tags:

views:

576

answers:

4
+2  Q: 

Terrible Performance with WCF and certificates (mutual authentication)

Guys / Gals we are having terrible performance with our website that uses WCF as the application later. We are using message level security and certificates (mutual authentication). We are caching the channel factory in the application object:

Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)

        Dim loChannelFactor As New ChannelFactory(Of OurReference.IWCFChannel)("ClientEndpoint")
        loChannelFactor.Open()
        Application.Add("ChannelFactory", loChannelFactor)
End Sub

In every page that we need data we do the following:

Dim Proxy = DirectCast(voWebApp("ChannelFactory"), ChannelFactory(Of OurInfoReference.IOurInfoChannel)).CreateChannel

Proxy.DataCall()

If roWCFService IsNot Nothing Then
        CType(roWCFService, ICommunicationObject).Close()
        roWCFService = Nothing
End If

Also i have set establishsecuritycontext = true.

We are not wanting to cache the proxy because of having to mess with a faulted proxy state. As far as i know caching the channel stack should be enough anyways. When i turn on tracking i'm seeing a bunch of SCT commands instead of just for the first call like i would expect. Does anyone know whats going on. Are we caching the channel factory incorrectly?

thanks, Ncage

+2  A: 

Looks like you could solve it using a certificate from a ceritificate authority:

"MakeCert is a tool provided by Microsoft to create test certificates that can be used during the development of a product (For developing and testing purposes only). These certificates have also performance problems, certain cryptographic operations may perform slowly when they are used. Certificates issued from a true Certificate Authority do not have this problem, and it is a know issue."

http://weblogs.asp.net/cibrax/archive/2006/08/08/Creating-X509-Certificates-for-WSE-or-WCF.aspx

Edit: May be the extra activity is due to initial handshake when creating of a session. WCF default is per call, that is a new session is created for each call. You could try marking your contract with:

[ServiceContract(Session = true)]

That may maintain the session and avoid the initial handshake.

Shiraz Bhaiji  2009-06-30 20:11:46
Actually we are using entrust certificates. We are not using self signed certs.
 2009-06-30 21:06:06
Interesting fact, I'll note this for future research.
jpierson  2010-06-10 17:10:34
A: 

I remember a similar issue however it was a good 18 months ago. I found this whilst having a quick look for how i resolved the issue. It may help, I will edit my response when I find what I was looking for!

redsquare  2009-06-30 20:46:27
I actually seen this before. While i do agree with guy if you have a bunch of anonymous clients connecting and making one call and then disconnecting then his recommendations would work but i find this highly unlikely. Its more likely you want a client that connects and makes multiple calls and doesn't have to create the communication stack every time. If you have it set up right the first call should issue an async + sync call and every call after that should just issue a sync encryption call.
 2009-07-01 02:34:32
A: 

Please refer this article which might help you.

http://webservices20.blogspot.com/2009/01/wcf-performance-gearing-up-your-service.html

Verybiztalker  2009-08-29 16:40:06
A: 

The additional SCT/RST calls are establishing the security context. If you recreate the proxy on each call, a security context is unneccesary overhead. Turn it off.

The way you use the factory is fine. However, your error handling and closing of the proxy is not. Make sure that you close or abort the proxy in any case. Check msdn for the recommended pattern.

Also can you provide some figures about how bad performance is?

Alex  2009-08-29 22:57:10

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability