Secure Sessions

A feature of Windows Communication Foundation (WCF) is reliable sessions that guarantee messages are received in the order they were sent. The topics in this section discuss the security implications to consider when creating a reliable session. For more information about reliable sessions, see Using Sessions.

Note:
When impersonation is required on Windows XP, use a secure session without a stateful security context token (SCT). When stateful SCTs are used with impersonation, an InvalidOperationException is thrown. For more information, see Unsupported Scenarios.

In This Section

Secure Conversations and Secure Sessions	Secure conversations and secure sessions are synonymous. This topic explains the way a secure conversation works, and when and why to use the pattern.
How to: Create a Secure Session	Walks through of the basics of creating a secure session.
How to: Create a Stateful Security Context Token for a Secure Session	Walks through the steps of creating a Web farm that will maintain state and sessions with clients.
Security Considerations for Secure Sessions	Describes special considerations for secure sessions.

Reference

System.ServiceModel

System.ServiceModel.Channels

Related Sections

Sessions, Instancing, and Concurrency in Windows Communication Foundation

Designing and Implementing Services

See Also

Tasks

How to: Enable Message Replay Detection
How to: Create a Service That Requires Sessions

Concepts

Replay Attacks

>
© 2007 Microsoft Corporation. All rights reserved.
Build Date: 2009-10-13