Introducing Windows Communication
Foundation
Chapter 10 to 15
14 August 2018 7:02 AM
Chapter 10
Implementing Reliable Sessions
What is “replay attack” security in WCF
messaging?
 The common security issue in WCF service and client
communication is that a third party intercepts messages
and repeatedly forwards them on to the intended
destination.
 This is known as “replay attack”.
What is meant by Reliable Sessions?
 WCF reliable sessions is an implementation of SOAP
reliable messaging as defined by the WS-Reliable
Messaging protocol. WCF SOAP reliable messaging
provides an end-to-end reliable session between two
endpoints, regardless of the number or type of
intermediaries that separate the messaging endpoints.
What is the difference between reliable
messaging and reliable session?
 Reliable messaging is concerned with ensuring that
messages are delivered exactly once, and a reliable
session provides a context for sending and receiving a
series of reliable messages.
What is the main objectives of reliable
messaging?
 The main objective is to handle the problems of lost
messages, or messages arriving in the wrong order.
 Messages can pass through any number of intermediary
sites on the network to the destination.
 But reliable messaging ensures that all messages sent
from the source will arrive at the destination without
duplication and messages are processed by the
destination in the order in which they were sent.
 Using reliable messaging, the WCF runtime will
guarantee to deliver a message if it can, or it will alert
the sender if it cannot.
What is “keep alive” message from client
to the service in reliable messaging?
 A WCF service can timeout if it doesn’t receive any
messages from a client within the period specified by its
own InactivityTimeout property.
 To prevent this from happening unnecessarily, the WCF
runtime on the client computer periodically sends a
“keep alive” message to the service if the client
application has not sent any messages recently.
What is a sequence number in messages
with WS-ReliableMessaging protocol?
 The WS-ReliableMessaging protocol organizes messages
in a conversation between a client application and a
service by associating them with a unique identifier
known as a sequence number.
 All messages in the same reliable session must share the
same set of identifiers The body of this message contains
a unique identifier generated by the WCF runtime
What are CreateSequence and
CreateSequenceResponse messages with
WS-ReliableMessaging protocol?
 The first message in the protocol is this CreateSequence
message sent by the WCF runtime on the client
computer.
 This message initiates the reliable session.
 And a CreateSequenceResponse message sent back to
the client by the WCF runtime on the service computer
In reliable messaging, how do a Service
acknowledge a client that its message has
been received?
 When the WCF runtime on the server computer receives
this message, it must send an acknowledgment message
back to the client computer so that the client knows it
has been received.
What is LatMessage with WS-
ReliableMessaging protocol?
 The LatMessage is sent by the WCF runtime on the client
computer to indicate that this is the final message in the
sequence .
 This message is sent when the client application starts to
close the session The WCF runtime on the server
computer acknowledges this message and then sends
its own LastMessage message to indicate that it has also
finished.
What is the disadvantage of Reliable
Messaging?
 Reliable sessions can generate a significant amount of
additional network traffic, both in terms of the extra
protocol messages and the increased size of each
message.
What is a nonce in WCF reliable
messaging?
 When we enable replay detection, the WCF runtime
generates a random, unique, signed, time-stamped
identifier for each message. These identifiers are referred
to as nonces.
 Upon receiving a message, a service can use the
signature to verify that the nonce has not been
corrupted and extract and examine the timestamp to
ascertain that the message was sent reasonably
recently.
Chapter 11
Programmatically Controlling the
Configuration and Communications
What is a CannenlListener object?
 A ChannelListener object connects an endpoint to the
transport channel for the channel stack
 The WCF runtime creates a ChannelListener object for
each URI on which the service can accept messages.
What is the purpose an encoding channel?
 The purpose of an encoding channel is to parse the
incoming request message and convert it into a format
that the channels above it in the channel stack can
understand—usually SOAP.
What are Channel Dispatcher and
EndpointDispatcher?
 When an incoming request message reaches the top of
the channel stack, a Channel Dispatcher object takes
the message, examines it, and passes it to an
EndpointDispatcher object that invokes the appropriate
method in the service, passing the data items in the
message as parameters to the method.
What is service behavior scope?
 Behavior scope determines whether a service behavior is
applicable to the entire service, contract, a specific
operation or an endpoint.
Why do you use behavior element
extension class?
 You can also define your own custom behaviors by
defining a corresponding behavior element extension
class.
 A behavior extension element is a class that the WCF
runtime uses to configure a behavior when it starts a
service running and reads the configuration file
What is IDispatchMessageInspector
interface?
 To create a message inspector, you create a class that
implements the IDispatchMessageInspector interface
and insert it into the configuration by defining a
behavior.
Chapter 12
What is One-Way Operation?
 One-Way operation does not return back any data to
client.
 When a client application invokes a one-way operation,
it can continue running without waiting for the service to
complete the operation.
What is Asynchronous Operation?
 The operation that is invoked by a client without process
blocking and client can continue execution further
without operation return.
 When a reply message arrives from the service, a
separate thread in the client application handles the
response.
What are the effects
(restrictions/disadvantages) of one-way
operation?
 It must be void
 It cannot take ref or out parameter
 Client does not know if operation call is successful or not
Chapter 13
Implementing a WCF Service for
Good Performance
What is WCF Service Throttling?
 Service throttling is a feature to help control resource
utilization.
 Using this feature we can ensure that a service does not
exhaust the resources available on the host computer.
Why is Load-balancing required in WCF
service hosting environment?
 Load balancing technique is used to distribute requests
across multiple server.
 Load balancing is required if service hugely using
resources available on the host computer, causing the
system to slow down.
What is MTOM?
 MTOM is an optimization mechanism for sending and
receiving SOAP messages that contain binary data.
 It provides a standardized, interoperable, and efficient
format for transmitting large blocks of binary data.
What is streaming data in WCF Service?
 Streaming allows the client application to start receiving
and processing bytes of data before the service has
transmitted the end of the message.
 If streaming enabled, the service and the client
application does not create large buffers for holding an
entire message.
Name the bindings that support streaming?
 basicHttpBinding
 netTcpBinding
 netNamedPipeBinding
Chapter 14
Discovering Services and Routing
Messages
What is WCF discovery?
 WCF Discovery enables a client application to locate a
service dynamically, based on criteria such as the
contract that the service implements.
What are the two modes supported by
WCF discovery API?
 WCF discovery API supports two modes of discovery:
→ Ad hoc discovery mode
→ Managed discovery mode
What is the difference between ad hoc
and managed modes of discovery?
 In Ad-Hoc mode, there is no centralized server. All
discovery messages such as service announcements
and client requests are sent over the UDP protocol.
 Clients have to actively listen for these announcements
and process them accordingly.
 In Managed mode there is a centralized server called a
discovery proxy that maintains information about
available services.
 Clients use the discovery proxy to retrieve information
about available services.
What are Probe message and ProbeMatch
message in service discovery?
 In WCF Discovery, when a client application wishes to
connect to a service, it broadcasts a Probe message
containing information about the service.
 When the service receives a Probe request, it can
examine its contents, and if the probe matches the
contract implemented by the service, it can respond to
the client with a ProbeMatch message.
 The ProbeMatch message contains the service
addressing information.
What is udpDiscoveryEndpoint?
 WCF provides a preconfigured discovery endpoint to
the service called udpDiscoveryEndpoint.
 The udpDiscoveryEndpoint endpoint has a fixed
contract, a fixed HTTP binding, and a default address.
What is discovery announcement?
 The WCF discovery feature enables services to
announce their availability.
 If configured to do so, a service broadcasts
announcements when it starts and shuts down.
 Clients can listen for such announcement messages and
act on them.
What is a discovery proxy?
 A discovery proxy is a standalone service that contains a
repository of services.
 Clients can query a discovery proxy to find discoverable
services that the proxy is aware of.
What is a RoutingService?
 A routing service is intermediary service between
services and client.
 A routing service routes messages based on message
content, which allows a message to be forwarded to a
client endpoint based on a value within the message
itself, in either the header or the message body.
Chapter 15
What is claim in authentication?
 A claim in the world of authentication and authorization
can be defined as a statement about an entity, typically
a user.
What is claim-based security?
 Claims-based identity is a common way for applications
to acquire the identity information they need about
users.

Discovering Services and Routing

Messages
What are two common architectures of
implementing Web Services?
 Simple Object Access Protocol (SOAP)
 Representational State Transfer (REST)
What is REST?
 REST stands for REpresentational State Transfer
 It is a simple stateless architecture that generally runs
over HTTP.
 The REST architectural style of developing Web services
as an alternative to other distributed-computing
specifications such as SOAP.
 The basic idea of REST is treating objects on the server-
side as resources than can be created or destroyed.
What is the difference between WebGet
and WebInvoke attributes?
 In a WCF REST Web service, you mark operations that
respond to HTTP GET requests with the WebGet attribute.
 To support HTTP POST, PUT, and DELETE requests, WCF
supplies the WebInvoke attribute
Chapter 16
Using a Callback Contract to Publish
and Subscribe to Events
What is difference between client/server
and peer-to-peer model of processing?
 In client/server model, a server provides a service that
waits passively for a request from a client application,
handles that request, and then optionally sends a
response back to the client application
 The client application is the active participant, making
requests and effectively determining when the service
should perform its work.
 In the peer-to-peer scenario, there are no passive
services. All applications are autonomous clients that
can communicate with each other.
What is client callback?
 A callback contract defines operations that a service
can invoke in a client application
What is callback contract?
 A callback contract is very similar to a service contract
in the respect that it is an interface or class that contains
operations marked with the OperationContract attribute
but you do not decorate it with the ServiceContract
attribute.
Chapter 17
Managing Identity with Windows
CardSpace
What is windows CardSpace?
 Windows CardSpace is an identity technology
incorporated into Windows Vista and Windows 7.
 CardSpace is used to create digital identities for users
that could be requested and accessed by websites or
other software applications.