My good friend Sam Gentile pointed me to David Pallmann's set of WCF tips. Lots of good stuff in there, and I found myself agreeing with most of the stuff David brought up.

One that particularly resonated with me was Tip #4 on default settings. One of my biggest gripes with svcutil.exe is that it generates a default client-side proxy configuration that is fairly useless, because it initializes all binding properties explicitly with values that are too small to be useful in many cases. What's worse, you may not realize the consequences of this during initial testing and may only notice the problem later on. In particular, message size and encoding quotas have default values that are too small.

Actually, I'll go one step further and say that a lot of these security quota settings make little sense for service consumers. However, you do want to configure them properly for services themselves (though the default values might still be too small for most scenarios), as they can help you protect against denial of service kind of attacks, or simply protect you from handling requests larger than your service can chew.


Tomas Restrepo

Software developer located in Colombia. Sr. PFE at Microsoft.