locked
wcf problems with data /security wshttpbinding vs basichttpbinding RRS feed

  • Question

  • I am developing a WCF (IIS hosted service) and the client is windows application .I want to use it with in our local domain. I want to enable anonymous access on my service so enabled anonymous access on IIS/Virtual directory. but when i use wshttpbinding and when i try to access service from client machines i get error (security error not authenticated) and when i use basichttp binding i am able to access the service without any error but the problem is when i use basichttpbinding i get incorrect results. for example my wcf is as below. if i create proxy and call the addfieldvalue method a couple of times and then call the fieldcount method i get result as 0 but the same methods when i call using wshttpbinding i get correct results. so can any one suggest me the steps as how i can make my wcf working and also how to make it work on anonymous access if i am using wshttpbinding.

     public class SRC : ISRC

    {
     private List<Fields> ObjecFields = new List<Fields>();

     Method 1
     public void AddFieldValue(string FldName,string FldValue)
            {
                    Fields CurFld= new Fields();
                    CurFld.FieldName = FldName;
                    CurFld.FieldValue = FldValue;
                    ObjecFields.Add (CurFld);
                    CurFld=null;
                   
            }
     
     Method 2
     public int FieldCount()
     {
       return ObjecFields.Count;
     }
    }


    Wednesday, July 20, 2011 1:24 PM

Answers

  • You have to first decide what you need from the binding. For example, why do you want wsHttpBinding and not basicHttpBinding? wsHttpBinding offers the use of ws-* standards, such as addressing, security, reliable-messaging, transactions ..., do you need any of these? If so, which ones? if not, than why don't you want to use basicHttp?
    Please mark posts as answers/helpful if it answers your question. Senior Consultant on WCF, ASP.NET, Siverlight, and Entity Framework. Author of Microsoft's Official WCF 4 Course. Co-author of the Microsoft HPC/Azure burst whitepaper. Visit my blog: http://blogs.microsoft.co.il/blogs/idof
    • Proposed as answer by Ido Flatow. _ Tuesday, July 26, 2011 7:31 AM
    • Marked as answer by Yi-Lun Luo Tuesday, July 26, 2011 9:19 AM
    Thursday, July 21, 2011 5:29 AM

All replies

  • There are two things that need to be clarified:

    1. basicHttpBinding is not secured by default, while wsHttpBinding is secured by default with windows identities. To change this you need to change the binding configuration of your endpoint.

    2. By default, basicHttpBinding and wsHttpBinding do not support sessions. The default behavior of a WCF service is to have an instance of your service per client session, but because none of the bindings supports sessions you get a new service instance every time you send a request. To solve this you either need to use a binding that support session, such as netTcpBinding or wsHttpBinding with reliable-messaging. The other option is to change the service behavior from perSession instance to a single instance - in this way all the requests will be handled by the same service instance. Please note that when using a single instance the default concurrency mode of WCF is single threaded, meaning all concurrent requests will be synchronized. If you need to handle multiple concurrent requests, change the concurrency mode of the service behavior to multiple.


    Please mark posts as answers/helpful if it answers your question. Senior Consultant on WCF, ASP.NET, Siverlight, and Entity Framework. Author of Microsoft's Official WCF 4 Course. Co-author of the Microsoft HPC/Azure burst whitepaper. Visit my blog: http://blogs.microsoft.co.il/blogs/idof
    • Proposed as answer by Ido Flatow. _ Tuesday, July 26, 2011 7:31 AM
    Wednesday, July 20, 2011 2:28 PM
  • Hi Ido,

    I am using the application within the domain and its internal to organisation and high security isnt requried. so basichttpbinding if basichttpbinding fulfills my requirements i dont mind going for it. u said both bindings do not support sessions so you mean for each call a new instance is created? i mean  in my above example when i call method1 a seperate instance is created and when i call method2 seperate instance is created is tht what u mean to say?. is there a way i can have anonymous access implemented using wshttpbinding?  thinking on alternatives will come back wtih more doubts if i have.

    Cheers,

    Friend

    Wednesday, July 20, 2011 5:13 PM
  • 1. A new instance is created upon each request, so method1 and method2 will always run on different service instance.

    2. If you want the methods to execute in the same instance, you can change the Instance Context Mode to Single (this is controlled by the ServiceBehavior attribute that you can put on the service class).

    3. You can create a binding configuration for the wsHttpBinding, and set the security mode to none.


    Please mark posts as answers/helpful if it answers your question. Senior Consultant on WCF, ASP.NET, Siverlight, and Entity Framework. Author of Microsoft's Official WCF 4 Course. Co-author of the Microsoft HPC/Azure burst whitepaper. Visit my blog: http://blogs.microsoft.co.il/blogs/idof
    Wednesday, July 20, 2011 6:01 PM
  • Hi Ido,

     

    Do u have a sample wcf  (IIS hosted) or links to such samples which can be accessed anonymously from the client computers using wshttpbinding?. I dont want to implement windows authentication for web services what are other options i can look into ??

     

    Cheers

    Friend

    Thursday, July 21, 2011 5:14 AM
  • You have to first decide what you need from the binding. For example, why do you want wsHttpBinding and not basicHttpBinding? wsHttpBinding offers the use of ws-* standards, such as addressing, security, reliable-messaging, transactions ..., do you need any of these? If so, which ones? if not, than why don't you want to use basicHttp?
    Please mark posts as answers/helpful if it answers your question. Senior Consultant on WCF, ASP.NET, Siverlight, and Entity Framework. Author of Microsoft's Official WCF 4 Course. Co-author of the Microsoft HPC/Azure burst whitepaper. Visit my blog: http://blogs.microsoft.co.il/blogs/idof
    • Proposed as answer by Ido Flatow. _ Tuesday, July 26, 2011 7:31 AM
    • Marked as answer by Yi-Lun Luo Tuesday, July 26, 2011 9:19 AM
    Thursday, July 21, 2011 5:29 AM
  • And as for your request, here is a description of how to configure wsHttpBinding with no client authentication:

    http://msdn.microsoft.com/en-us/library/ms733938.aspx

    This is a secured channel configuration that doesn't require the client to authenticate, only the service authenticates


    Please mark posts as answers/helpful if it answers your question. Senior Consultant on WCF, ASP.NET, Siverlight, and Entity Framework. Author of Microsoft's Official WCF 4 Course. Co-author of the Microsoft HPC/Azure burst whitepaper. Visit my blog: http://blogs.microsoft.co.il/blogs/idof
    Thursday, July 21, 2011 5:42 AM