Windows Vista Forums
Vista Forums Home Join Vista Forums Windows 7 Forum Vista Tutorials Tags
Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks.

Go Back   Vista Forums > Misc Newsgroups > Indigo

Vista - WCF Secure Session Key Renewal best practice?

 
 
Old 12-19-2007   #1 (permalink)
Markus Leder


 
 

WCF Secure Session Key Renewal best practice?

I've got a .NET 3.0/WCF client-server app that implements a duplex message
exchange pattern, using message security and per session instance mode, tcp
transport.

After an established connection, the server is periodically sending back
notifications to connected clients. There may be NO forward client-to-service
operation calls during a long time.

However, right after 15 hours I get a "The session key must be renewed
before it can secure application messages" error message on the server. I
figured out this is related to the local client or service security property
"SessionKeyRenewalIntervalproperty".

I don't think it's a good idea just to increase this property. However I
must prevent callback notifications from being lost.

So what is the best practice to renew this session key before expiring the
session?

Thanks for any hints. Did not find anything so far.

My System SpecsSystem Spec
Old 12-19-2007   #2 (permalink)
tiago.halm


 
 

Re: WCF Secure Session Key Renewal best practice?

I may be out of my league on this one, since I have not had this
problem yet.

However, in your case, the client is the initiator, so the client is
the one responsible for re-initializing the session key, in other
words, re-establishing the a new session or renewing the current one,
although I don't know if the later is expected. The exception is
thrown to the server when sending back notifications, not the client,
which would be the one responsible for renewing the session he
started.

The documentation states:
"Gets or sets the time span after which the initiator renews the
key for the security session"
So, its in fact the initiator the one responsible for renewing the
session.

Having said this, and although I'm not familiar with your scenario,
I'd assume that the server would wait for a message by the client
(periodically) before continue to send notifications. In fact, 15
hours later the client might not even be there anymore. On the other
hand, if you could renew a session key programatically, it would allow
the server to send a certain notification to make the client perform
the renewal (or re-open the channel) and therefore wakeup/renew the
session key, although this one seems a bit far-fetched, since it was
the client that initiated the conversation and its the client who will
eventually end it.

I know its not a complete answer , but it was an interesting enough
scenario.
Let me know your thoughts or updates ...

regards,
Tiago Halm
My System SpecsSystem Spec
Old 01-07-2008   #3 (permalink)
Markus Leder


 
 

Re: WCF Secure Session Key Renewal best practice?

The update my information here:

Yes, the session is automatically renewed and authenticated. I implemented a
"keep-alive" watch-dog functionality calling the service from the client
periodically when not other calls are made for a long time.

So this may be a best practice.

"Markus Leder" wrote:
Quote:

> Thanks for your feedback, Tiago. Keeping the session alive from the client's
> side with periodic request, I also thought this to be a solution.
>
> However, I have to try this out, as I find no further information on
> automatic (or programatic) session key renewal. Well, this may work out of
> the box. I will keep you updated on this - after christmas holidays :-)
>
> Markus
My System SpecsSystem Spec
Old 01-07-2008   #4 (permalink)
Tiago Halm


 
 

Re: WCF Secure Session Key Renewal best practice?

Markus,

Thanks for the update, it definitely seems a good alternative.

Tiago Halm

"Markus Leder" <MarkusLeder@xxxxxx> wrote in message
news:12A6902C-AD01-462D-9A46-81C01A7B5652@xxxxxx
Quote:

> The update my information here:
>
> Yes, the session is automatically renewed and authenticated. I implemented
> a
> "keep-alive" watch-dog functionality calling the service from the client
> periodically when not other calls are made for a long time.
>
> So this may be a best practice.
>
> "Markus Leder" wrote:
>
Quote:

>> Thanks for your feedback, Tiago. Keeping the session alive from the
>> client's
>> side with periodic request, I also thought this to be a solution.
>>
>> However, I have to try this out, as I find no further information on
>> automatic (or programatic) session key renewal. Well, this may work out
>> of
>> the box. I will keep you updated on this - after christmas holidays :-)
>>
>> Markus

My System SpecsSystem Spec
 

Thread Tools


Similar Threads
Thread Forum
VPN Session Icon Disappears, so I can't close Session Vista file management
5719 Event ID - "...not able to set up a secure session with a dom Vista General
Automatic IP Renewal Vista networking & sharing


Vista Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46