In datacontract we don't have much control over SOAP messages, only name and order
can be change using datacontract. While MessageContract gives full control over
SOAP messages by providing access to SOAP header and body sections using MessageHeader
and MessageBodyMember attributes. If you want to include additional information in SOAP header
than use SOAP message.
Why do we use Message Contract in WCF
MessageContract gives full control over the SOAP messages. For example, it allows is to
include custom information in the SOAP header.
What kind of custom information?
User credential to invoke the service.
Why do you need to pass user credential in the header? Can't you pass them as method parameters?
We can, but user credentials are periphery to what the method has to do. So, it would make more
sense to pass them out of band in the header, rather than as additional parameters.
Soap messages are in xml format, so anyone can read the credential? How will you protect
sensitive data?
Using MessageContract we can sign and encrypt messages. Use ProtectionLevel named parameter.
can be change using datacontract. While MessageContract gives full control over
SOAP messages by providing access to SOAP header and body sections using MessageHeader
and MessageBodyMember attributes. If you want to include additional information in SOAP header
than use SOAP message.
Why do we use Message Contract in WCF
MessageContract gives full control over the SOAP messages. For example, it allows is to
include custom information in the SOAP header.
What kind of custom information?
User credential to invoke the service.
Why do you need to pass user credential in the header? Can't you pass them as method parameters?
We can, but user credentials are periphery to what the method has to do. So, it would make more
sense to pass them out of band in the header, rather than as additional parameters.
Soap messages are in xml format, so anyone can read the credential? How will you protect
sensitive data?
Using MessageContract we can sign and encrypt messages. Use ProtectionLevel named parameter.
No comments:
Post a Comment