话,你能够选择wsHttpBinding。