What are the impacts of setting establishSecurityContext=”False” if i use https?

by

The difference is that the on an non-SCT (security context token) enabled endpoint, key exchange and validation must be done per call as opposed to being done once and cached for the session and only a SCT passed around in the messages instead. SCTs are based on a symmetric key which makes them much more efficient for signing/encrypting the message. The use of a SCT is very good when the client is expected to make many calls in succession because it alleviates the need to do the exchange and validation of a one off key every time.

What I would recommend is that you just expose another endpoint for clients that don’t support SCTs and tell them to use that. Clients that can use SCTs you keep pointed at the default endpoint and keep all the benefits that come with it.

For more on the subject, check out section three of the WS-SecureConversation documentation.

More Related Contents:

  1. Best Practices for securing a REST API / web service [closed]
  2. Connecting via named pipe from windows service (session#0) to desktop app (session #1)
  3. How to turn on WCF tracing?
  4. WCF Configuration without a config file
  5. Returning raw json (string) in wcf
  6. WCF Datacontract, some fields do not deserialize
  7. HTTP could not register URL http://+:8000/HelloWCF/. Your process does not have access rights to this namespace
  8. WCFTestClient The HTTP request is unauthorized with client authentication scheme ‘Anonymous’
  9. The maximum string content length quota (8192) has been exceeded while reading XML data
  10. HTTP Error 404.3 – Not Found” while browsing wcf service on Windows Server 2008(64bit)
  11. Calling WCF service by VBScript
  12. Enable SSL for my WCF service
  13. Content Type text/xml; charset=utf-8 was not supported by service
  14. WCF Service , how to increase the timeout?
  15. Best way to support “application/x-www-form-urlencoded” post data with WCF?
  16. How can I set an HTTP Proxy (WebProxy) on a WCF client-side Service proxy?
  17. WCF service configuration file question regarding
  18. WCF message security without certificate and windows auth
  19. How to consume WCF web service through URL at run time?
  20. WCF error: The caller was not authenticated by the service
  21. Problem sending JSON data from JQuery to WCF REST method
  22. How to serialize Dictionary through WCF?
  23. WSDL-first approach: How to specify different names for wsdl:port and wsdl:binding?
  24. what is the global.asax Application_Start equivalent when using WAS in IIS7
  25. access HttpContext.Current from WCF Web Service
  26. WCF GZip Compression Request/Response Processing
  27. WCF Web Service Custom Exception Error to Client
  28. WCF NetTcpBinding with mex
  29. Adding basic HTTP auth to a WCF REST service
  30. How to handle json DateTime returned from WCF Data Services (OData)

Leave a Comment