Part of the process involved in writing a custom MessageEncoder is hooking your encoder up to a binding stack. This is accomplished using a subclass of MessageEncodingBindingElement. The way our build process works is that we will take the first BindingElement within a Binding, and call [Can]CreateChannel[Factory|Listener]() on it. By default, these 4 calls will simply delegate to the BindingElement “below” them in the stack.

This default behavior is not exactly what you want in your MessageEncodingBindingElement. While most binding elements add an item to the channel stack, Message Encoders are an “adjunct” binding element. That is, they provide parameters to other binding elements (in this case the transport). The way that parameters are provided to other parts of the build process is through BindingParameters. For example, a MessageEncodingBindingElement can add itself to the BindingParameters collection:

context.BindingParameters.Add(this);

And later the TransportBindingElement can fish out the encoder when it is building the relevant factory/listener:

Collection<MessageEncodingBindingElement>messageEncoderBindingElements
= context.BindingParameters.FindAll<MessageEncodingBindingElement>();

Unfortunately, the base MessageEncodingBindingElement does not take care of adding itself to the BindingParameters collection in its default [Can]Build methods. Therefore, every subclass needs to add the following four boilerplate overrides. Furthermore, it will be a breaking change to fix this in V2, so it’s unclear if we will be able to fix this in the next release 🙁

public override IChannelFactory<TChannel> BuildChannelFactory<TChannel>(BindingContext context)
{
  if (context == null)
  {
    throw new ArgumentNullException("context");
  }

  context.BindingParameters.Add(this);
  return context.BuildInnerChannelFactory<TChannel>();
}

public override IChannelListener<TChannel> BuildChannelListener<TChannel>(BindingContext context)
{
  if (context == null)
  {
    throw new ArgumentNullException("context");
  }

  context.BindingParameters.Add(this);
  return context.BuildInnerChannelListener<TChannel>();
}

public override bool CanBuildChannelFactory<TChannel>(BindingContext context)
{
  if (context == null)
  {
    throw new ArgumentNullException("context");
  }

  context.BindingParameters.Add(this);
  return context.CanBuildInnerChannelFactory<TChannel>();
}

public override bool CanBuildChannelListener<TChannel>(BindingContext context)
{
  if (context == null)
  {
    throw new ArgumentNullException("context");
  }

  context.BindingParameters.Add(this);
  return context.CanBuildInnerChannelListener<TChannel>();
}


When writing a custom binding element, you will notice two constructors on the abstract base class:

protected BindingElement()
protected BindingElement(BindingElement elementToBeCloned)

The usage of the first (default) constructor is straightforward. The second one, which takes a BindingElement is a little more subtle. Its purpose is to facilitate proper implementations of BindingElement.Clone(). The recommended pattern is that all non-sealed binding elements expose such a protected ctor, and then call that ctor from their Clone() method. This allows subclasses of your binding element to be able to implement Clone in a chained manner (since you can’t just call base.Clone()). In other words, if I was writing a FooBindingElement, my Clone() method would leverage this constructor as follows:

protected override BindingElement Clone()
{
  return new FooBindingElement(this);
}

If you then set a breakpoint on your Clone() method, you will see it called a bunch of times when you open a Client or Service. The reasons behind this have to do with the tension between the assurances we can (or cannot make) about side-effects of certain methods and needing to ensure the integrity of the original configured binding. Reading back over that last sentence, it probably sounds a bit obtuse. I’ll try and clarify/go into more details around our CanBuild, Build and GetPropery processes (prime users of Clone) in a future post.

When using channels, eventually the time comes to say goodbye. You are not going to send any more messages, and you want to close down as gracefully as possible. So you call channel.Close. If it throws, your application goes down since you didn’t add a try/catch clause and you are S.O.L. Maybe you’ve written a chatty peer to peer application and you get a message such as:

System.ServiceModel.ProtocolException: The channel received an unexpected input message with Action ‘my action’ while closing. You should only close your channel when you are not expecting any more input messages.

Or perhaps your channel faulted due to network inactivity or some other transient error. The bottom line is that there are a number of situations where an exception from channel.Close is expected and should be handled gracefully. In these cases, the expected exceptions from close could be subclasses of CommunicationException and TimeoutException. So a more robust call to Close() would look like:
try
{
   Console.WriteLine(wcfClient.Add(4, 6));
   channel.Close();
}
catch (TimeoutException timeout)
{
   // Handle the timeout exception
   channel.Abort();
}
catch (CommunicationException communicationException)
{
   // Handle the communication exception
   channel.Abort();
}

One last note: just because some of our CommunicationObjects are marked as IDisposable, doesn’t mean that you should jump on the using() statement with them. Please read about the issues involved with using and Communication Objects first.

I got a question the other day about what data goes on the wire when you Open(), Close(), or Abort() our various transport channels. Here are the details in a nutshell (all the comments about net.tcp apply to net.pipe, simply substitute “named pipe” for “socket”):

HTTP Request (Client) Channels

• Open() — Nothing goes on the wire for HTTP Request channels, as there is no context that they need to establish. HTTP channels use Open() to setup their identity contexts and Token Providers (if necessary).
• Abort() — Abort will immediately terminate any outstanding calls to channel.SendRequest(). This in turn aborts any underlying TCP sockets (by sending an RST packet).
• Close() — Close will wait (up to the given timeout) for any outstanding calls to channel.SendRequest() to complete. If they don’t complete within the given timeout then we will abort the requests a la httpChannel.Abort().

HTTP Reply (Server) Channels

• Open() — As a datagram channel, HTTP reply channels don’t perform any work at Open() time.
• Abort()/Close() — If the associated HTTP Channel Listener has been disposed, then channel.Abort will in turn call HttpRequestContext.Abort() on any RequestContexts that have not been replied to. This will cause http.sys to abort the underlying TCP socket. If the HTTP Channel Listener has not been disposed then channel.Abort() simply transfers ownership of these outstanding request contexts back to the channel listener. Close() actually performs in the same fashion, since calling requestContext.Close() in this case would have the unexpected side-effect of sending a 202 Accepted response.

Net.Tcp Duplex (Buffered) Channels
Net.Tcp duplex channels have a 1-1 relationship with their associated network resource, and as such there is a more direct correlation between the channel operations and their effect on network traffic.

• Open() — On the client, channel.Open() will first look for a socket in our connection pool (which reminds me I need to post about our connection pooling behavior). If none exists, then we will create a new client socket (by connecting to the service IP address+port number). Once we have a connected socket, we will perform a handshake using a custom .Net framing protocol. This is where we will validate that the requested endpoint both exists and uses the requested content-type. We will also perform any transport-security handshake here.

  On the server, channel.Open() signals that the server side channel should (if required) respond to any transport-security handshake, and then ACK that the message framing connection has been successfully established.

• Abort() — Abort will immediately terminate the TCP socket associated with the channel (again by sending an RST packet).
• Close() — Close will send a framing level “FIN”-style packet, and then wait (up to the given timeout) for a framing level “FIN-ACK”. If the FIN-ACK is received before the timeout expires then we will return the socket into our connection pool. If the receive times out then we will abort the socket.

Net.Tcp Request-Reply (Streamed) Channels
Net.Tcp streaming messages have similar wire handshake requirements, however those manifestations on the wire are associated with individual request-reply operations rather than to channel operations. For the channel operations, Net.Tcp request-reply channels behave in the same manner as HTTP channels.

I haven’t mentioned anything about net.msmq or UDP channels in this post. This is because as datagram channels they don’t have any on-the-wire associations with channel.Open/Close/Abort.

WCF has a very powerful extensibility mechanism around modifying HTTP headers. However, you will get tripped up if you try and modify the “Expect: 100-Continue” header on outgoing requests. This is because System.Net will (by default) add this header on outgoing requests.

As a workaround, you can change the default for your application by setting a System.Net static:

System.Net.ServicePointManager.Expect100Continue = false;

At long last, after 5 years, 2 PDCs and a few product name changes, I can proudly point you to fully supported .Net Framework 3.0 RTM bits for XP and 2k3 here.

I was going to write a quick note about how to suppress Expect 100-Continue as a result of this forum post. But it seems no one’s covered the background of WCF best practices for manipulating HTTP headers in general. So first, this post 🙂

Back in Beta 2, we stepped up our first class HTTP support by allowing WCF users to access and manipulate the HTTP headers that are sent on the wire. The programming model interface to this feature is through two Message Properties: HttpRequestMessageProperty (for HTTP requests) and HttpResponseMessageProperty (for HTTP responses, as you might expect). They are represented as Message Properties and not Message Headers since they are transport-specific information that is stored “outside” of the Message. Message Headers require an infoset-based representation that is included in serialization over all transports.

Using the HTTP-based Message Properties is very straightforward. First, you setup the contents of your Property. Then you attach it to your outgoing OperationContext or to your outgoing Message (if you are using the Message programming model directly). For example, if I wanted to send a GET request through WCF, I would do the following:

For incoming requests/responses, you can look up the HTTP-specific information by looking for the Property on your incoming context:

HttpRequestMessageProperty httpRequestProperty = null;
object propertyValue = null;

if (OperationContext.Current.IncomingMessageProperties.TryGetValue(HttpRequestMessageProperty.Name, out propertyValue))
{
  httpRequestProperty = (HttpRequestMessageProperty)propertyValue;
}

If this property is non-null (note that you could be accessing a Message that came in over a non-HTTP transport), then it will faithfully represent the information associated with the HTTP-specific data that was associated with this request. The above approach also applies to HTTP responses. The difference is that you use the HttpResponseMessageProperty class, and the non-header items that you can manipulate include Status Code and Status Description (rather than Verb and Query String on the request).

When I talked about transferring large messages with WCF, I neglected to cover how security interacts with streamed messages.

A number of V1 binding elements require message buffering. For example, WS-RM (ReliableSessionBindingElement) buffers messages so that it can retry sends when they fail. The integrity (signing) protocol provided by WS-Security requires buffering of the message since the signature is stored in a message header (and headers are sent out prior to the streamed body).

The system provided bindings in V1 that support streaming are BasicHttpBinding, NetTcpBinding, and NetNamedPipeBinding. To enable bidirectional transport-level streaming, set the TransferMode on your binding to TransferMode.Streamed. Alternatively, if you only require streaming in one direction, you can set the TransferMode value to TransferMode.StreamedRequest or TransferMode.StreamedResponse.

Transport-level streaming will work with Transport security. It will also work with “mixed-mode” security: where authentication is provided by WS-Security, but confidentiality and integrity are provided by the transport.

If you want to use full WS-Security, then you would need app-level “chunking” or a chunking protocol at the channel-layer.

There comes a point in time when one server is just not enough. You need to scale your service across multiple back-ends. Enter Windows Network Load Balancing (a.k.a. NLB). By using NLB, TCP connection initiations can be serviced by different machines.

This has an obvious impact on in-memory sessions. If you are using a protocol such as WS-Reliable Messaging (which will reestablish connections during the course of a session) or WS-Secure Conversation (which uses a session-negotiated security token), then you want to make sure subsequent connection requests go to the same back-end server. Similarly, when using a transport such as HTTP (which can in worst case scenarios use a new connection for each request-reply), if you are depending on an in-memory session then you will also need to ensure consecutive connection establishments arrive at the same server. Many load-balancer have an “affinity” setting that you can set to enable this behavior. Alternatively you can write a “state-less” service (from the in-memory perspective), where any app state is stored outside of your process. If you take this approach then you should avoid using WCF Sessions (which may store infrastructure state in-process).

Nicholas gave a nice overview of our Transport quotas. We have a few knobs on the TcpTransportBindingElement specifically targeted for NLB-type scenarios. They are associated with our client-side connection pooling. Nicholas highlights the final object model for these quotas, and I’ll go into a little detail about how these quotas will effect your use of NLB with our TCP transport.

• IdleTimeout: Controls the amount of time that a TCP connection can remain idle in our connection pool. This is useful for scenarios where you don’t mind connections being reused when you are under load, but when the load dissipates you wish to reclaim your connection. The default value of IdleTimeout is 2 minutes.
• LeaseTimeout: Controls the overall lifetime of a TCP connection. The lower you set this value, the more likely you will be re-load balanced when you create a new channel. Note that if this timeout expires we won’t just fault an existing connection. We will however close that connection when you Close() the active channel. This setting works well in conjunction with IdleTimeout. For example, if you are cycling through channels, and you are never really “idle”, you can still ensure periodic connection recycling through LeaseTimeout. The default value of LeaseTimeout is 5 minutes.

For HTTP we inherit our connection pooling settings from System.Net, so you can tweak their idle settings in order to control connection recycling frequency over HTTP.

Vista is coming soon, and one of its new security features bears special mention due to its effect on the execution of Http-based services. User Account Control is a new feature that will have many former administrators running as a “standard user” by default. Running as a non-admin, developers can hit a permissions issue when opening an Http standalone service:

AddressAccessDeniedException: HTTP could not register URL http://+:80/myService/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details).

That is because http.sys restricts the root namespace (i.e. “/”) to administrators only. By using the http.sys namespace security mechanism, you can delegate portions of the global namespace to be accessible by different groups (i.e. all local Users, Power Users, a single user such as REDMONDkennyw, etc). Traditionally this security integration would be done by your setup program at install time.

System.Net does not currently expose any managed APIs to manipulate http.sys security reservations, but Keith has posted some sample code on using these APIs from managed code.

In addition, on Vista administrators also have access to a brand new netsh extension. This extension is very useful for both diagnostics and configuration issues such as namespace delegation. It also takes care of simple SDDL conversion, so you can now have commands such as:

netsh http add urlacl url=http://+:80/myService user=DOMAINuser

Rather than having to use oh so readable SSID strings like D:(A;;GX;;;S-1-5-20).

Note that your code which is running either the netsh extension or the configuration APIs needs to be running under an administrator account in order to setup this reservation. Once the reservation (ACL delegation) has been made, future registrations (usages) of your URI can occur while running under any account that was authorized by the reservation.