When I talked about transferring large messages with WCF, I neglected to cover how security interacts with streamed messages.

A number of V1 binding elements require message buffering. For example, WS-RM (ReliableSessionBindingElement) buffers messages so that it can retry sends when they fail. The integrity (signing) protocol provided by WS-Security requires buffering of the message since the signature is stored in a message header (and headers are sent out prior to the streamed body).

The system provided bindings in V1 that support streaming are BasicHttpBinding, NetTcpBinding, and NetNamedPipeBinding. To enable bidirectional transport-level streaming, set the TransferMode on your binding to TransferMode.Streamed. Alternatively, if you only require streaming in one direction, you can set the TransferMode value to TransferMode.StreamedRequest or TransferMode.StreamedResponse.

Transport-level streaming will work with Transport security. It will also work with “mixed-mode” security: where authentication is provided by WS-Security, but confidentiality and integrity are provided by the transport.

If you want to use full WS-Security, then you would need app-level “chunking” or a chunking protocol at the channel-layer.