WCF Interview Questions – Part 3

 

What is a fault contract?

Normally, by default, when some exception occurs at a WCF service level, it will not expose as it is to client. Reason is that WCF exception is a CLR exception and it doesn’t make sense to expose it outside CLR because it contains internal details of service code like stack trace. So, WCF handles and returns error details to client using Fault Contract.“So, fault contract is a contract that contains the details of possible exception(s) that might occur in a service code.”

 [ServiceContract]
 public interface IService1
 {
        [OperationContract]
        [FaultContract(typeof(MyFaultDetails))]
        int MyOperation1();
 }

 [DataContract]
  public class MyFaultDetails
  {
        [DataMember]
        public string ErrorDetails { get; set; }
  }

In implementing service…..

  public int MyOperation1()
  {
       Try{               //Do something……       }catch()
       {
                  MyFaultDetails ex = new MyFaultDetails();
                  ex.ErrorDetails = “Specific error details here.“;
                  throw new FaultException(ex,“Reason: Testing…..“);
       }
  }

For understanding detailed difference between .NET Exception and WCF Fault,

A user has a service with a one-way operation that includes a fault contract, and he gets an exception when he tries to host the service. Why?

This is true, because, to return faults, the service requires some form of a two-way communication channel, which is not there with one-way operations.

What are the core security concepts supported by WCF?

There are four core security Features

• Confidentiality: It’s a confirmation about the recipient. Only the valid recipient can read the message when it passed between service and client.
• Integrity: is to ensure that message received is not being tempered or changed during exchange.
• Authentication: is a way for the parties (sender and receiver) to identify each other.
• Authorization: ensures that what actions an authenticated user can perform?

Difference between Message Level security and Transport Level security?

Security can be configured at two different levels in Windows Communication Foundation:

1. Transport Level Security
   secures the transport (the pipe) over which the message passes through from client to a service. 
   
2. Message Level Security
   secures the message that is being transported from one end to another.

WCF Supports following Transfer Security Modes:

• None – No security at all. Very risky to choose.
• Transport – Securing message transfer with transport protocol like TCP, IPs, HTTPs, MSMQ.  It’s Ideal for Intranet scenarios having point to point communication.
• Message – Securing message by encrypting it. Good for scenarios even when multiple intermediaries involved.
• Mixed – TransportWithMessageCredential uses transport for message privacy and service authentication with client authentication handled at message level.
• Both -Using both Message as well as transport security. In this case a secured encrypted message travel over a secure transport (pipe) only supported by MSMQ Binding.

<wsHttpBinding>
       <binding name=”SecurityModeDemo”>
                    <security mode=”[None|Transport|Message|….]”/>
       </binding> </wsHttpBinding>

Can you please explain which security mode supported by various WCF Bindings?

Following table illustrates in details about support for security mode in Windows Communication Foundation for various WCF Bindings.

WCF Binding	None	Transport	Message	Mixed	Both
BasicHttpBinding	Default	Yes	Yes	Yes	No
WSHttpBinding	Yes	Yes	Default	Yes	No
WSDualHttpBinding	Yes	No	Default	Yes	No
NetTcpBinding	Yes	Default	Yes	Yes	No
NetNamedPipeBinding	Yes	Default	No	No	No
NetMsmqBinding	Yes	Default	Yes	No	Yes

Difference between BasicHttpBinding and WsHttpBinding w.r.t Security?

WsHttpBinding supports advanced WS-* specification, it has a lot more security options available. For example, It provides message-level security i.e. message is not sent in plain text. Also it supports for WS-Trust and WS-Secure conversation.
While in case of BasicHttpBinding, it has fewer security options, or we can say, there is no security provided, by default. At transport level, it can provide confidentiality through SSL.
Following is detailed comparison of both WCF bindings:

Please explain about authorization options supported in WCF?

Authorization as a core feature of security in WCF supports different authorization types.

• Role-based authorization is the most common authorization approach being used. In this approach, authenticated user has assigned roles and system checks and verifies that either a specific assigned role can perform the operation requested.
• Identity-based authorization approach basically provides support for identity model feature which is considered to be an extension to role-based authorization option. In this approach, service verifies client claims against authorization policies and accordingly grant or deny access to operation or resource.
  For more details on Authorization with Identity Model, .
• Resource-based authorization approach is a bit different because it’s applied on individual resources and secure those using windows access control lists (ACLs).

What is Reliable Messaging in WCF?

We know that networks are not perfect enough and those might drop signals or in some scenarios there can be a possibility of wrong order of messages during message exchange.
WCF allows us to ensure the reliability of messaging by implementing WS-ReliableMessaging protocol.  Here is how you can configure reliable messaging in WCF.

  <wsHttpBinding>
    <binding name=”Binding1″>
                  <reliableSession
                                         enabled=”true”
                                        ordered=”true”
                                        inactivityTimeout=”00:02:00″ />
     </binding>
  </wsHttpBinding>

What are Reliable Sessions in WCF?

Reliable sessions actually ensure that the caller for messages will know about the lost message(s) but it can’t guarantee about the delivery of message(s).
There is a misconception about reliable sessions that it ensures the session will never expire or stays for a very long time. This we can achieve by using timeout for sessions.

Briefly explain WCF RESTfull services?

RESTful services are those which follow the REST (Representational State Transfer) architectural style. As we know that WCF allows us to make calls and exchange messages using SOAP over a variety of protocols i.e. HTTP, TCP, NamedPipes and MSMQ etc. In a scenario, if we are using SOAP over HTTP, we are just utilizing HTTP as a transport. But Http is much more than just a transport. So When we talk about REST architectural style, it dictates that:

Instead of using complex mechanisms like CORBA, RPC or SOAP for communication, simply HTTP should be used for making calls

RESTful architecture uses HTTP for all CRUD operations like (Read/CREATE/Update/Delete) using simple HTTP verbs like (GET, POST, PUT, and DELETE). It’s simple as well as lightweight.

Explain the differences between SOAP and REST approaches w.r.t common CRUD operations?

For common CRUD(Create, Retrieve, Update, Delete) operations, both SOAP and REST approaches are different as follows:

CRUD Operation	RESTful approach	SOAP approach
Get Product By Id	/product.svc/{id} (using GET HTTP Method)	GetProduct(string id)
Get All Products	/product.svc       (using GET HTTP Method)	GetProducts()
Create Product	/product.svc/{id}  (using PUT HTTP Method)	CreateProduct(string id, string name)
Update Product	/product.svc/{id}  (using PUT HTTP Method)	UpdateProduct(string id)
Delete Product	/product.svc/{id}  (using DELETE HTTP Method)	DeleteProduct(string id)

Briefly explain WCF Data Services?

WCF Data services previously known as ADO.NET data services are basically based on OData (Open Data Protocol) standard which is a REST (Representational State Transfer) protocol.

The Open Data Protocol (OData) is a Web protocol for querying and updating data that provides a way to unlock your data and free it from silos that exist in applications today. OData does this by applying and building upon Web technologies such as HTTP, Atom Publishing Protocol (AtomPub) and JSON to provide access to information from a variety of applications, services, and stores. The protocol emerged from experiences implementing AtomPub clients and servers in a variety of products over the past several years.  OData is being used to expose and access information from a variety of sources including, but not limited to, relational databases, file systems, content management systems and traditional Web sites.Next part in this WCF Tutorial series is focused on Interview Questions regarding Service-Oriented Architecture and Transactions.

WCF Data Services Vs ASP.NET Web API OData?

WCF Data Services	ASP.NET Web API OData
Not truly Extensible.	Truly Extensible.
Although it’s called WCF Data Services but it doesn’t required WCF Knowledge. Any HTTP Client (including PHP, JAVA, AJAX, WCF etc.) can consume WCF Data Services.	Web API OData is added later to ASP.NET Web API and it’s basically a REST-based data access protocol.
Supports all OData Operations.	Not all OData Operations supported so far.
A bit complicated when using with non-LINQ provider data.	Easier Programming Model.
Thorough and Complete implementation according to lastest OData Specification.	As compared with data services, Web API OData gives better control over data sources.
We can expose whole data store with minimum logic.	As it’s extensible, so it supports mixing OData with non-OData Services.

 

 

What is SOA (Service Oriented Architecture) and how WCF supports it?

SOA is basically an architectural model that dictates few principles for building business applications in the form of independent, loosely coupled and interoperable services. These services are well defined, self-contained and can work together to achieve certain business functionality without depending on context or state of other services.
WCF supports almost all those principles dictated by Service Oriented Architecture for developing services; those are independent, loosely coupled and interoperable also. Please visit for detailed discussion on WCF and SOA.

What is ESB in SOA environment?

In Service Oriented Architecture environment, ESB (Enterprise Service Bus) acts as a single interface for all messaging between applications and services in a loosely coupled manner. ESB is capable to call and subscribe different service provider’s methods and subscriptions respectively.

What is Transaction Propagation? And how WCF support it?

Transaction propagation is the ability to propagate transaction across the boundaries of a single service. Or in other words, we can say that a service can participate in a transaction that is initiated by a client.
In a SOA environment, transaction propagation becomes a key requirement. As we know that WCF supports SOA, so it provides support for transaction propagation as well.
To enable transaction propagation, we need to set the value of TransactionFlow property of the binding being used. This can be done programmatically as follows:

  WSHttpBinding bindingBeingUsed = new WSHttpBinding();
  bindingBeingUsed.TransactionFlow = “true”;

 Or It can be done declaratively by updating configuration file as follows:

  <bindings>
      <wsHttpBinding>
               <binding name=”binding1”
                                   transactionFlow=”true” />
       </wsHttpBinding>
   </bindings>

Default value for TransactionFlow property is “False”.

Does all WCF bindings support for Transaction Propagation?

No. Not all WCF bindings support transaction propagation. Only following list of bindings support for it.

• wsHttpBinding
• netTcpBinding
• netNamedPipeBinding
• wsDualHttpBinding
• wsFederationHttpBinding

What are the various Transaction Flow Options available in WCF?

If a service is configured for Transaction Propagation, WCF further supports various options for service methods to be part of any transaction initiated outside service boundaries.

• NotAllowed Transaction Propagation is not allowed for particular service method. Its default value.
• Allowed Transaction Propagation is allowed but not compulsory.
• Mandatory Transaction Propagation is compulsory for that service method.

For example, Transaction Propagation is mandatory for CreditAccount service method in following code snippet.

   [ServiceContract]
   interface IPaymentService
   {
              [OperationContract]
              [TransactionFlow(TransactionFlowOption.Mandatory)]
              void CreditAccount(….);
   }

What is two-phase committed protocol?

In a distributed transaction scenario, two-phase committed protocol is an algorithm that ensures all the participating processes in a distributed transaction are ready to be committed or roll backed.

This is done in two phases:

1. Prepare Phase
2. Commit phase

What is the role of transaction manager in WCF?

Transaction manager while sitting on client side, initiate the transaction and coordinates with all the processes that participate in a distributed transaction to commit or roll back.

What are the supported transaction types in WCF?

Supported transaction types in WCF are:

• Light Weight
• OLE Transactions
• WS-Atomic Transactions

How to enable the Performance Counters in WCF?

Simple way to enable Performance Counters supported by WCF is as follows:

  <system.serviceModel>
                 <diagnostics performanceCounters = “All” /> </system.serviceModel>

Above configuration setting will enable all categories of counters including ServiceModelService, ServiceModelEndpoint and ServiceModelOperation. Default value for it is “Off”.