<localClientSettings> element

Specifies the security settings of a local client for this binding.



   <localClientSettings cacheCookies="Boolean"
                        timestampValidityDuration="TimeSpan" />

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.


Attribute Description
cacheCookies A Boolean value that specifies whether cookie caching is enabled. The default is false.
cookieRenewalThresholdPercentage An integer that specifies the maximum percentage of cookies that can be renewed. This value should be between 0 and 100 inclusively. The default is 90.
detectReplays A Boolean value that specifies whether replay attacks against the channel are detected and dealt with automatically. The default is false.
maxClockSkew A TimeSpan that specifies the maximum time difference between the system clocks of the two communicating parties. The default value is "00:05:00".

When this value is set to the default, the receiver accepts messages with send-time time stamps up to 5 minutes later or earlier than the time the message was received. Messages that do not pass the send-time test are rejected. This setting is used in conjunction with the replayWindow attribute.
maxCookieCachingTime A TimeSpan that specifies the maximum lifetime of cookies. The default value is "10675199.02:48:05.4775807".
reconnectTransportOnFailure A Boolean value that specifies whether connections using WS-Reliable messaging will attempt to reconnect after transport failures. The default is true, which means that infinite attempts to reconnect are attempted. The cycle is broken by the inactivity time-out, which causes the channel to throw an exception when it cannot be reconnected.
replayCacheSize A positive integer that specifies the number of cached nonces used for replay detection. If this limit is exceeded, the oldest nonce is removed and a new nonce is created for the new message. The default value is 500000.
replayWindow A TimeSpan that specifies the duration in which individual message nonces are valid.

After this duration, a message sent with the same nonce as the one sent before will not be accepted. This attribute is used in conjunction with the maxClockSkew attribute to prevent replay attacks. An attacker could replay a message after its replay window has expired. This message, however, would fail the maxClockSkew test which rejects messages with send-time timestamps up to a specified time later or earlier than the time the message was received.
sessionKeyRenewalInterval A TimeSpan that specifies the duration after which the initiator will renew the key for the security session. The default is "10:00:00".
sessionKeyRolloverInterval A TimeSpan that specifies the time interval a previous session key is valid on incoming messages during a key renewal. The default is "00:05:00".

During key renewal, the client and server must always send messages using the most current available key. Both parties will accept incoming messages secured with the previous session key until the rollover time expires.
timestampValidityDuration A positive TimeSpan that specifies the duration in which a time stamp is valid. The default is "00:15:00".

Child Elements


Parent Elements

Element Description
<security> Specifies the security options for a custom binding.
<secureConversationBootstrap> Specifies the default values used for initiating a secure conversation service.


The settings are local in the sense that they are not settings derived from the security policy of the service.

See also