System.ServiceModel 4.0.0.0 System.Object Secure conversations involve the exchange of multiple messages and use a Security Context Token (SCT) to ensure security. The SCT is shared among the communicating parties for the lifetime of a communications session. A service can issue two different kinds of SCTs: The first is a session-based SCT that contains a unique id. Messages carry only the id, and the service maintains a state-mapping cache that maps between the SCT ids and contents (such as claims, security keys, and so on). A well-behaved client must send an SCT cancellation to help the service optimize the cache resources. If you instantiate this class by calling with the parameter equal to true, the SCT is issued in this manner. The second is a self-contained SCT that resides in a cookie on the client. This SCT contains the entire state information, so requires neither state management from the service nor SCT cancellation from the client. This is sometimes called a "cookie-mode" SCT. Because the SCT contains the entire state information, its size is larger than in the session-based case. With session-based SCTs, the service stores much of the state information. However, because it is self-contained, it can be used across service lifetime and persists across service shutdown and restart.

Provides credential settings for a secure conversation service.

Property 4.0.0.0 System.Collections.ObjectModel.Collection<System.Type> To be added. To serialize claims into SCT cookies, indigo1 uses as the default. Because the Claim resource is extensible, indigo2 allows you to provide a list of known resource types. This assists the during deserialization of the claims in the cookie so that it can return the original strongly-typed objects.

Gets a collection of the claims for cookie serialization.

Property 4.0.0.0 System.ServiceModel.Security.SecurityStateEncoder To be added. In "cookie mode", a service issues the client a security context token (SCT) in the form of a cookie to the client so that it does not have to maintain any security state. The client sends the cookie back in the request message so that the service knows how to unprotect and verify the request message. Because the SCT is often transmitted over a non-secure network, it must be protected. By default, indigo1 uses the class to protect the cookie using the Data Protection API (DPAPI). For DPAPI to work in a Web farm environment, all the backend services must run as the same domain user account. In other words, if the service is Web hosted, then the Internet Information Services (IIS) worker process must be configured to run as a domain user. This property enables you to use a customized to encrypt and decrypt the cookie and not depend on DPAPI.

Gets or sets a customized for encoding and decoding cookie serialization.