Writing a Custom Message Interceptor when Security is enabled
A custom message Interceptor give you access to the message as the message goes through the processing pipeline. There are two methods in the Message Interceptor - BeforeSendRequest and AfterReceiveReply. Both these methods gets passed in the Message by reference so you can modify the message. The BeforeSendRequest is called before the any processing has be done on the message on the send-side and AfterReceiveReply is called after the message is completely processed on the receive side. One of the typlical uses I have seen for the message interceptor is to log the message at that point. For more information on writing a custom Message Interceptor take a look at How to write a Custom Message Interceptor.
I saw a piece of code where security was enabled and in AfterReceiveReply some logging code was creating a Buffered Copy of the message. It was logging the buffered copy and was creating a new message object from the buffer that it was assigning back to the original message instance passed in by reference. The problem here is that with security enabled the message object passed to AfterReceiveReply is a security verified message. This object has so many data associated with it. Like maintains the decrypted form of the encrypted data, maintains reader pointer to the encrypted form of the data, namespaces read at different scopes like envelope, header and body and so on. In a nutshell this object is not clonable and a buffered message copy cannot be created. Anytime you are creating a bufferd copy from a security verified message you don't get returned the same copy of the original message.