Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want to create new WCF service and client. The 2 parties will communicate using 2-way SSL.
I want to use the SSL only for the authentication phase. After this authentication, the encryption is not necessary. Can I configure my service (and client) to use SSL only for authentication and leave the connection unencrypted (performance issue)?
Why would you want to leave the connection unencrypted after authentication?
The username and password will be passed via the network one way or another so you should consider encrypting the connection all the time to avoid leaking that information.
Edit:
If you are using a certificate it has to be encrypted all the time, since I know you can’t do authentication with a certificate and then get back to simple HTTP.
WCF need to authenticate the client for every request (if it wasn’t like that client could get a certificate for a moment then delete it and use your WCF service like nothing happened because authentication will not be needed anymore which is abnormal in your situation).