Table of Contents
Introduction and Goal
WCF has introduced lot of bindings and protocols. This article will concentrate on two important protocols BasicHttpBinding and WsHttpBinding which look similar but have some huge fundamental differences. We will first start with the difference and then we will create a small project and see how the differences look practically.
Nowadays I am distributing my 400 questions and answers ebook which covers major .NET related topics like WCF, WPF, WWF, AJAX, core .NET, SQL Server, architecture, and a lot more. I am sure you will enjoy this ebook.
Pre-requisite
In case you are new to WCF, please do read the basics from the below given links. Basics of WCF are not in the scope of this article:
Difference between BasicHttpBinding and WsHttpBinding
If we want to summarize in one sentence, the difference between WsHttpBinding and BasicHttpBinding is that WsHttpBinding supports WS-* specification. WS-* specifications are nothing but standards to extend web service capabilities.
Below is a detailed comparison table between both the entities from security, compatibility, reliability, and SOAP version perspectives.
| Criteria | BasicHttpBinding | WsHttpBinding |
| Security support | This supports the old ASMX style, i.e., WS-BasicProfile 1.1. | This exposes web services using WS-* specifications. |
| Compatibility | This is aimed for clients who do not have .NET 3.0 installed and it supports wider ranges of clients. Many of the clients like Windows 2000 still do not run .NET 3.0. So an older version of .NET can consume this service. | As it is built using WS-* specifications, it does not support wider ranges of clients and it cannot be consumed by older .NET versions less than 3 version. |
| SOAP version | SOAP 1.1 | SOAP 1.2 and WS-Addressing specification. |
| Reliable messaging | Not supported. In other words, if a client fires two or three calls you really do not know if they will return back in the same order. | Supported as it supports WS-* specifications. |
| Default security options | By default, there is no security provided for messages when the client calls happen. In other words, data is sent as plain text. | As WsHttBinding supports WS-*, it has WS-Security enabled by default. So the data is not sent in plain text. |
| Security options |
- None
- Windows – default authentication
- Basic
- Certificate
|
- None
- Transport
- Message
- Transport with message credentials
|
One of the biggest differences you must have noticed is the security aspect. By default, BasicHttpBinding sends data in plain text while WsHttpBinding sends it in an encrypted and secured manner. To demonstrate the same, let's make two services, one using BasicHttpBinding and the other using WsHttpBinding and then let's see the security aspect in a more detailed manner.
We will create a small sample to see how BasicHttpBinding sends data in plain text format and how WsHttpBinding encrypts data.
Note: By default, security is not enabled on BasicHttpBinding for interoperability purposes. In other words, it is like our old webservice, i.e. ASMX. But that does not mean we cannot enable security in BasicHttpBinding. Sometime back, we i had written an article on how to enable security on BasicHttpBinding.
Five Steps to See the Actual Difference between BasicHttpBinding and WsHttpBinding
In order to understand the real differences between these entities, we will do a small project. In this project, we will create two WCF services, one service using BasicHttpBinding and the second service using WsHttpBinding.
Step 1: Let's first create a simple service using BasicHttpBinding. For that, we just create a simple WCF project and then modify the ServiceModel element as shown below. You can see in the endpoint tag that we have specified basicHttpBinding as the protocol.
<system.serviceModel>
<services>
<service name="WCFBasicHttpBinding.Service1"
behaviorConfiguration="WCFBasicHttpBinding.Service1Behavior">
<endpoint address="" binding="basicHttpBinding" contract="WCFBasicHttpBinding.IService1">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFBasicHttpBinding.Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Step 2: We also need to create one more service using WsHttpBinding. For that, you do not need to do anything special as such. By default, a WCF project is created using WsHttpBinding. Below is how the Web.config file looks like. You can see how the endpoint tag is using wsHttpBinding.
<system.serviceModel>
<services>
<service name="WCFWsHttpBindingHttps.Service1"
behaviorConfiguration="WCFWsHttpBindingHttps.Service1Behavior">
<endpoint address="" binding="wsHttpBinding" contract="WCFWsHttpBindingHttps.IService1">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFWsHttpBindingHttps.Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Step 3: We will not be creating any new methods in both the services. We will just use the default code created by the WCF template. So both these services will have a GetData function which returns a string. The GetData function is a default function created WCF project.
public class Service1 : IService1
{
public string GetData(int value)
{
return string.Format("You entered: {0}", value);
}
public CompositeType GetDataUsingDataContract(CompositeType composite)
{
if (composite.BoolValue)
{
composite.StringValue += "Suffix";
}
return composite;
}
}
Step 4: Now that our services are created, we need to create a client which will consume this service. So we have created a simple web application and we have added two references, one is a service reference, i.e., WsHttpBinding, and the second is a web reference, i.e., BasicHttpBinding. In this example I have used a web reference to add BasicHttpBinding but you can do this by using Add Service Reference as well. I have used Add Web Reference to just prove that BasicHttpBinding is actually backwards compatible with old web services.
We will add two buttons on the default ASPX page. One button will call the HTTP service and the other will call the WsHttp service. Below is how the function GetData is called in both the button clicks.
Step 5: Now that we are ready with the complete project, it is time to sniff and see how data is transported between the client and the service in both scenarios. Let's download a simple HTTP data recorder from here. We will then click both the buttons one by one and record the data transfer using httpanalyzer. You can see the posted data is in simple plain XML format for the basic HTTP protocol and it is in an encrypted format for the wshttp protocol.
In other words, avoid BasicHttp as far as possible.
Consideration When to Use BasicHttp and WsHttp
If you are looking for backwards compatibility and to support a lot of clients, then basic HTTP binding is the way to go, or else WsHttp is a great way to start if you are seeing your clients made in .NET 3.0 and above.
History
- 13th May, 2009: Initial post.
For further reading do watch the below interview preparation videos and step by step video series.
