Click here to Skip to main content
12,831,625 members (32,057 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


4 bookmarked
Posted 8 Oct 2013

WCF Service FAQs - Part 3

, 8 Oct 2013 CPOL
Rate this:
Please Sign up or sign in to vote.
Part 3 of WCF Service FAQs

This WCF service tutorial is part-3 in the series of WCF Service FAQs. The previous part in this series is already published at WCF Service FAQs – Part 2.

What is a Fault Contract?

Normally, by default, when some exception occurs at a WCF service level, it will not expose as it is to the client. The reason is that WCF exception is a CLR exception and it doesn’t make sense to expose it outside of CLR because it contains internal details of service code like stack trace. So, WCF handles and returns error details to client using Fault Contract.

“So, fault contract is a contract that contains the details of possible exception(s) that might occur in a service code.”

public interface IService1
    int MyOperation1();
public class MyFaultDetails
    public string ErrorDetails { get; set; }

In implementing service.....

public int MyOperation1()

    //Do something......

           MyFaultDetails ex = new MyFaultDetails();
           ex.ErrorDetails = “Specific error details here.“;
           throw new FaultException(ex,“Reason: Testing.....“);

A user has a service with a one-way operation that includes a fault contract, and he gets an exception when he tries to host the service. Why?

This is true, because, to return faults, the service requires some form of a two-way communication channel, which is not there with one-way operations.

What are the core security concepts supported by WCF?

There are four core security features:

  1. Confidentiality: It’s a confirmation about the recipient. Only the valid recipient can read the message when it passed between service and client.
  2. Integrity: is to ensure that message received is not being tempered or changed during exchange.
  3. Authentication: is a way for the parties (sender and receiver) to identify each other.
  4. Authorization: ensures what actions an authenticated user can perform?

Difference between Message Level security and Transport Level security?

Security can be configured at different levels in Windows Communication Foundation:

  1. Transport Level Security
  2. Message Level Security

Details about this topic are already given in another post “Top 10 WCF Interview Questions”.

Difference between BasicHttpBinding and WsHttpBinding with respect to security?

Please follow differences between BasicHttpBinding and WsHttpBinding for more detailed discussion, but the basic difference with respect to security is as follows:
As WsHttpBinding supports advanced WS-* specification, it has a lot more security options available. For example, it provides message-level security, i.e., message is not sent in plain text. Also it supports for WS-Trust and WS-Secure conversation.
While in case of BasicHttpBinding, it has fewer security options, or we can say, there is no security provided, by default. At transport level, it can provide confidentiality through SSL.

Please explain about authorization options supported in WCF?

Authorization as a core feature of security in WCF supports different authorization types.

  • Role-based authorization is the most common authorization approach being used. In this approach, the authenticated user has assigned roles and system checks and verifies that either a specific assigned role can perform the operation requested.
  • Identity-based authorization approach basically provides support for identity model feature which is considered to be an extension to role-based authorization option. In this approach, service verifies client claims against authorization policies and accordingly grant or deny access to operation or resource.
  • Resource-based authorization approach is a bit different because it’s applied on individual resources and secures those using Windows Access Control Lists (ACLs).

What is Reliable Messaging in WCF?

We know that networks are not perfect enough and those might drop signals or in some scenarios there can be a possibility of wrong order of messages during message exchange.
WCF allows us to ensure the reliability of messaging by implementing WS-ReliableMessaging protocol. Here is how you can configure reliable messaging in WCF:

               <binding name="Binding1">
                                   inactivityTimeout="00:02:00" />

What are Reliable Sessions in WCF?

Reliable sessions actually ensure that the caller for messages will know about the lost message(s) but it can’t guarantee about the delivery of message(s).
There is a misconception about reliable sessions that it ensures the session will never expire or stays for a very long time. This we can achieve by using timeout for sessions.

Briefly explain WCF RESTful services?

RESTful services are those which follow the REST (Representational State Transfer) architectural style.

As we know, WCF allows us to make calls and exchange messages using SOAP over a variety of protocols, i.e. HTTP, TCP, NamedPipes and MSMQ, etc. In a scenario, if we are using SOAP over HTTP, we are just utilizing HTTP as a transport. But HTTP is much more than just a transport.
So, when we talk about REST architectural style, it dictates that “Instead of using complex mechanisms like CORBA, RPC or SOAP for communication, simply HTTP should be used for making calls”.
RESTful architecture uses HTTP for all CRUD operations like (Read/CREATE/Update/Delete) using simple HTTP verbs like (GET, POST, PUT, and DELETE). It’s simple as well as lightweight.
You can follow 5 simple steps to create your first RESTful service.

Briefly explain WCF Data Services?

WCF Data services previously known as ADO.NET data services are basically based on OData (Open Data Protocol) standard which is a REST (Representational State Transfer) protocol.

According to,

The Open Data Protocol (OData) is a Web protocol for querying and updating data that provides a way to unlock your data and free it from silos that exist in applications today. OData does this by applying and building upon Web technologies such as HTTP, Atom Publishing Protocol (AtomPub) and JSON to provide access to information from a variety of applications, services, and stores. The protocol emerged from experiences implementing AtomPub clients and servers in a variety of products over the past several years. OData is being used to expose and access information from a variety of sources including, but not limited to, relational databases, file systems, content management systems and traditional Web sites.

Previous: WCF Service FAQs Part-2

Next: WCF Service FAQs Part-4

Other WCF and Related Tutorials


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Imran Abdul Ghani
Software Developer (Senior) Emaratech
United Arab Emirates United Arab Emirates
Imran Abdul Ghani has more than 10 years of experience in designing/developing enterprise level applications. He is Microsoft Certified Solution Developer for .NET(MCSD.NET) since 2005. You can reach his blogging at WCF Tutorials, Web Development, SharePoint for Dummies.

You may also be interested in...

Comments and Discussions

-- There are no messages in this forum --
Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170326.1 | Last Updated 8 Oct 2013
Article Copyright 2013 by Imran Abdul Ghani
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid