How to Turn Off WS-SecureConversation in WCF

Since WS-SecureConversation is heavy, increase complexity and have some performance implications (when used with short list session), we might be better off turn this feature off. In WS2007FederationHttpBinding, WS-SecureConversation is enabled by default.

To turn of this feature, change establishSecurityContext attribute to false in your config file (web.config / app.config). This also applies to Message security mode.

<ws2007FederationHttpBinding>
    <binding>
        <security mode="TransportWithMessageCredential">
            <message establishSecurityContext="false" />
        </security>
    </binding>
</ws2007FederationHttpBinding>

Make sure you turn off on both the client and the service. Otherwise, you will encounter Unsecured or Incorrectly Secured Fault Was Received From The Other Party error.

This applies to WCF with .Net 4.5

Advertisements

1 thought on “How to Turn Off WS-SecureConversation in WCF”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s