Hi everyone

I have a solution based on Secure Conversation using a Security Context
Token Service (which is just a web service) that gives out SCT's, a client
program gets the issued SCT. But the problem I have is can this client then
hold Secure Conversations with one or a number of other web services.

I have another web service the client signs and encrypts the message and
attempts to send the response to the web service but I get the following

Error "System.Security.Cryptography.CryptographicException: WSE523: The
CipherData contents are invalid"

I have read that much between blogs and MSDN, im all read out lol, BUT! I
can call a web method within the SCTS web service from the client. From my
understanding from what I have read when the Security Context Token is cached
it is cached in the AppDomain for the SCTS web service now that explains why
I can call the Web Method from the client and it works but when I call the
second Web Service it cannot access the AppDomain cache to check the SCT.
THEREFORE through WS-SecureConversation does all your Web Methods which the
client will call and sign and encrypt messages have to reside in the SCTS Web

Or can the client call as many other Web Services that are required of
course that reside on the same Server (have seen the implementations for web

So please please put me out of my misery can a client have a
SecureConversation with more than one Web Service and if they can how?

Thanks in advance