Lazy n Reclined \o_/_

Tuesday, October 4, 2016

Data structure - Deque

DEQUE

Double-ended queue (or Deque pronounced as “Deck”) is an data structure where items can be added to or removed from any end. It is implemented as Linked List with head and tail. Deque is used for maintaining a LRU cache.

Data structures - Binary Search Trees (BST)

BINARY SEARCH TREES (BSTs)

Useful for searching, inserting, deleting in O(logn) time.

BST property – ALL nodes (not just immediate) left of a particular intermediate node (x) will be smaller than x.

ALL nodes (not just immediate) right of a particular intermediate node (x) will be greater than x.

Sorted Arrays (Binary Search) are good for searching but bad for insertion (requires shifting of elements). Linked Lists are good for insertions but searching is bad/slow. BST offers best of both worlds where searching as well as addition/deletion happens in O(logn) time. It also solves the next greater (successor) and next smaller (predecessor) problem.

Another use case for BST – Designing a Runway management system. You need to manage landing times of an incoming aircraft. There is a pool of times (numbers). You can only add (or allow the aircraft) the incoming time/number if there is NO existing numbers within ‘k’ limit. These kind of problems require insertion/deletion/searching. Even a dictionary will not solve this problem because of the ‘k’ margin. Dictionaries are good of searching ONLY A PARTICULAR VALUE. (NOT CHECK WHETHER IT LIES IN A RANGE). Taken from - https://www.youtube.com/watch?v=9Jry5-82I68

Successor (or next big) – Successor of x can be found be looking right. If the right of x (lets call it r) does not have any left child i.e. ‘r’ might have a long list of right children but if it doesn’t have a left child – then r is the successor of x.

Otherwise – left of left of left of left of left……… till NULL IS THE successor x. (LAST node along left direction).

If there is nothing on right of ‘x’…go parent of parent of parent of…… UNTIL YOU GET A FORWARD SLASH.(/)

Predecessor (or next small) – SIMILAR approach as above. Start by looking left. If it has a right child. Go right of right of right of… till NULL.

If there is nothing on left, go parent of parent of parent of….UNTIL YOU GET A BACKWARD SLASH (\).

INORDER TREE WALK – x.left,x,x.right

PREORDER TREE WALK – x,x.left,x.right

POSTORDER TREE WALK – x.left,x.right,x

PRINTING LEVEL BY LEVEL – can be done using a Queue.

Diameter – max(u,v) {{{ where u and v are leaf nodes }}}

Formula – max( (lheight+rheight+1) , (ldiameter + rdiameter) )

DELETION OF NODE IN A BST– (MOST COMPLEX)

There are 3 cases. The third case has 2 subcases.

Case 1 – The node being deleted is a leaf node. (easy)

Case 2 – The node being deleted has only 1 child (i.e either left child or right child). This needs JUST TRANSPLANT (no pointer update).

Case 3 - The node being deleted has BOTH left and right children. In this case, pictorially, we replace the node with its successor (defined above). Pictorially that is it. Algorithmically it is tough.

Case 3 has 2 sub-cases.

a) The right child itself IS THE SUCCESSOR.

b) The SUCCESSOR is different from the right child and is SOMEWHERE IN THE LEFT (left of left of left…. TILL NULL). This will happen IF THE RIGHT CHILD HAS A LEFT CHILD.

For case a – We need a TRANSPLANT and updating pointers of the node being replaced.

For case b – We need to do couple things –

§ TRANSPLANT SUCCESSOR WITH SUCCESSOR.RIGHT

§ get the SUCCESSOR to the TOP

§ Run steps for case a

NOTE – TRANSPLANTING TAKES CARE OF UPDATING PARENT POINTERS BUT YOU NEED TO TAKE CARE OF LEFT/RIGHT CHILD POINTERS YOURSELF.

Case 3a and 3b can be pictorially represented by –

Algorithms - Quicksort

QUICKSORT

Excellent explanation at https://www.youtube.com/watch?v=3DV8GO9g7B4

The fundamentals of Quicksort lies in finding the PIVOT (done using the partition method). At the end of partition call, the “pivot” number is PUT IN THE CORRECT LOCATION IN THE ARRAY. i.e To the left of pivot all elements are smaller or equal to it and to the right of the pivot, all elements are bigger than it. The same is repeated on left of the pivot and right of the pivot recursively.

Best case – O(nlogn)

Worst case – O(n²). This can be mitigated by doing a randomization of the array before the operation. (so that its not sorted by chance).

UNLIKE MERGESORT WHERE BOTH BEST AND WORST CASE IS O(nlogn)

Python implementation –

def partition(A,p,r):

x = A[r]

i = p-1

j = p

while (j<=r-1):

if A[j] <= x:

i=i+1

A[i],A[j] = A[j],A[i]

j=j+1

A[i+1],A[r] = A[r],A[i+1]

return i+1

def quicksort(A,p,r):

if (p<r):

q = partition(A,p,r)

quicksort(A,p,q-1)

quicksort(A,q+1,r)

inputlist = [343,454,232,56565,3432,1,444,454,232,233,4,5,78,]

quicksort(inputlist,0,len(inputlist) - 1)

print inputlist

Practical application of Quicksort -

1) Find the kth largest element in an array (known as QUICKSELECT). Quickselect is LINEAR on average.

2) Quicksort (randomized) is 39% faster than Mergesort and doesn’t use any auxiliary extra space.

Program for QuickSelect (find kth largest value)

def partition(A, p, r):

j = p

i = j - 1;

x = A[r]

while (j <= r - 1):

if (A[j] <= x):

i += 1

A[i], A[j] = A[j], A[i]

j += 1

A[i + 1], A[r] = A[r], A[i + 1]

return i + 1;

def quickselect(A, p, r, k, output): #to find kth largest number using quicksort like technique.

if (p <= r):

q = partition(A, p, r)

if (q == k -1):

output = A[q]

elif (k - 1 < q):

output = quickselect(A, p, q - 1, k, output)

else:

output = quickselect(A, q + 1, r, k, output)

return output

A = [12, 4, 45, 2, 1, 88, 90, 15, 18]

kthvalue = quickselect(A, 0, len(A) - 1, 3, "Not found") #find the kth largest value

print(kthvalue)

Tool to create Parameters.xml and SetParameters.xml for MS Web deploy

Tool to create Parameters.xml and SetParameters.xml for MS Web deploy

While automating builds and deployments, there is a need to create two xml files used by MS web deploy. Using the below program in a console application, can produce the desired files in output. It needs a sample web.config for its input. Both of them are configurable items.

--------------------------------------------program.cs----------------------------------------------

using System;
using System.Collections.Generic;
using System.Configuration;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Xml.Linq;

namespace WebDeployParamsFileCreation
{
class Program
{
static void Main(string[] args)
{
string paramFile = String.Concat(ConfigurationManager.AppSettings["WebDeployParamFileLocation"], "Parameters.xml");
string setParamFile = String.Concat(ConfigurationManager.AppSettings["WebDeployParamFileLocation"], "SetParameters.xml");

string paramFileContents = GetParamFileContents().Item1;
string setParamFileContents = GetParamFileContents().Item2;

File.WriteAllText(paramFile, paramFileContents);
File.WriteAllText(setParamFile, setParamFileContents);
}

private static Tuple<string, string> GetParamFileContents()
{
StringBuilder sbParamFileContents = new StringBuilder();
sbParamFileContents.AppendLine("<?xml version=\"1.0\" encoding=\"utf-8\" ?>");
sbParamFileContents.AppendLine("<parameters>");

StringBuilder sbSetParamFileContents = new StringBuilder();
sbSetParamFileContents.AppendLine("<?xml version=\"1.0\" encoding=\"utf-8\" ?>");
sbSetParamFileContents.AppendLine("<parameters>");

var webconfig = XDocument.Load(ConfigurationManager.AppSettings["WebConfigFileLocation"]);

#region AppSettings
sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");
var appSettings = from c in webconfig.Root.Descendants("appSettings").Descendants()
select c;
foreach (var item in appSettings)
{
var keyName = item.Attribute("key").Value;
var val = item.Attribute("value").Value;

//Parameters.xml
sbParamFileContents.AppendLine("<parameter name=\"AppSettings - " + keyName + "\" description=\"\" defaultValue=\"\">");
sbParamFileContents.AppendLine("<parameterEntry kind=\"XmlFile\" scope=\"Web.config\" match=\"/configuration/appSettings/add[@key='" + keyName + "']/@value\" />");
sbParamFileContents.AppendLine("</parameter>");

//SetParameters.xml
sbSetParamFileContents.AppendLine("<setParameter name=\"AppSettings - " + keyName + "\" value=\"" + val + " \"/>");

}
sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");
#endregion

sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");

#region Client EndPoints
sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");
var clientEndpoints = from c in webconfig.Root.Descendants("system.serviceModel").Descendants("client").Descendants()
select c;
foreach (var item in clientEndpoints)
{
var endpointName = item.Attribute("name").Value;
var address = item.Attribute("address").Value;

//Parameters.xml
sbParamFileContents.AppendLine("<parameter name=\"Client Endpoint - " + endpointName + "\" description=\"\" defaultValue=\"\">");
sbParamFileContents.AppendLine("<parameterEntry kind=\"XmlFile\" scope=\"Web.config\" match=\"/configuration/system.serviceModel/client/endpoint[@name='" + endpointName + "']/@address\" />");
sbParamFileContents.AppendLine("</parameter>");

//SetParameters.xml
sbSetParamFileContents.AppendLine("<setParameter name=\"Client Endpoint - " + endpointName + "\" value=\"" + address + "\" />");
}
sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");
#endregion

sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");

#region Log4Net
sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");
var log4netAppender = from c in webconfig.Root.Descendants("log4net").Descendants()
where c.Name == "appender"
select c;
foreach (var item in log4netAppender)
{
var appenderType = item.Attribute("type").Value;
var appenderName = item.Attribute("name").Value;

if (appenderType == "log4net.Appender.RollingFileAppender")
{
//Parameters.xml
if (item.Descendants("file").Count() != 0) //two ways of representing the same thing in log4net.
{
sbParamFileContents.AppendLine("<parameter name=\"Log4net - " + appenderName + " - File Location\" description=\"\" defaultValue=\"\">");
sbParamFileContents.AppendLine("<parameterEntry kind=\"XmlFile\" scope=\"Web.config\" match=\"/configuration/log4net/appender[@name='" + appenderName + "']/file/@value\" />");
sbParamFileContents.AppendLine("</parameter>");
}
else
{
sbParamFileContents.AppendLine("<parameter name=\"Log4net - " + appenderName + " - File Location\" description=\"\" defaultValue=\"\">");
sbParamFileContents.AppendLine("<parameterEntry kind=\"XmlFile\" scope=\"Web.config\" match=\"/configuration/log4net/appender[@name='" + appenderName + "']/param[@name='File']/@value\" />");
sbParamFileContents.AppendLine("</parameter>");

}

//SetParameters.xml
string val = "";
if (item.Descendants("file").Count() != 0)
{
val = item.Descendants("file").First().Attribute("value").Value;
}
else
{
val = item.Descendants("param").Where(x => x.Attribute("name").Value == "File").First().Attribute("value").Value;
}
sbSetParamFileContents.AppendLine("<setParameter name=\"Log4net - " + appenderName + " - File Location\" value=\"" + val + "\" />");

}
else if (appenderType == "log4net.Appender.AdoNetAppender")
{
//Parameters.xml
sbParamFileContents.AppendLine("<parameter name=\"Log4net - " + appenderName + " - ConnectionString\" description=\"\" defaultValue=\"\">");
sbParamFileContents.AppendLine("<parameterEntry kind=\"XmlFile\" scope=\"Web.config\" match=\"/configuration/log4net/appender[@name='" + appenderName + "']/connectionString/@value\" />");
sbParamFileContents.AppendLine("</parameter>");

//SetParameters.xml
var val = item.Descendants("connectionString").First().Attribute("value").Value;
sbSetParamFileContents.AppendLine("<setParameter name=\"Log4net - " + appenderName + " - ConnectionString\" value=\"" + val + "\" />");
}
else if (appenderType == "log4net.Appender.SmtpAppender")
{
//Parameters.xml
sbParamFileContents.AppendLine("<parameter name=\"Log4net - " + appenderName + " - MailTo\" description=\"\" defaultValue=\"\">");
sbParamFileContents.AppendLine("<parameterEntry kind=\"XmlFile\" scope=\"Web.config\" match=\"/configuration/log4net/appender[@name='" + appenderName + "']/to/@value\" />");
sbParamFileContents.AppendLine("</parameter>");

//SetParameters.xml
var val1 = item.Descendants("to").First().Attribute("value").Value;
sbSetParamFileContents.AppendLine("<setParameter name=\"Log4net - " + appenderName + " - MailTo\" value=\"" + val1 + "\" />");

//Parameters.xml
sbParamFileContents.AppendLine("<parameter name=\"Log4net - " + appenderName + " - MailFrom\" description=\"\" defaultValue=\"\">");
sbParamFileContents.AppendLine("<parameterEntry kind=\"XmlFile\" scope=\"Web.config\" match=\"/configuration/log4net/appender[@name='" + appenderName + "']/from/@value\" />");
sbParamFileContents.AppendLine("</parameter>");

//SetParameters.xml
var val2 = item.Descendants("from").First().Attribute("value").Value;
sbSetParamFileContents.AppendLine("<setParameter name=\"Log4net - " + appenderName + " - MailFrom\" value=\"" + val2 + "\" />");
}
else
{
throw new Exception("Code generation failed as there is no configuration for " + appenderType);
}
}
sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");
#endregion

sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");

#region EL Logging
sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");
var elLoggingListeners = from c in webconfig.Root.Descendants("loggingConfiguration").Elements()
where c.Name == "listeners"
select c;
elLoggingListeners = elLoggingListeners.Descendants();
foreach (var item in elLoggingListeners)
{
var listenerType = item.Attribute("type").Value;
var listenerName = item.Attribute("name").Value;
if (listenerType.Contains("Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener"))
{
//Parameters.xml
sbParamFileContents.AppendLine("<parameter name=\"EL - " + listenerName + " - File Location\" description=\"\" defaultValue=\"\">");
sbParamFileContents.AppendLine("<parameterEntry kind=\"XmlFile\" scope=\"Web.config\" match=\"/configuration/loggingConfiguration/listeners[@add='" + listenerName + "']/@fileName\" />");
sbParamFileContents.AppendLine("</parameter>");

//SetParameters.xml
var val = item.Attribute("fileName").Value;
sbSetParamFileContents.AppendLine("<setParameter name=\"EL - " + listenerName + " - File Location\" value=\"" + val + "\" />");

}
else if (listenerType.Contains("Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.EmailTraceListener"))
{
//Parameters.xml
sbParamFileContents.AppendLine("<parameter name=\"EL - " + listenerName + " - MailTo\" description=\"\" defaultValue=\"\">");
sbParamFileContents.AppendLine("<parameterEntry kind=\"XmlFile\" scope=\"Web.config\" match=\"/configuration/loggingConfiguration/listeners[@add='" + listenerName + "']/@toAddress\" />");
sbParamFileContents.AppendLine("</parameter>");

//SetParameters.xml
var val = item.Attribute("toAddress").Value;
sbSetParamFileContents.AppendLine("<setParameter name=\"EL - " + listenerName + " - MailTo\" value=\"" + val + "\" />");

//Parameters.xml
sbParamFileContents.AppendLine("<parameter name=\"EL - " + listenerName + " - MailFrom\" description=\"\" defaultValue=\"\">");
sbParamFileContents.AppendLine("<parameterEntry kind=\"XmlFile\" scope=\"Web.config\" match=\"/configuration/loggingConfiguration/listeners[@add='" + listenerName + "']/@fromAddress\" />");
sbParamFileContents.AppendLine("</parameter>");

//SetParameters.xml
var val2 = item.Attribute("fromAddress").Value;
sbSetParamFileContents.AppendLine("<setParameter name=\"EL - " + listenerName + " - MailFrom\" value=\"" + val2 + "\" />");

//Parameters.xml
sbParamFileContents.AppendLine("<parameter name=\"EL - " + listenerName + " - SubjectLineStarter\" description=\"\" defaultValue=\"\">");
sbParamFileContents.AppendLine("<parameterEntry kind=\"XmlFile\" scope=\"Web.config\" match=\"/configuration/loggingConfiguration/listeners[@add='" + listenerName + "']/@subjectLineStarter\" />");
sbParamFileContents.AppendLine("</parameter>");

//SetParameters.xml
var val3 = item.Attribute("subjectLineStarter").Value;
sbSetParamFileContents.AppendLine("<setParameter name=\"EL - " + listenerName + " - SubjectLineStarter\" value=\"" + val3 + "\" />");
}
else
{
throw new Exception("Code generation failed as there is no configuration for " + listenerType);
}
}
sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");
#endregion

sbParamFileContents.AppendLine("");
sbSetParamFileContents.AppendLine("");

#region ConnectionStrings-SetParameters Only
sbSetParamFileContents.AppendLine("");
var connectionStrings = from c in webconfig.Root.Descendants("connectionStrings").Descendants()
select c;
foreach (var item in connectionStrings)
{
var connectionStringName = item.Attribute("name").Value;
var connectionStringValue = item.Attribute("connectionString").Value;
connectionStringValue = connectionStringValue.Replace("\"", @""");

//SetParameters.xml
sbSetParamFileContents.AppendLine("<setParameter name=\"" + connectionStringName + "-Web.config Connection String\" value=\"" + connectionStringValue + " \"/>");

}
sbSetParamFileContents.AppendLine("");
#endregion

sbParamFileContents.AppendLine("</parameters>");
sbSetParamFileContents.AppendLine("</parameters>");
return new Tuple<string, string>(sbParamFileContents.ToString(), sbSetParamFileContents.ToString());
}
}

}

----------------------------------------------config file--------------------------------------------

<?xml version="1.0" encoding="utf-8" ?>

</startup>

</appSettings>

</configuration>

----------------------------------------------------------------------------------------------------

Sunday, September 4, 2016

Algorithms - Heaps

Heaps – Heap is a form of binary tree. Its underlying data structure can be a list with children nodes in 2k+1 and 2k+2 position It could be a max-heap or min-heap.

A max-heap is kind of heap with top node (root node) having the maximum value. At any index i, a max-heap would have element[i] greater than its children.

Heap (minheap) provide optimal time for all three – insert, findminimum, deleteminimum.

The children index (2i and 2i + 1) can found very easily as multiplying by 2 is nothing BUT LEFT SHIFT. Parent on the other hand(i/2) can be found using RIGHT SHIFT.

Priority queues are implemented using heaps. (min-heap).

MAX-HEAPIFY – This operation when done on a list A in position i i.e MAX-HEAPIFY(A,i) brings the ith element “downwards” (if it is smaller), so the subtree rooted at i obeys MAX HEAP PROPERTY.

Implementation of MAX-HEAPIFY in Python –

def max_heapify(A, i):

left = 2 * i + 1

right = 2 * i + 2

largest = i

if left < len(A) and A[left] > A[largest]:

largest = left

if right < len(A) and A[right] > A[largest]:

largest = right

if largest != i:

A[i], A[largest] = A[largest], A[i]

max_heapify(A, largest)

The complexity of MAX-HEAPIFY is O(logn).

To build a MAX-HEAP, you run MAX-HEAPIFY on the lower nodes (having children) UPTO to the top node. There is no point in running MAX-HEAPIFY on bottommost children nodes.

So for array of size n, you run MAX-HEAPIFY from floor(n/2) till the top node (i.e n=0). Below is the implementation –

def buildmaxheap(list):

i=int(len(list)/2)

while (i>=0):

max_heapify(list,i)

i=i-1

The above is the fundamental step of heapsort.

Following steps are done in heapsort –

1) Build max-heap (A)

2) From last element to i=1, loop

3) Exchange current element with A[0] //top most element.

4) Reduce heap-size, so that the last element is disconnected.

5) Run MAX-HEAPIFY(A,0)

Below is the implementation –

i = len(list)

list2 = []

while (i>0):

list[i-1],list[0] = list[0],list[i-1]

list2.append(list.pop())

max_heapify(list,0)

i = i-1

The complexity of heapsort is O(nlogn) as we running MAX-HEAPIFY O(logn) (n-1) times.

Saturday, June 18, 2016

SQL Server cell level encryption. Backup/Restore scenario. Lost DMK password scenario

----------------------------Steps to achieve cell level encryption---------------------------------------

--CREATE MASTER KEY ENCRYPTION BY
--PASSWORD = 'myPass'
--GO

--CREATE CERTIFICATE EncDemoCert
-- WITH SUBJECT = 'Enc Demo SSN Encryption';
--GO

--CREATE SYMMETRIC KEY EncDemoSSNKey
-- WITH ALGORITHM = DES
-- ENCRYPTION BY CERTIFICATE EncDemoCert;
--GO

--Alter table Customer add EncSSN varbinary(500) null

--OPEN SYMMETRIC KEY EncDemoSSNKey
--DECRYPTION BY CERTIFICATE EncDemoCert;
--UPDATE Customer
--SET [EncSSN] = EncryptByKey(Key_GUID('EncDemoSSNKey'), convert(varchar,SSN))
--CLOSE SYMMETRIC KEY EncDemoSSNKey

select * from Customer

--OPEN SYMMETRIC KEY EncDemoSSNKey
--DECRYPTION BY CERTIFICATE EncDemoCert;
--select *
--, CONVERT(VARCHAR, DecryptByKey(EncSSN)) as test
--from Customer
--CLOSE SYMMETRIC KEY EncDemoSSNKey

--------------------------------------Backup Restore scenario---------------------------------------

Lets say the database where encryption is done needs to backed-up and restored. In a full-backup scenario, the DMK and symmetric keys are also automatically backed-up and restored in the target server.

However to use it the DMK has be regenerated using the following queries -

OPEN MASTER KEY DECRYPTION BY PASSWORD = 'myPass';

ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = 'myPass_New';

CLOSE MASTER KEY;

----------Backup Restore scenario - Source DB server DMK password lost-----------------

If the source server DMK password (myPass in this case) is lost, then a new password can be added to its database master key using the following query in the SOURCE server-

ALTER MASTER KEY

ADD ENCRYPTION BY PASSWORD = 'myPass_New2'.

After the above query, take the backup of the database, restore it in the target server use the queries mentioned above in the "Backup Restore scenario"

-----------------------------------------Side Note------------------------------------------------------

You have some data in SQL Server encrypted with cert > key > DMK. (all at DB level, not server level)
If you run the following 2 commands, SQL Server will not allow -
--DROP CERTIFICATE EncDemoCert
--DROP MASTER KEY

However if you run the following query
--DROP SYMMETRIC KEY EncDemoKey
the symm key will be deleted permanently and all the encrypted data can NEVER be recovered.

So it is always advisable to backup the certificate and keys to a physical file.

(https://msdn.microsoft.com/en-IN/library/ms178578.aspx)

WCF Security Notes

SYMMETRIC BINDING (WHEN ONLY SERVER HAS THE X509 CERT)

In case of derived key scenario –

2 keys are generated from symmetric key (derived keys). 1 key is used for encryption, while the other is used for signing. The client encrypt both derived keys.

ASYMMETRIC BINDING ( BOTH CLIENT AND SERVER HAVE X509 CERT)

Although Derived keys can be used for Asymm binding as well, it will be of no use as Encryption and Signing are already happening with different keys.

If you want to use Asymmetric binding, you can ONLY do it via code. Only configuration will not suffice.

First create a custom binding inheriting from Binding class. Then add a BindingExtension and use that bindingextension in the endpoint binding configuration.

WCF by default uses SYMMETRIC KEY with DERIVED KEYS on. You cannot switch to make DERIVED KEYS off UNLESS you make a ‘custom binding’.

Best of both worlds –

If negotiateServiceCredential=”true”, then the public key is given to the Client in the beginning of the transaction, however note that IT IS NOT INTEROPERABLE.

To make it interoperable, public key has to given to client by out-of-band mechanism.

Since client has the public key part of the certificate, it can verify the service (by the checking the trusted CA store). Client authenticates the server by using the <identity> element inside <client> element.

Note – Even if the ProtectionLevel of a operation is set to None, its body will be in clear text BUT its message header will have an encrypted section as client credentials are being passed.

Even if client has its own pvk key for authentication to service, WCF defaults to Symmetric binding with DERIVED keys. If you want to override this behavior (i.e use asymmetric binding), you have programmatically create a custom binding and use it client and service end.