Tuesday, October 21, 2008

Don't blindly trust WCF logging

@YaronNaveh

WCF logging is a very important debug feature in .Net 3.5. However you shouldn't always trust what you see...

Removing nonce and passwords
The first case where the logging may mislead is when security mechanisms such as username, password or nonce are used. For security reasons the log will no show them (see image bellow)




No WS-Addressing
The WS-Addressing standard is used in some of the bindings. When it is not used (as in basicHttpBinding or certain customBinding) the log will still show you something like:


<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://tempuri.org/EchoArr</Action>





However this will not go on the wire as can be proved with fiddler:




This can actually also be proved by turning the WCF logging at the transport level:




So we can't really say that WCF showed something wrong here - after all the service level logging does not go on to the wire - but it is confusing.

@YaronNaveh

What's next? get this blog rss updates or register for mail updates!

0 comments: