»When using client authentication with transport security, the client must attach claims to the channel before sending messages. The client must attach claims that match service requirements. For instance, if basic authentication is required with
HTTP-based binding, the client must send a username and password«
a) I assume with transport security client needs to attach claims ( ie username/password or certificate ) only once, then a session of sort is established and thus some sort of session token is used instead of sending pwd/username with each message?
b) Assuming my a) assumption is correct, is this assumption true for all of predefined bindings or only those that support session?
View Complete Post