BasichttpBinding vs WSHttpBinding of WCF

前端 未结 3 702
半阙折子戏
半阙折子戏 2021-02-15 11:11

I want to update client data with server data and vice-versa. Currently i am using BasicHttpBinding which is faster than wsHttpBinding. My requirnment is to achive:

相关标签:
3条回答
  • 2021-02-15 11:30

    If you need security, use wsHttpBinding. It implements all the various security features, like message or transport security, client credentials provided as Windows credentials, username/password, or certificate. It supports reliable messaging and a lot more - a whole slew of the WS* standards.

    BasicHttpBinding is just that - very very basic. It's more or less ASMX web services - pretty much no settings, no security (other than being routed over HTTPS).

    If you need fast, use netTcpBinding - but that doesn't work well over internet connections. If that doesn't work, use basicHttpBinding - it's faster, leaner, less overhead than wsHttpBinding.

    So you're back to the classic trade-off: you can have fast or secure - pick one. There's no "magic" way of having both at the same time - security does add overhead and thus slows things down. What is more important to you: secure communications, or fast communications??

    0 讨论(0)
  • 2021-02-15 11:38

    Usually we recommend a fast secure transport like SSL for security. This is because any kind of message level security is CPU intensive in encryption/signing.

    SO you can just use basic http binding with transport security for most scenarios without too much of trade off in perf.

    If you aren't using any of the richer WS* protocols or sessions etc then you can stick with basic http binding.

    0 讨论(0)
  • 2021-02-15 11:49

    wsHTttpBinding implemenets the WS-Security standard for web services communication, however, I believe HTTPS will provide you with sufficient security if you use basicHttpBinding.

    You should also keep in mind that wsHttpBinding restricts your interoperability, as wsHttpBinding is only compatible with clients that support WS-* (SOAP 1.2).

    In my opinion, I would stick with basicHttpBinding unless there are specific WS-* standard features that you need. In terms of WS-Security, the features it comes with is things like message level encryption (beyond the transport level encryption that HTTPS provides). To me, transport encryption ensures your message is encrypted when transmitted over the wire, the only benefit of having message level encryption is not wanting the overhead of using transport level security, but just wanting lighter weight encryption in specific areas of the message.

    Here's a list of WS specifications from wikipedia for your information:

    http://en.wikipedia.org/wiki/List_of_Web_service_specifications

    0 讨论(0)
提交回复
热议问题