Contracts in WCF

WCF defines 4 Types of Contracts:

1. Service Contract: Service Contract is an interface or a class that defines the service contract in a Windows Communication Foundation (WCF) application. A service contract is the gateway to a service for external applications to make use of the service functions, and at least one service contract should be available in a service.

2. Data Contract: Data Contract defines a type with a set of data members or fields that will be used as the composite type or data members in a service contract.


3. Message Contract: A Message Contract is used to control the structure of a message body and serialization process. It is used to send/access the information in the soap header. Using a Message Contract, we can customize the parameters which is sent using a SOAP message between the client and the server. The SOAP header is implemented in the namespace system.web.services.protocol.

4. Fault Contract: When any WCF service throws an exception, then the client cannot be notified directly of about exception. Because whenever an exception is thrown from a service, it cannot be sent to the client. So if we want to get actual exception which is occured in service functionality then a fault contract can be used as shown below.

What is WCF Endpoints

In WCF, we have Endpoints - Address, Binding and Contracts.

Address: WHERE ?
specifies where service is located or hosted
http://localhost:8080/MyWCFServices/GetDollarRate.svc
Binding: HOW ?
specifies how to communication will be done through the WCF Service and what type of communication should be with Client and Service.

It defines how the client will communicate with the service. There are different types of protocols are available for communicating Client to the service. Depend of different types of bindings communication happens.

Contracts: WHAT ?
specifies that the functionality of service, what will service do. We can use multiple contracts for the functionality of WCF service.

[ServiceContract]
public interface IService
{

[OperationContract]
string GetData(int value);

[OperationContract]
CompositeType GetDataUsingDataContract(CompositeType composite);

// TODO: Add your service operations here
}

WCF defines 4 Types of Contracts:

1. Service Contract
2. Data Contract
3. Message Contract
4. Fault Contract

Read more about Contracts in WCF...

WCF Services- Bydefault Security for Bindings

This is very important thing regarding the security in WCF services.


Security in Windows Communication Foundation i.e. WCF can be divided at two levels-

1. Transport Level Security
2. Message Level Security

Some bindings are there with bydefault security as follows-

1. BasicHttpBinding

• No Security
• Interopable with ASMX Web Services

2. WsHttpBinding

• Message Level Security
• SOAP Messages are encrypted

3. NetTcpBinding

• Transport Level Security
• Packets are encrypted but not the messages (SOAP messages)

Difference between WCF and Web service

Here, you can find some differences between WCF and Webservices.

For serialization in a web service, we use System.Xml.serialization namespace.
WCF uses the System.Runtime.Serialization namespace for serialization.

In a web service, we need to add the [WebService] attribute to the class.
In WCF, we need to add the [ServiceContract] attribute to the class for defining the contracts.

We can host a web service in IIS.
We can host WCF in IIS, WAS (Windows Activation Service), self-hosting and a Windows Service.

Add the [WebMethod] attribute to the method in a web service.
Add the [OperationContract] attribute to the method in WCF.

Types of WCF Binding

There are mainly 8 types of bindings are available in WCF as below:

1. BasicHttpBinding

• It is suitable for communicating with ASP.NET Web services (ASMX)-based services that comfort with WS-Basic Profile conformant Web services.
• This binding uses HTTP as the transport and text/XML as the default message encoding.
• Security is disabled by default
• This binding does not support WS-* functionalities like WS- Addressing, WS-Security, WS-ReliableMessaging
• It is fairly weak on interoperability.

2. WSHttpBinding

• Defines a secure, reliable, interoperable binding suitable for non-duplex service contracts.
• It offers lot more functionality in the area of interoperability.
• It supports WS-* functionality and distributed transactions with reliable and secure sessions using SOAP security.
• It uses HTTP and HTTPS transport for communication.
• Reliable sessions are disabled by default.

3. WSDualHttpBinding

• This binding is same as that of WSHttpBinding, except it supports duplex service. Duplex service is a service which uses duplex message pattern, which allows service to communicate with client via callback.
• In WSDualHttpBinding reliable sessions are enabled by default. It also supports communication via SOAP intermediaries.

4. WSFederationHttpBinding

• This binding support federated security. It helps implementing federation which is the ability to flow and share identities across multiple enterprises or trust domains for authentication and authorization. It supports WS-Federation protocol.

5. NetTcpBinding

• This binding provides secure and reliable binding environment for .Net to .Net cross machine communication. 
• By default it creates communication stack using WS-ReliableMessaging protocol for reliability, TCP for message delivery and windows security for message and authentication at run time. It uses TCP protocol and provides support for security, transaction and reliability.

6. NetNamedPipeBinding

• This binding provides secure and reliable binding environment for on-machine cross process communication. It uses NamedPipe protocol and provides full support for SOAP security, transaction and reliability. 
• By default it creates communication stack with WS-ReliableMessaging for reliability, transport security for transfer security, named pipes for message delivery and binary encoding.

7. NetMsmqBinding

• This binding provides secure and reliable queued communication for cross-machine environment.
• Queuing is provided by using MSMQ as transport.
• It enables for disconnected operations, failure isolation and load leveling

8. NetPeerTcpBinding

• This binding provides secure binding for peer-to-peer environment and network applications.
• It uses TCP protocol for communication
• It provides full support for SOAP security, transaction and reliability.

How to secure your WCF Service ?

WCF is a distributed programming platform based on SOAP messages. 

Using WCF, you can create applications that function as both services and service clients, creating and processing messages from an unlimited number of other services and clients. In such a distributed application, messages can flow from node to node, through firewalls, onto the Internet, and through numerous SOAP intermediaries.

This introduces a variety of message security threats.

The following examples illustrate some common threats that WCF security can help mitigate when exchanging messages between entities:

• Observation of network traffic to obtain sensitive information. For example, in an online-banking scenario, a client requests the transfer of funds from one account to another. A malicious user intercepts the message and, having the account number and password, later performs a transfer of funds from the compromised account.
• Rogue entities acting as services without awareness of the client. In this scenario, a malicious user (the rogue) acts as an online service and intercepts messages from the client to obtain sensitive information. Then the rogue uses the stolen data to transfer funds from the compromised account. This attack is also known a phishing attack.
• Alteration of messages to obtain a different result than the caller intended. For example, altering the account number to which a deposit is made allows the funds to go to a rogue account.
• Hacker replays in which a nuisance hacker replays the same purchase order. For example, an online bookstore receives hundreds of orders and sends the books to a customer who has not ordered them.
• Inability of a service to authenticate a client. In this case, the service cannot assure that the appropriate person performed the transaction.

See in summary, transfer security provides the following assurances:

• Service endpoint (respondent) authentication.
• Client principal (initiator) authentication.
• Message integrity.
• Message confidentiality.
• Replay detection.

Introduction - What is WCF

Lets see WCF services introduction, what is WCF, benefit of WCF and WCF tutorial.

WCF - Windows Communication Foundation ) is SDK which is used to create distributed network services.

Windows Communication Foundation (WCF) is a SOAP message-based distributed programming platform, and securing messages between clients and services is essential to protecting data. 

WCF provides a versatile and interoperable platform for exchanging secure messages based upon both the existing security infrastructure and the recognized security standards for SOAP messages.


WCF is a programming platform and runtime system for building, configuring and deploying network-distributed services. 

It is the latest service oriented technology; Interoperability is the fundamental characteristics of WCF. It is unified programming model provided in .Net Framework 3.0. 

WCF is a combined features of Web Service, Remoting, MSMQ and COM+. WCF provides a common platform for all .NET communication.

WCF Advantage:

• WCF is interoperable with other services when compared to .Net Remoting,where the client and service have to be .Net.
• WCF services provide better reliability and security in compared to ASMX web services.
• In WCF, there is no need to make much change in code for implementing the security model and changing the binding. Small changes in the configuration will make your requirements.
• WCF has integrated logging mechanism, changing the configuration file settings will provide this functionality. In other technology developer has to write the code.

What is the difference between WCF and Web Services?

• Web services can only be invoked by HTTP. 
• While Services or a WCF component can be invoked by any protocol and any transport type. 
• Web services are not flexible.