This project is read-only.

If You Need to Streamline Certificate Distribution to Your Clients, Consider Negotiating the Service Credentials

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Consider enabling negotiateServiceCredential if you need to streamline certificate distribution to your clients for message encryption. This option is only available with wsHttpbinding. Keep in mind that non-Microsoft clients will not be able to consume your service if you enable this option. Also consider that there is a performance penalty of negotiating credentials, due to messages exchange. Additionally, consider that allowing negotiation of service credentials is less secure, allowing any client to consume your service.

The following binding configuration shows how to set this option:
<binding name="BindingMessage">
   <security mode="Message">
      <message clientCredentialType="Windows" 
negotiateServiceCredential="true" />

Additional Resources

Last edited Jun 13, 2008 at 12:24 AM by prashantbansode, version 1


No comments yet.