Is there anything I can do to make the X509 better and follow the best practices of the new channel, or is this slow negotiation an inherent disadvantage of using the X509 for WCF security?
For tl; dr go to update 3 at the end for the source of this.
The best practice with WCF channels seems to be "reusing ChannelFactory, but creating a new channel for each request," and I always did it like that. For instance. Single WCF channel performance over multiple channels
I'm currently experimenting using X509 certificates as security credentials, and CreateChannel is time consuming (15 seconds +). Reusing a channel subsequently gives good performance (if I understand correctly, because symmetric keys are used after the initial public / private key authentication that occurs when calling CreateChannel), but this is bad practice.
On the server side:
var managerCertificate = new X509Certificate2(@"Manager.pfx", "");
var host = new ServiceHost(typeof(ManagerService));
host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
host.Credentials.ServiceCertificate.Certificate = managerCertificate;
host.Open();
Console.ReadLine();
On the worker side (each request is slow):
var workerCertificate = new X509Certificate2(@"Worker.pfx", "");
var cfact = new ChannelFactory<IManagerService>("client");
cfact.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
cfact.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
cfact.Credentials.ClientCertificate.Certificate = workerCertificate;
for (int i = 0; i < 10; i++)
{
using (IManagerService channel = cfact.CreateChannel()
{
Console.WriteLine(channel.GetMyData("test data" + i));
}
}
And if I transfer the CreateChannel call outside the for loop to reuse it, then only the first request takes some considerable time.
In addition, I use NetTcpBinding.
Update 1: A Brief Sample of Results:
0: 546.875ms
1: 281.25ms
2: 281.25ms
3: 17484.375ms
4: 250ms
5: 234.375ms
6: 250ms
7: 250ms
8: 265.625ms
9: 250ms
250 ( ), , , (. 17 .), , 1--3. exe, , .
2: /, XP . (400 ), .
3:. , , ( , ):
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>0</EventID>
<Type>3</Type>
<SubType Name="Transfer">0</SubType>
<Level>255</Level>
<TimeCreated SystemTime="2012-03-10T15:02:27.2968750Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{9e5e819b-e837-40b8-81b1-9f3c18e54595}" RelatedActivityID="{2faaac57-4e24-41ad-a3e5-85d81bddfa3b}" />
<Execution ProcessName="WcfCertExample" ProcessID="420" ThreadID="4" />
<Channel />
<Computer>MYCOMPUTER</Computer>
</System>
<ApplicationData></ApplicationData>
</E2ETraceEvent>
: : http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue '.
, - , 17,5 250 , !