"James Hancock" <~james@darwinconsulting.com> wrote in message
news:enbjYDJmGHA.4868@TK2MSFTNGP04.phx.gbl...
> I've created my own Assertion using UsernameToken (I use 512 bit passwords
> that aren't sent over the wire and are unique per session and the data is
> encrypted in my assertion). In that new assertion, I've implimented
> SecureConversation by using the following:
>
> SecureConversationServiceSendSecurityFilter etc. etc. etc.
> And inherit my assertion from SecirtyPolicyAssertion.
>
> I don't get any errors and all of my encryption and signing stuff works
> great.
>
> The problem is that every message has all of the signature and header crap
> that I was hoping to avoid. The end result is 80K of wasted junk on every
> message, even though I'm using SecureConversation.
>
> My question is, how do I get rid of this junk (i.e. duplicate stuff from
> every message, I realize the first one will have it, but from every
> subsequent message)? What have I missed in my secureconversation stuff? I
> thought it just stripped out everything automatically after you made your
> assertion (which is clearing working because the traces are showing the
> nice encryption and stuff) inherit from the secure conversation classes.
>
> Thanks!
>
> James Hancock
>
>

"Pablo Cibraro" <pcibraro@hotmail.com> wrote in message
news:eN1KALTmGHA.5076@TK2MSFTNGP02.phx.gbl...
> Hi James,
>
> Secure conversation only assures that you authenticate the client once
> (instead of authenticate it for each message).
> You can not get ride of the signature and security stuffs because in that
> way your messages can suffer tampering attacks.
> If you want smaller messages, WS-Security or message security is not the
> way to go and you should consider using transport security as SSL.
> Anyway, the choice between transport security and message security depends
> on your security requirements for the web services.
>
> Regards,
> Pablo Cibraro
> http://weblogs.asp.net/cibrax
>
> "James Hancock" <~james@darwinconsulting.com> wrote in message
> news:enbjYDJmGHA.4868@TK2MSFTNGP04.phx.gbl...
>> I've created my own Assertion using UsernameToken (I use 512 bit
>> passwords that aren't sent over the wire and are unique per session and
>> the data is encrypted in my assertion). In that new assertion, I've
>> implimented SecureConversation by using the following:
>>
>> SecureConversationServiceSendSecurityFilter etc. etc. etc.
>> And inherit my assertion from SecirtyPolicyAssertion.
>>
>> I don't get any errors and all of my encryption and signing stuff works
>> great.
>>
>> The problem is that every message has all of the signature and header
>> crap that I was hoping to avoid. The end result is 80K of wasted junk on
>> every message, even though I'm using SecureConversation.
>>
>> My question is, how do I get rid of this junk (i.e. duplicate stuff from
>> every message, I realize the first one will have it, but from every
>> subsequent message)? What have I missed in my secureconversation stuff? I
>> thought it just stripped out everything automatically after you made your
>> assertion (which is clearing working because the traces are showing the
>> nice encryption and stuff) inherit from the secure conversation classes.
>>
>> Thanks!
>>
>> James Hancock
>>
>>
>
>