WCF学习系列三--【WCF Interview Questions – Part 3 翻译系列】

http://www.topwcftutorials.net/2012/10/wcf-faqs-part3.html

WCF Interview Questions – Part 3

This WCF tutorial is part-3 in series of WCF Interview Questions and Answers. Other parts in this series are as follows:

这是ＷＣＦ问答系列教程中的第三部分，其他部分在下面：

1. WCF Service Interview Questions – Part 1
2. WCF Service Interview Questions – Part 2
3. WCF Service Interview Questions – Part 3
4. WCF Service Interview Questions – Part 4

WCF Interview Questions List – Part 3【ＷＣＦ问答系列教程三】

1. What is a fault contract?【错误的契约是？】
2. A user has a service with a one-way operation that includes a fault contract, and he gets an exception when he tries to host the service. Why?【一个用户有一个单向操作的服务，这个服务包含一个错误的契约，当他想要去托管这个服务的时候，返回了一个异常，为什么？】
3. What are the core security concepts supported by WCF?【WCF支持的核心安全概念是什么?】
4. Difference between Message Level security and Transport Level security?【消息级安全性和传输层安全的区别?】
5. Can you please explain which security mode supported by various WCF bindings?【你能够解释，哪种安全模式可以被不同的WCF绑定支持么？】
6. Difference between BasicHttpBinding and WsHttpBinding w.r.t Security?【BasicHttpBinding和WsHttpBinding w.r.t Security 的区别】
7. Please explain about authorization options supported in WCF?【请解释一下WCF中的授权功能】
8. What is Reliable Messaging in WCF?【WCF中可靠的消息传递是什么？】
9. What are Reliable Sessions in WCF?【WCF中可靠的Session机制是什么？】
10. Briefly explain WCF RESTfull services?【简单的解释一下WCF RESTfull 服务】
11. Explain the differences between SOAP and REST approaches w.r.t common CRUD operations?【解释一下SOAP 和REST增删查改功能之间的不同？】
12. Briefly explain WCF Data Services?【简要的解释一下WCF数据服务】
13. WCF Data Services Vs ASP.NET Web API OData?【WCF数据服务和ASP.NET Web API OData对比】

What is a fault contract?【错误的契约是？】

Normally, by default, when some exception occurs at a WCF service level, it will not expose as it is to client. Reason is that WCF exception is a CLR exception and it doesn’t make sense to expose it outside CLR because it contains internal details of service code like stack trace. So, WCF handles and returns error details to client using Fault Contract.“So, fault contract is a contract that contains the details of possible exception(s) that might occur in a service code.”

通常，在默认情况下，WCF服务层有异常发生的时候，不会在客户端显示异常，原因是，WCF异常是CLR异常（这个异常信息包含了类似堆栈的服务代码），没有必要暴露在CLR之外。因此WCF处理并返回给客户端的错误详细是错误契约."所以，错误契约是一个在服务层中包含可能的异常详细信息的契约。"

 [ServiceContract]
 public interface IService1
 {
        [OperationContract]
        [FaultContract(typeof(MyFaultDetails))]
        int MyOperation1();
 }

 [DataContract]
  public class MyFaultDetails
  {
        [DataMember]
        public string ErrorDetails { get; set; }
  }

In implementing service…..

  public int MyOperation1()
  {
       Try{               //Do something……       }catch()
       {
                  MyFaultDetails ex = new MyFaultDetails();
                  ex.ErrorDetails = “Specific error details here.“;
                  throw new FaultException(ex,“Reason: Testing…..“);
       }
  }

For understanding detailed difference between .NET Exception and WCF Fault, Click here.

想要了解更多.NET异常和WCF Fault的详细区别，请点击这里。

A user has a service with a one-way operation that includes a fault contract, and he gets an exception when he tries to host the service. Why?

【一个用户有一个单向操作的服务，这个服务包含一个错误的契约，当他想要去托管这个服务的时候，返回了一个异常，为什么？】

This is true, because, to return faults, the service requires some form of a two-way communication channel, which is not there with one-way operations.
这是正确的，因为，要返回错误契约，服务需要Two-Ways通信渠道，而不是one-Way操作。

What are the core security concepts supported by WCF?【WCF支持的核心安全概念是什么?】

There are four core security Features

这里有4个核心的安全特性

• Confidentiality: It’s a confirmation about the recipient. Only the valid recipient can read the message when it passed between service and client.

       保密性：这是一个关于接受信息一方的确认。只有合法的接受信息一方，才可以读取服务端和客户端的传递过来的信息。

• Integrity: is to ensure that message received is not being tempered or changed during exchange.

        完整性：确保接收到的信息，在交换过程中，不会被回传或者被改变。

• Authentication: is a way for the parties (sender and receiver) to identify each other.

       身份验证：识别双方（消息发送方和接收方）鉴别批次的方式。

• Authorization: ensures that what actions an authenticated user can perform?

       授权：确保通过验证的用户可以执行授权的方法。

Difference between Message Level security and Transport Level security?【消息级安全性和传输层安全的区别?】

Security can be configured at two different levels in Windows Communication Foundation:

在WCF中安全可以在两个不同的级别上配置。

1. Transport Level Security【传输层的安全】
   secures the transport (the pipe) over which the message passes through from client to a service. 【保证运输管道上的消息从客户端传递到服务端。】
   
2. Message Level Security【消息级的安全】
   secures the message that is being transported from one end to another.【保证消息从一个地方传递到另一个地方。】

WCF Supports following Transfer Security Modes:【WCF支持下面的消息安全模式】

• None – No security at all. Very risky to choose.

        无--不安全，非常冒险的选择。

• Transport – Securing message transfer with transport protocol like TCP, IPs, HTTPs, MSMQ.  It’s Ideal for Intranet scenarios having point to point communication.

        传输--使用传输协议例如：TCP，IPs,HTTPS,MSMQ(消息队列).这是内部网络理想的点对点通信的方式。

• Message – Securing message by encrypting it. Good for scenarios even when multiple intermediaries involved.

        消息--加密消息来确保消息安全。当有多个中间组件的时候，是很适用这种场景的。

• Mixed – TransportWithMessageCredential uses transport for message privacy and service authentication with client authentication handled at message level.

        混合--在客户端和服务端使用验证，并使用TransportWithMessageCredential来传输，确保隐私信息泄露。

• Both -Using both Message as well as transport security. In this case a secured encrypted message travel over a secure transport (pipe) only supported by MSMQ Binding.

        双向--同时使用消息安全和传输安全。在这种场合下，例如：一个仅仅支持MSMQ的，被安全加密的消息，在安全的传输通道里传输。

<wsHttpBinding>
       <binding name=”SecurityModeDemo”>
                    <security mode=”[None|Transport|Message|….]”/>
       </binding>
</wsHttpBinding>

Details comparison of both Security Levels are given in other post Transport Level Security Vs Message Level Security.【详细的比较两种安全的级别的文章在这里。Transport Level Security Vs Message Level Security.】

Can you please explain which security mode supported by various WCF Bindings?【你能够解释，哪种安全模式可以被不同的WCF绑定支持么？】

Following table illustrates in details about support for security mode in Windows Communication Foundation for various WCF Bindings.【下面表格所列出来的都是WCF中，对于不同的绑定所支持的安全模式。】

WCF Binding	None	Transport	Message	Mixed	Both
BasicHttpBinding	Default	Yes	Yes	Yes	No
WSHttpBinding	Yes	Yes	Default	Yes	No
WSDualHttpBinding	Yes	No	Default	Yes	No
NetTcpBinding	Yes	Default	Yes	Yes	No
NetNamedPipeBinding	Yes	Default	No	No	No
NetMsmqBinding	Yes	Default	Yes	No	Yes

Difference between BasicHttpBinding and WsHttpBinding w.r.t Security?【BasicHttpBinding和WsHttpBinding w.r.t Security 的区别】

WsHttpBinding supports advanced WS-* specification, it has a lot more security options available. For example, It provides message-level security i.e. message is not sent in plain text. Also it supports for WS-Trust and WS-Secure conversation.
While in case of BasicHttpBinding, it has fewer security options, or we can say, there is no security provided, by default. At transport level, it can provide confidentiality through SSL.

WsHttpBinding 支持高级的WS-*规范，它有更多的安全选项可供选择。例如：WsHttpBinding 提供了消息级别的安全。消息不是以纯文本发送的。同样WsHttpBinding 还支持WS-Trust和WS-Secure会话。然而，对于BasicHttpBinding来说，BasicHttpBinding只有很少的安全选项可供选择，或者我们可以说，它是没有安全机制提供的，默认情况下，在传输级别上，BasicHttpBinding可以通过SSL（abbr. 加密套接字协议层（一种加密的通讯协定，用在使用者与网服器之间，Security Socket Layer））来提供加密。

Following is detailed comparison of both WCF bindings:【下面是两者详细的比较：】

Please follow differences between BasicHttpBinding and WsHttpBinding for more detailed.【点击这里，了解更多它们之间的不同， differences between BasicHttpBinding and WsHttpBinding 】

Please explain about authorization options supported in WCF?【请解释一下WCF中的授权功能】

Authorization as a core feature of security in WCF supports different authorization types.

【授权作为WCF中一个关键的安全特性，有一下几种授权类型：】

• Role-based authorization is the most common authorization approach being used. In this approach, authenticated user has assigned roles and system checks and verifies that either a specific assigned role can perform the operation requested.

      基于角色的授权，是最普遍使用的授权方法。在这个方法中，通过身份验证的用户，被分配了系统的角色和检查，来验证有这个角色的用户可以执行这个方法。

• Identity-based authorization approach basically provides support for identity model feature which is considered to be an extension to role-based authorization option. In this approach, service verifies client claims against authorization policies and accordingly grant or deny access to operation or resource.
  For more details on Authorization with Identity Model, please follow here.

        基于身份的授权方法，基本上支持身份模型功能,被认为是一个基于角色的扩展授权选项。在这个方法中，服务端庁客户端授权策略，授予或者拒绝用户操作或者访问资源。

      想了解更多的身份授权模型，请看这里。follow here.

• Resource-based authorization approach is a bit different because it’s applied on individual resources and secure those using windows access control lists (ACLs).

        基于资源的授权方法有点不同，因为他是应用在个人的资源上的，通过使用Windows访问控制列表（ (ACLs).）来确保安全。

What is Reliable Messaging in WCF?【WCF中可靠的消息传递是什么？】

We know that networks are not perfect enough and those might drop signals or in some scenarios there can be a possibility of wrong order of messages during message exchange.

我们知道网络并不是很完美，在消息交换的时候，可能又下降信号，或者在某种场合下，消息的次序还会乱了。
WCF allows us to ensure the reliability of messaging by implementing WS-ReliableMessaging protocol.  Here is how you can configure reliable messaging in WCF.

WCF允许我们使用 WS-ReliableMessaging协议来确保可靠的消息传输。下面的例子就是如何在WCF中配置ReliableMessaging协议。

  <wsHttpBinding>
    <binding name=”Binding1″>
                  <reliableSession
                                         enabled=”true”
                                        ordered=”true”
                                        inactivityTimeout=”00:02:00″ />
     </binding>
  </wsHttpBinding>

What are Reliable Sessions in WCF?【WCF中可靠的Session机制是什么？】

Reliable sessions actually ensure that the caller for messages will know about the lost message(s) but it can’t guarantee about the delivery of message(s).

可靠的Session机制，能够确保消息的调用方，知道这个丢失的消息，但是不能保证得到的消息是不是有丢失。
There is a misconception about reliable sessions that it ensures the session will never expire or stays for a very long time. This we can achieve by using timeout for sessions.

这里有一种关于可靠会话的误解，也就是它保证了会话永远不会过期，或者停留很长时间，我们可以使用会话超时来得到。

Briefly explain WCF RESTfull services?【简单的解释一下WCF RESTfull 服务】

RESTful services are those which follow the REST (Representational State Transfer) architectural style. As we know that WCF allows us to make calls and exchange messages using SOAP over a variety of protocols i.e. HTTP, TCP, NamedPipes and MSMQ etc. In a scenario, if we are using SOAP over HTTP, we are just utilizing HTTP as a transport. But Http is much more than just a transport. So When we talk about REST architectural style, it dictates that:

RESTful services 就是这些遵循REST（Representational State Transfer--具象状态传输）架构风格的服务。我们都知道，WCF允许大家，使用SOAP通过各种协议：例如HTTP，TCP，NamedPipes and MSMQ 等来调用消息和交换消息。有这样一种场景，我们在HTTP上使用SOAP，我们仅仅是把HTTP作为一个协议来使用，但是HTTP不仅仅是一个协议那么简单，所以，当我们谈论REST架构风格的时候，也就表明：

Instead of using complex mechanisms like CORBA, RPC or SOAP for communication, simply HTTP should be used for making calls【代替而不是使用复杂的机制，（例如CORBA，RPC或者SOAP）来通信，应该使用简单的HTTP。】

RESTful architecture uses HTTP for all CRUD operations like (Read/CREATE/Update/Delete) using simple HTTP verbs like (GET, POST, PUT, and DELETE). It’s simple as well as lightweight.

RESTfil架构使用HTTP来做曾删查改，使用HTTP动词（Get,PSOT,PUT,Delete）,它简单，轻量。

For a practical example, you can follow 5 simple steps to create your first RESTful service.
【想要更详细动手操作的例子，你可以看这篇文章， 5 simple steps to create your first RESTful service.】

Explain the differences between SOAP and REST approaches w.r.t common CRUD operations?【解释一下SOAP 和REST增删查改功能之间的不同？】

For common CRUD(Create, Retrieve, Update, Delete) operations, both SOAP and REST approaches are different as follows:

CRUD Operation	RESTful approach	SOAP approach
Get Product By Id	/product.svc/{id} (using GET HTTP Method)	GetProduct(string id)
Get All Products	/product.svc       (using GET HTTP Method)	GetProducts()
Create Product	/product.svc/{id}  (using PUT HTTP Method)	CreateProduct(string id, string name)
Update Product	/product.svc/{id}  (using PUT HTTP Method)	UpdateProduct(string id)
Delete Product	/product.svc/{id}  (using DELETE HTTP Method)	DeleteProduct(string id)

Briefly explain WCF Data Services?【简要的解释一下WCF数据服务】

WCF Data services previously known as ADO.NET data services are basically based on OData (Open Data Protocol) standard which is a REST (Representational State Transfer) protocol.

WCF数据服务，叫做ADO.NET数据服务，ADO.NET数据服务是基于OData(开发数据协议)标准的，它是一个REST协议。

You can follow here to understand and create your first WCF Data Service by using a step by step approach.

你可以点击这里，来一步一步，理解并创建你的第一个WCF数据服务。 WCF Data Service

According to http://www.odata.org/

The Open Data Protocol (OData) is a Web protocol for querying and updating data that provides a way to unlock your data and free it from silos that exist in applications today. OData does this by applying and building upon Web technologies such as HTTP, Atom Publishing Protocol (AtomPub) and JSON to provide access to information from a variety of applications, services, and stores. The protocol emerged from experiences implementing AtomPub clients and servers in a variety of products over the past several years.  OData is being used to expose and access information from a variety of sources including, but not limited to, relational databases, file systems, content management systems and traditional Web sites.Next part in this WCF Tutorial series is focused on Interview Questions regarding Service-Oriented Architecture and Transactions.

WCF Data Services Vs ASP.NET Web API OData?【WCF数据服务和ASP.NET Web API OData对比】

WCF Data Services	ASP.NET Web API OData
Not truly Extensible.	Truly Extensible.
Although it’s called WCF Data Services but it doesn’t required WCF Knowledge. Any HTTP Client (including PHP, JAVA, AJAX, WCF etc.) can consume WCF Data Services.	Web API OData is added later to ASP.NET Web API and it’s basically a REST-based data access protocol.
Supports all OData Operations.	Not all OData Operations supported so far.
A bit complicated when using with non-LINQ provider data.	Easier Programming Model.
Thorough and Complete implementation according to lastest OData Specification.	As compared with data services, Web API OData gives better control over data sources.
We can expose whole data store with minimum logic.	As it’s extensible, so it supports mixing OData with non-OData Services.

Previous: WCF Service FAQs Part-2                                    Next: WCF Service FAQs Part-4