WCF security articles

Code
WCF asynchronous: In the "Configure service" option, select to generate asynchronous operations. All methods here generate asynchronous operations. Of course, these methods are not asynchronous,

In asynchronous mode, the foreground calls asynchronous methods, that is, the foreground does not need any asynchronous methods.

For the percall mode, remember that if the data in the service object is not fixed and is not a static variable, it will be reinitialized every time it is operated.
 
For persession mode, first you need to know that some binding cannot be used in this mode, specific what is available, what is not available, you can view the http://www.cnblogs.com/jillzhang/archive/2008/02/03/1063406.html. In addition, the persession mode does not mean that the State will be automatically maintained. When operations with isterminating = true are completed, the resources and destruction objects will also be released. Even if it is not true, if the client does not contact the server for a long time, the server will become more patient.

For the single mode, it is much easier to use it as an exception, and it can maintain non-static global variables in the service object. However, in this mode, we should pay special attention to the thread security issue, so that 10 people can have a barber master to serve them at the same time.

Isterminating is used to destroy an instance in a session. An Instance cannot be called and can be placed at the most.
Sessionmode is placed in the interface, and [operationcontract (isterminating = false)] is placed in the operationcontract option. To use isterminating, you must add [servicecontract (sessionmode = sessionmode. Required)]

The session method must be used to handle the WCF Service voting transactions,

If you do not use the secure session mode, each call request will trigger the server's usernamepasswordvalidator;
Certificates must be configured to enable message security.

Http://www.cnblogs.com/MaYong/archive/2009/06/30/1514189.html

1. design an interface (contract) for each class (as you mentioned)
2. Use a service class to implement all interfaces

Http://msdn.microsoft.com/zh-cn/library/ms733775.aspx

Your questions involve almost all concepts of security. I have read a lot of materials to answer your questions. Includes the concepts bound by WCF, security, certificates, and asymmetric encryption algorithms.
Now I will answer your question:
1. wshttpbinding: https transmission protocol is used by default. HTTPS supports Secure Socket Layer (SSL) encryption. Here, https requires certificate support. The certificate uses asymmetric encryption, that is, public key and key pair. This can achieve Transmission Security. Prevent deciphering. This is the default transmission protocol.
2. Deciphering: It can be deciphered theoretically. However, it takes 100 billion years for RSA asymmetric encryption algorithms to decrypt the key. Perhaps the speed of computers has increased rapidly, but the deciphering time can be shortened.
3. Message tampering: to prevent tampering, a certificate signature is required here. The process is that both parties agree on a hash algorithm to hash the message, and then use the certificate to encrypt the hash value of the message. The encrypted hash value is sent to the server together with the encrypted message. After the server obtains the message, it uses the public key to decrypt it. Then, it uses the same hash algorithm to perform hash operations on the received message and compares the values twice. If the values match, they will not be tampered. This is also a general process of signature tampering.
4. wshttp or TCP publishing: user name and password. You need to override the validate method to verify the user name and password. the WCF framework automatically calls validate, which is similar to WSE. The SOAP header method is actually a simple method. The user name and password set by the client are obtained from the SOAP message header. Wse3.0 and WCF provide more secure solutions. For more information, see http://msdn.microsoft.com/zh-cn/library/ms733775.aspx. You can also search for articles with many WCF usernames and passwords. The certificate may be used, which is not required in the previous WSE test. A lot of articles I have written about using a certificate in WCF are described as follows. I keep trying to verify the Security Article.

Here are some useful materials for your problem:
1. http://msdn.microsoft.com/zh-cn/library/ms731362.aspx
2. http://msdn.microsoft.com/zh-cn/library/ms733768.aspx
3. http://msdn.microsoft.com/zh-cn/library/ms731346.aspx
4. http://msdn.microsoft.com/zh-cn/library/system.servicemodel.httpclientcredentialtype.aspx
5. http://www.stahosting.com/archiver/tid-1843.html