What are the impacts of setting establishSecurityContext=“False” if i use https?

后端 未结 1 1180
醉话见心
醉话见心 2020-12-03 01:25

My WFC service uses wsHttpBinding configured with:


    

        
相关标签:
1条回答
  • 2020-12-03 01:44

    The difference is that the on an non-SCT (security context token) enabled endpoint, key exchange and validation must be done per call as opposed to being done once and cached for the session and only a SCT passed around in the messages instead. SCTs are based on a symmetric key which makes them much more efficient for signing/encrypting the message. The use of a SCT is very good when the client is expected to make many calls in succession because it alleviates the need to do the exchange and validation of a one off key every time.

    What I would recommend is that you just expose another endpoint for clients that don't support SCTs and tell them to use that. Clients that can use SCTs you keep pointed at the default endpoint and keep all the benefits that come with it.

    For more on the subject, check out section three of the WS-SecureConversation documentation.

    0 讨论(0)
提交回复
热议问题