none
Message Security In WCF and Performance problem RRS feed

  • Question

  • Hi Experts...

    I want to design a system which consist of two parts:

    1. Services (wcf services)
    2. Clients

    clients call services over internet so for security reason i use wcf with message security and certificate configuration:

    <netTcpBinding>       

    <binding name="NetTCPTransportSecurity" closeTimeout="00:59:59"         

    openTimeout="00:59:59" receiveTimeout="00:59:59" sendTimeout="00:59:59"         

    maxBufferSize="1111111111" maxReceivedMessageSize="1111111111">         

    <readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647"           

    maxBytesPerRead="2147483647" />         

    <security mode="Message">           

    <message clientCredentialType="Certificate" />         

    </security>       

    </binding>     

    </netTcpBinding>

    The problem is service performance while using certificate. when we call services it take long time to response.

    our response are long and may contains list of objects.

    what should i do and what is the best scenario for my system?


    Thursday, June 23, 2016 7:22 AM

All replies

  • Check this blog about performance improve in wcf:
    https://blogs.msdn.microsoft.com/wenlong/2007/10/26/performance-improvement-for-wcf-client-proxy-creation-in-net-3-5-and-best-practices/
    Saturday, June 25, 2016 6:05 AM
  • Thanks to your answer but...

    my problem is not wcf performance but authentication with certificate which cause wcf have poor performance.

    i use certificate authentication:

    1. to prevent unknown and forbidden clients call my wcf services over internet.
    2. to know which client call my service

    is there any alternative solution for my problem that has high performance?

    Saturday, June 25, 2016 6:14 AM
  • I need Your answers
    Tuesday, June 28, 2016 4:54 AM
  • Hi Seyed,

    >>my problem is not wcf performance but authentication with certificate which cause wcf have poor performance.

    Based on your config file, I know that you are using the Message security mode with the certificate authentication. I wonder if you have created the Certificates by using the MakeCert, the certificates that are created by the MakeCert will have the performance problems, certain cryptographic operations may perform slowly when they are used. Certificates issued from a true Certificate Authority do not have this problem.

    In order to improve your WCF performance and forbidden unauthorized client, please check the following two points:

    1.) I will recommend you use the Transport security mode instead of the Message security mode, because Message body encryption will be much slower than securing the entire channel.
    2.) Since you have performance issue when using the Certificate authentication, then I will recommend you using the Custom Username authentication or the Windows authentication in the same domain or trust domain to authenticate clients. For more information, please try to refer to the following article:
    #WCF Custom Authentication:
    https://msdn.microsoft.com/en-us/library/aa702565(v=vs.110).aspx .
    #WCF Windows Authentication:
    https://msdn.microsoft.com/en-us/library/ff647180.aspx .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Wednesday, June 29, 2016 5:37 AM
    Moderator
  • Thanks Thanks Thanks ....

    but none of username authentication and windows authentication is suitable for me.

    i do this scenario:

    i use message security just for authentication without any encryption. i prevent wcf request / responses from encryption by putting

    [MessageContract(ProtectionLevel = ProtectionLevel.None)]

    on them. but for encryption i host services on https address and change security setting to

    <security mode="TransportWithMessageCredential">
        <message clientCredentialType="Certificate" />
    </security>

    is this solution good? to your knowledge is there any problem with this solution?



    Wednesday, June 29, 2016 6:54 AM
  • Hi Seyed,

    >>I wonder if you have created the Certificates by using the MakeCert, the certificates that are created by the MakeCert will have the performance problems, certain cryptographic operations may perform slowly when they are used. Certificates issued from a true Certificate Authority do not have this problem.

    I think there is no problem in your current solution, and i agree with Amy, this performance issue may be caused by your Certificates.

    Best Regards,

    Tony


    Help each other


    • Edited by Tony---- Monday, July 4, 2016 2:40 AM
    Monday, July 4, 2016 2:35 AM