Fix to Allow Providing Outgoing Supporting Tokens
I've sufficiently recovered from running the last week-long series covering fixes for WCF to do another one. This week I'll again be covering fixes for WCF that may be hard to find and explaining the details behind each problem.
A primary token provides security to a message by signing the message body and headers in addition to providing an identity for the message sender. A supporting token provides additional information about the message sender.
When supporting tokens are used, the information typically comes from the configuration of the sender. This allows the supporting tokens to be generated automatically. However, in cases where the generation of supporting tokens is expensive, such as when each generated token is unique, you might want to generate the supporting token once and reuse it.
Previously there was no way for the message sender to directly control the supporting tokens. After installing this fix there is a new OutgoingSupportingTokens property on SecurityMessageProperty. The OutgoingSupportingTokens property provides a collection of token specifications to configure supporting tokens.
This fix is available for download from KB article 976394.