原文地址:Difference between BasicHttpBinding and WsHttpBindingweb
一、簡介安全
WCF引入了不少的綁定和協議。本文重點討論兩個協議,BasicHttpBinding和WsHttpBinding,他們看起來很類似,可是卻有很大的不一樣。所以,咱們首先看一下他們的不一樣點,而後經過一個小項目看看他們到底有什麼不一樣。app
做者還總結了400多個.NET相關的話題,例如:WCF,WPF,WWF,Ajax,Core .NET,SQL Server,Architecture等等。less
下載地址:/Files/virusswb/SampleDotNetInterviewQuestionBook.zipwebapp
二、預備知識ide
若是你第一次接觸WCF,能夠經過下面的連接瞭解一下相關的知識。在本文就不講述WCF的基礎知識點了:函數
三、BasicHttpBinding和WsHttpBinding的不一樣點post
若是非要用一句話概述BasicHttpBinding和WsHttpBinding的不一樣的話,那就是WsHttpBinding支持WS-Security specifications,WS-Security specifications具備擴展web service的能力。ui
下面的表格式是對二者在安全、兼容性、可靠性和SOAP版本方面的比較。
| Criteria | BasicHttpBinding | WsHttpBinding |
| Security support | This supports the old ASMX style, i.e. WS-BasicProfile 1.1. | This exposes web services using WS-* specifications. |
| Compatibility | This is aimed for clients who do not have .NET 3.0 installed and it supports wider ranges of clients. Many of the clients like Windows 2000 still do not run .NET 3.0. So older version of .NET can consume this service. | As its built using WS-* specifications, it does not support wider ranges of client and it cannot be consumed by older .NET version less than 3 version. |
| Soap version | SOAP 1.1 | SOAP 1.2 and WS-Addressing specification. |
| Reliable messaging | Not supported. In other words, if a client fires two or three calls you really do not know if they will return back in the same order. | Supported as it supports WS-* specifications. |
| Default security options | By default, there is no security provided for messages when the client calls happen. In other words, data is sent as plain text. | As WsHttBinding supports WS-*, it has WS-Security enabled by default. So the data is not sent in plain text. |
| Security options |
|
|
二者之間最大的不一樣你必定已經注意到了,那就是安全。默認狀況下,BasicHttpBinding發送的是明文數據,而WsHttpBinding發送的是加密和更加安全的數據。爲了證實這一點,咱們新建兩個服務,一個使用BasicHttpBinding,一個使用WsHttpBinding,而後詳細查看一下他們的安全方面。
咱們建立一個小例子,看看basicHttpBinding是如何明文發送數據的,wsHttpBinding是如何加密數據的。
說明:默認狀況下,使用basicHttpBinding的時候,安全是沒有啓用的。換句話說,它很像之前的webservice,也就是.asmx。可是不意味着咱們不能啓用安全。稍後,我會寫一篇關於basicHttpBinding啓用安全的文章。
四、經過5步比較他們的不一樣點
爲了它們之間實際的不一樣點,咱們建立一個小工程。在工程中,建立兩個服務,一個使用basicHttpBinding,一個使用wsHttpBinding。
第一步:使用basicHttpBinding建立一個服務,system.serviceModel配置以下
<services>
<service name="WCFBasicHttpBinding.Service1" behaviorConfiguration="WCFBasicHttpBinding.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="basicHttpBinding" contract="WCFBasicHttpBinding.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFBasicHttpBinding.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
第二步:建立一個WsHttpBinding的服務,配置以下
<services>
<service name="WCFWsHttpBindingHttps.Service1" behaviorConfiguration="WCFWsHttpBindingHttps.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="wsHttpBinding" contract="WCFWsHttpBindingHttps.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFWsHttpBindingHttps.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
第三步:咱們不建立任何新函數,就是用默認建立的兩個函數,以下
{
public string GetData(int value)
{
return string.Format("You entered: {0}", value);
}
public CompositeType GetDataUsingDataContract(CompositeType composite)
{
if (composite.BoolValue)
{
composite.StringValue += "Suffix";
}
return composite;
}
}
第四步:服務已經建立好了,咱們建立一個消費服務的客戶端。在這裏,咱們建立一個WebApplication,添加兩個引用,一個是service reference,WsHttpBinding;另一個是web reference,BasicHttpBinding。請記住,在你右鍵添加引用的時候,經過service reference添加WsHttpBinding,經過web reference添加BasicHttpBinding。
咱們在webapplication的default頁面上添加兩個button,一個調用HTTP Service,另一個調用wshttp service。下面是它們如何調用服務的GetData方法。
第五步:到這裏咱們準備完成這個項目,到了嗅探的時候了,看看數據在客戶端和兩個服務之間是如何傳輸的。咱們下載並使用HTTP數據記錄器,IE Inspector。咱們將一個一個的點擊button,來記錄數據的傳輸。你將會看到在basicHttpBinding的狀況下,數據明文的經過xml發送;在wsHttpBinding的狀況下,數據被加密發送。
總之,儘可能避免使用BasicHttpBinding。
五、何時使用BasicHttpBinding,何時使用WsHttpBinding
若是你但願有向後兼容的能力,而且支持更多的客戶端,你能夠選擇basicHttpBinding,若是你肯定你的客戶端使用的是.NET 3.0甚至更高的話,你能夠選擇wsHttpBinding。