tag:blogger.com,1999:blog-1482776199578137808.post105223906996280080..comments2024-03-12T11:12:59.606+02:00Comments on Yaron Naveh's Web Services 2.0 Blog: WCF Performance: Making your service run 3 times fasterYaron Naveh (MVP)http://www.blogger.com/profile/11793800386245798442noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-1482776199578137808.post-55275219764249884432013-04-16T14:24:58.824+03:002013-04-16T14:24:58.824+03:00Hi Carl
If you use Trasnport security only then N...Hi Carl<br /><br />If you use Trasnport security only then NegotiateServiceCredential has no effect and its value does not matter. It only matters when message security is used, in which case turning it off will result in a faster communication (for first message) but that means clients need to have the server certificate out of band.Yaron Naveh (MVP)https://www.blogger.com/profile/11793800386245798442noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-74889727383281117012013-04-16T14:07:42.309+03:002013-04-16T14:07:42.309+03:00I know this is a very old thread however some of u...I know this is a very old thread however some of us are still using WCF!<br /><br />For services that are secured using TRANSPORT security only and using wsHTTPBinding what effect does changing the NegotiateServiceCredential to false have? You say you have to propagate the service credentials to the client however what does that actually mean? Do we have to install the server certificate locally on the clients?<br /><br />ThanksCarlhttps://www.blogger.com/profile/18006595752620119230noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-61436041806967202962012-09-15T19:30:46.349+03:002012-09-15T19:30:46.349+03:00Michael
As long as you do not use "SecureCon...Michael<br /><br />As long as you do not use "SecureConversation" authentication mode then security context is not used. UserNameForSslNegotiated does not use secure conversation, but it does internally use the ws-trust standard for different purpose, so the error may mention tokens. SslNegotiated maps to the negitiateClientCredential setting.<br /><br />You may also want to check http://webservices20.cloudapp.net/Yaron Naveh (MVP)https://www.blogger.com/profile/11793800386245798442noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-55681783643417445942012-09-15T18:56:13.115+03:002012-09-15T18:56:13.115+03:00How can I set the establishSecurityContext="F...How can I set the establishSecurityContext="False" in a customBinding?<br /><br />I spent hours but I found just other flag like RequireSecurityContextCancellation but actually they seems to be different stuff.<br /><br />I did tried also to put authenticationMode="UserNameForSslNegotiated" instead of "SecureConversation", but I can see again the error message "The security context token is expired or is not valid." so I suppose the SCT is currently used.<br /><br />any help?<br /><br />Thanks,<br />Michael.Anonymoushttps://www.blogger.com/profile/11325002262378850485noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-86233150752276655342011-03-22T12:37:05.950+02:002011-03-22T12:37:05.950+02:00ronsho
It depends what is the expected server loa...ronsho<br /><br />It depends what is the expected server load.<br /><br />If you expect a lot of clients then no point in using these sessions - the number of open sessions is limited, blows memory, and it is fragile since any restart of service or client removes the session.<br /><br />If you expect only a few clients then if there is an open session the call to the service will be slightly faster.Yaron Naveh (MVP)https://www.blogger.com/profile/11793800386245798442noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-64585725316458246962011-03-22T11:40:42.303+02:002011-03-22T11:40:42.303+02:00Hey Yaron, If the client calls the service once on...Hey Yaron, If the client calls the service once on every 10 minutes, do you recommend on setting establishSecurityContext to false?Unknownhttps://www.blogger.com/profile/05816795372536241230noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-75320549265627185782011-03-22T11:39:50.843+02:002011-03-22T11:39:50.843+02:00Hey Yaron, If the client calls the service once in...Hey Yaron, If the client calls the service once in every 10 minutes, do you recommend on setting establishSecurityContext to false?Unknownhttps://www.blogger.com/profile/05816795372536241230noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-55658991608907025102009-01-27T11:42:00.000+02:002009-01-27T11:42:00.000+02:00Hi AnonymousThe scenario I have tested here includ...Hi Anonymous<BR/><BR/>The scenario I have tested here includes an anonymous client so there's no need to propagate credentials. <BR/><BR/>In case there is such a need then these credentials will be passed by the client in each request. Since this is an overhead over using a secured session it will not always outperform it. I assume that for user/pass credentials we will still see a big improvement while for a big SAML token it may not be the best solution.Yaron Naveh (MVP)https://www.blogger.com/profile/11793800386245798442noreply@blogger.comtag:blogger.com,1999:blog-1482776199578137808.post-71202771058055171682009-01-27T11:08:00.000+02:002009-01-27T11:08:00.000+02:00How do you think to propagate the credentials from...How do you think to propagate the credentials from client to server ?Anonymousnoreply@blogger.com