WCF Interview Questions:
- What is a fault contract?
- What are the core security concepts supported by WCF?
- Difference between Message Level security and Transport Level security?
- Difference between BasicHttpBinding and WsHttpBinding w.r.t Security?
- Please explain about authorization options supported in WCF?
- Explain WCF Data Services?
- WCF Data Services Vs ASP.NET Web API OData?
- What all are the security mode supported by various WCF bindings?
- What is Reliable Messaging in WCF?
1.What is a fault contract?
A fault contract defines errors raised by the service, and how the service handles and propagates errors to its clients.
WCF handles and returns error details to client using Fault Contract.
An operation contract can have zero or more fault contracts associated with it.
You can read more detailed explanation on Fault contract here.
2. What are the core security concepts supported by WCF?
- Confidentiality: Confidentiality is confirming the recipient. WCF make sure only the valid recipient can read the message when it passed between service and client.
- Integrity: Integrity is to ensure that message received is not being tempered or changed during exchange.
- Authentication: Authentication is a way for the sender and receiver to identify each other.
- Authorization: ensures that what actions an authenticated user can perform?
3. Difference between Message Level security and Transport Level security?
|Transport Level Security||Message Level Security|
|As Transport Level Security secures the network protocol, so no extra coding required.||As the message is secured (signed and encrypted) while transmitting through the network, any intermediate hop in the network has no impact on security.|
|As client and service doesn’t need to understand WS-Security specification results support for interoperability.||Being transport-independent, it can support multiple transport options.|
|Improved performance can be achieved by using hardware accelerators.||Supports wide range of security options, even we can implement custom security.|
|Lacks support for intermediate systems because it’s point to point and protects the “pipe” between a single client and a service.||Every individual Message is secured means there is a cost to encrypt a message at one side and decrypt on the other resulting in reduced performance.|
|Security options are comparatively less due to protocol security limitations.||Lacks Interoperability. It demands both client and service should support WS-Security specification, so no support for applications developed in older technologies like ASMX.|
4. Difference between BasicHttpBinding and WsHttpBinding w.r.t Security?
Microsoft Windows Communication Foundation comes with a set of built-in bindings and each binding is designed to fulfill some specific need. So, if interoperability is our concern and we need to communicate with non-WCF system, then, we should go for basicHttpBinding or wsHttpBinding.
|Primarily BasicHttpBinding is designed to exchange SOAP over HTTP(s) only, just like old ASMX or .net web services and supports the WS-I BasicProfile.||WsHttpBinding supports the advanced WS-* specification which includes WS-Addressing and WS-Security etc.|
|It has higher level of interoperability with existing services and clients.||Due to more advanced messaging scenarios, it has reduced support for wider range of older clients.|
|BasicHttpBinding is based on SOAP 1.1 specification.||WsHttpBinding supports SOAP 1.2 specification.|
|No support for reliable Messaging.||Supports for reliable messaging.|
|No support for transactions.||It supports atomic and distributed transactions.|
|It has fewer security options. Or we can say, there is no security provided, by default, for BasicHttpBinding.||Because WsHttpBinding supports advanced WS-* specification, it has a lot more security options available. For example, It provides message-level security i.e. message is not sent in plain text. Also it supports for WS-Trust and WS-Secure conversation.|
|At transport level, it provides support for confidentiality through SSL.||It supports for both Transport as well as Message level security.|
|BasicHttpBinding is a bit faster because security is disabled by default.||As it supports advanced security options and its enabled by default, so it’s a bit slower than BasicHttpBinding.|
5. Please explain about authorization options supported in WCF?
- Role-based authorization is the most common authorization approach being used. In this approach, authenticated user has assigned roles and system checks and verifies that either a specific assigned role can perform the operation requested.
- Identity-based authorization approach basically provides support for identity model feature which is considered to be an extension to role-based authorization option. In this approach, service verifies client claims against authorization policies and accordingly grant or deny access to operation or resource.
For more details on Authorization with Identity Model, please follow here.
- Resource-based authorization approach is a bit different because it’s applied on individual resources and secure those using windows access control lists (ACLs).
6. Explain WCF Data Services ?
- WCF Data Services enables creation and consumption of data services for the Web or an intranet by using the Open Data Protocol (OData).
- OData enables you to expose your data as resources that are addressable by URIs.
- This enables you to access and change data by using the semantics of representational state transfer (REST), specifically the standard HTTP verbs of GET, PUT, POST, and DELETE
7. WCF Data Services Vs ASP.NET Web API OData?
8. What all are the security mode supported by various WCF bindings?
9. What is Reliable messaging in WCF?
Networks are not perfectly reliable and there might be drop signals or congestions. WCF allows us to ensure the reliability of messaging by implementing WS-ReliableMessaging protocol. Here is how you can configure reliable messaging in WCF.
By default this is false. Setting it to true enables reliable messaging.
Ordered message processing can only be enabled if reliableSession is enabled. If reliableSession is enabled, ordered message processing is also enabled by default, but it can be turned off by setting this value to false. If turned off, messages are processed in the order received.
This setting specifies how long a session can remain open with no messages received before it times out. The default value is ten minutes.
© 2015, admin. All rights reserved.