WCF – WSDL or pre-compiled Proxy

wcf

this is B2B scenario, one client (at least for now).

Server environment:
WCF service, IIS6, .NET v3.5

Client environment:
dev shop is .NET 2.0/VS2005. Will be calling my WCF service.

Question: should i
(a) open WSDL gen for the client(not desirable for security reasons)
(b) send a WSDL file(s) to the client
(c) pre-compile Proxy into dll (on my side) and send it to the client
(d) ???
?

Any suggestions on what would be the best practice for this scenario, any pros/cons?

Thanks in advance,
Igor

Best Answer

Why is a publicly available WSDL not desirable for security reasons?

I may be willing to admit that publishing an API (which is basically what you are doing with WSDL) makes you a bit more vulnerable than if you didn't, but it would be wrong to assume that hiding the WSDL constitutes any kind of security. This is ironically called security by obscurity, and it will be broken by any determined attacker.

The web service should be secure in itself. WCF offers many security features, but that is perpendicular to your question.

I'd prefer publishing the WSDL. If you don't want to do that, or if there is a policy in place that says that you can't do that, then send the WSDL to the client team so they can use it as they wish.

Precompiling the proxy will only enforce your coding conventions on the client team, and they may not appreciate that - for example, I often prefer my proxies to be generated with the /i switch that makes the generated classes internal. I also like to be able to specify the .NET namespaces so that they fit the rest of my code. That would not be possible if I got a precompiled assembly (I would be able to use it anyway, but it would just annoy me).

Related Solutions

Wcf – How to set an HTTP Proxy (WebProxy) on a WCF client-side Service proxy

It makes sense that there is no Proxy property on the WCF proxy, because not all WCF proxies use HTTP for communication. After further review, I found that it is possible to set the proxy in WCF programmatically, if the WCF proxy uses an HTTP binding. I am documenting it here in case someone else needs it. To set the HTTP Proxy in code for a WCF client, do this:

// instantiate a proxy for the service
var svc= new ServiceClient();
// get the HTTP binding
var b = svc.Endpoint.Binding as System.ServiceModel.BasicHttpBinding;
b.ProxyAddress = new Uri("http://127.0.0.1:8888");
b.BypassProxyOnLocal = false;
b.UseDefaultWebProxy = false;

And to set the endpoint address - where to reach the server - in code, you would do something like this:

var e = svc.Endpoint;
e.Address = new System.ServiceModel.EndpointAddress(
    "http://remoteserver:5555/WcfXmlElement");

Wcf Extract wsdl from WCF Service with Flattened WSDL

Yes, you should still be able to use svcutil to extract the WSDL from your service, even if you have an extension installed that will flatten the WSDL.

To download the metadata document(s) from your running service, use this command:

svcutil /t:metadata http://service/metadataEndpoint

You need to point your URL to the metadata endpoint defined in your config, e.g. the endpoint that's defined to use "mexHttpBinding" or "mexTcpBinding" and the "IMetadataExchange" contract.

If you don't have any metadata exchange endpoints defined, you won't be able to retrieve that information, obviously.

Best Answer

Related Solutions

Wcf – How to set an HTTP Proxy (WebProxy) on a WCF client-side Service proxy

Wcf Extract wsdl from WCF Service with Flattened WSDL

Related Topic