Secure Sessions

A feature of Windows Communication Foundation (WCF) is reliable sessions that guarantee messages are received in the order they were sent. The topics in this section discuss the security implications to consider when creating a reliable session. For more information about reliable sessions, see Using Sessions.


When impersonation is required on Windows XP, use a secure session without a stateful security context token (SCT). When stateful SCTs are used with impersonation, an InvalidOperationException is thrown. For more information, see Unsupported Scenarios.

In This Section

Secure Conversations and Secure Sessions Secure conversations and secure sessions are synonymous. This topic explains the way a secure conversation works, and when and why to use the pattern.
How to: Create a Secure Session Walks through of the basics of creating a secure session.
How to: Create a Security Context Token for a Secure Session Walks through the steps of creating a Web farm that will maintain state and sessions with clients.
Security Considerations for Secure Sessions Describes special considerations for secure sessions.




Sessions, Instancing, and Concurrency

Designing and Implementing Services

See Also

How to: Enable Message Replay Detection
Replay Attacks
How to: Create a Service That Requires Sessions