Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

BasichttpBinding vs WSHttpBinding of WCF

Tags:

wcf

I want to update client data with server data and vice-versa. Currently i am using BasicHttpBinding which is faster than wsHttpBinding. My requirnment is to achive:

  • Fast data communication
  • Secure communication

Two binding is suitable in this scenario BasicHttpBinding and wsHttpBinding. So which Binding should i use ? and What is the difference between BasicHttp and wsHttp binding ?

like image 577
Jeevan Bhatt Avatar asked Oct 04 '10 04:10

Jeevan Bhatt


3 Answers

If you need security, use wsHttpBinding. It implements all the various security features, like message or transport security, client credentials provided as Windows credentials, username/password, or certificate. It supports reliable messaging and a lot more - a whole slew of the WS* standards.

BasicHttpBinding is just that - very very basic. It's more or less ASMX web services - pretty much no settings, no security (other than being routed over HTTPS).

If you need fast, use netTcpBinding - but that doesn't work well over internet connections. If that doesn't work, use basicHttpBinding - it's faster, leaner, less overhead than wsHttpBinding.

So you're back to the classic trade-off: you can have fast or secure - pick one. There's no "magic" way of having both at the same time - security does add overhead and thus slows things down. What is more important to you: secure communications, or fast communications??

like image 102
marc_s Avatar answered Nov 01 '22 20:11

marc_s


wsHTttpBinding implemenets the WS-Security standard for web services communication, however, I believe HTTPS will provide you with sufficient security if you use basicHttpBinding.

You should also keep in mind that wsHttpBinding restricts your interoperability, as wsHttpBinding is only compatible with clients that support WS-* (SOAP 1.2).

In my opinion, I would stick with basicHttpBinding unless there are specific WS-* standard features that you need. In terms of WS-Security, the features it comes with is things like message level encryption (beyond the transport level encryption that HTTPS provides). To me, transport encryption ensures your message is encrypted when transmitted over the wire, the only benefit of having message level encryption is not wanting the overhead of using transport level security, but just wanting lighter weight encryption in specific areas of the message.

Here's a list of WS specifications from wikipedia for your information:

http://en.wikipedia.org/wiki/List_of_Web_service_specifications

like image 37
husainnz Avatar answered Nov 01 '22 19:11

husainnz


Usually we recommend a fast secure transport like SSL for security. This is because any kind of message level security is CPU intensive in encryption/signing.

SO you can just use basic http binding with transport security for most scenarios without too much of trade off in perf.

If you aren't using any of the richer WS* protocols or sessions etc then you can stick with basic http binding.

like image 32
Sajay Avatar answered Nov 01 '22 20:11

Sajay