BasichttpBinding vs WSHttpBinding of WCF

Question

I want to update client data with server data and vice-versa. Currently i am using BasicHttpBinding which is faster than wsHttpBinding. My requirnment is to achive:

• Fast data communication
• Secure communication

Two binding is suitable in this scenario BasicHttpBinding and wsHttpBinding. So which Binding should i use ? and What is the difference between BasicHttp and wsHttp binding ?

Answer 1

If you need security, use wsHttpBinding. It implements all the various security features, like message or transport security, client credentials provided as Windows credentials, username/password, or certificate. It supports reliable messaging and a lot more - a whole slew of the WS* standards.

BasicHttpBinding is just that - very very basic. It's more or less ASMX web services - pretty much no settings, no security (other than being routed over HTTPS).

If you need fast, use netTcpBinding - but that doesn't work well over internet connections. If that doesn't work, use basicHttpBinding - it's faster, leaner, less overhead than wsHttpBinding.

So you're back to the classic trade-off: you can have fast or secure - pick one. There's no "magic" way of having both at the same time - security does add overhead and thus slows things down. What is more important to you: secure communications, or fast communications??

Answer 2

wsHTttpBinding implemenets the WS-Security standard for web services communication, however, I believe HTTPS will provide you with sufficient security if you use basicHttpBinding.

You should also keep in mind that wsHttpBinding restricts your interoperability, as wsHttpBinding is only compatible with clients that support WS-* (SOAP 1.2).

In my opinion, I would stick with basicHttpBinding unless there are specific WS-* standard features that you need. In terms of WS-Security, the features it comes with is things like message level encryption (beyond the transport level encryption that HTTPS provides). To me, transport encryption ensures your message is encrypted when transmitted over the wire, the only benefit of having message level encryption is not wanting the overhead of using transport level security, but just wanting lighter weight encryption in specific areas of the message.

Here's a list of WS specifications from wikipedia for your information:

http://en.wikipedia.org/wiki/List_of_Web_service_specifications

Answer 3

Usually we recommend a fast secure transport like SSL for security. This is because any kind of message level security is CPU intensive in encryption/signing.

SO you can just use basic http binding with transport security for most scenarios without too much of trade off in perf.

If you aren't using any of the richer WS* protocols or sessions etc then you can stick with basic http binding.