为什么在WSE配置中不要选择Establish Secure Session

在配置WSE 3.0的时候,我们都会建议有一个选项(Establish Secure Session)不要选择。事实上,如果你选择了,在调用的时候就会出现问题。但对于该选项为什么不要选择,却没有太多资料给我们介绍。下面找到了一些相关的介绍


http://www.c-sharpcorner.com/UploadFile/john_charles/TherealizationofWS-Securityrelatedspecifications09162006125007PM/TherealizationofWS-Securityrelatedspecifications.aspx

Now we're going to see why we cleared the Establish a Secure Session checkbox.

There are times when secure conversation and Kerberos can enter in conflicts. WSE 3.0 tries to acquire a Security Content Token (SCT) from the service to establish a secure conversation. The Request Security Context (RST) message sent from the client to acquire the SCT uses a KerberosToken to protect the message so that only the service can decrypt the message. By default, WSE 3.0 generates stateful SCT which means that the state of the SCT is carried with the SCT itself in the message. This state contains the server's KerberosToken inside of it. Since Kerberos Tokens can only ever be used once, using this stateful SCT doesn't work. This is because every time the client makes a request to the service, it protects the message with that SCT, which carries the state with it.

There are two options to figure this out:

  • Don't establish a Secure Session. 
  • Establish a Secure Session and set statefulSecurityContextToken to false in the service configuration

image

posted @ 2008-07-29 19:58  陈希章  阅读(413)  评论(0编辑  收藏  举报