You are creating a Windows Communication Foundation (WCF) service based on WSHttpBinding.
New audit requirements dictate that callers must be authenticated on every call to ensure that their credentials have not been revoked.
You need to ensure that the service will not cache the security request token. What should you do?

A.
Apply a ServiceBehavior attribute to the service implementation class with the lnstanceContextMode property set to Single.

B.
In the message security configuration, change clientCredentialType from lssuedToken to UserName

C.
In the message security configuration, set establishSecurityContext to false.

D.
At the end of every operation, call the SessionStateUtility.RaiseSessionEnd method.

Explanation:
SecurityPolicyAssertion.EstablishSecurityContext Property
Gets or sets a value indicating whether a secure conversation is established using SecurityContextToken security tokens.

SecurityContextToken Class Represents a security context token, which is a used for signing and/or encrypting SOAP messages.

The RaiseSessionEnd() method is used by a session-state module to execute the Session_OnEnd event defined in
the Global.asax file for an ASP.NET application. A session-state module will call the RaiseSessionEnd method
when a session has been abandoned, or if the session expires.

SecurityPolicyAssertion.EstablishSecurityContext Property
(http://msdn.microsoft.com/en-us/library/microsoft.web.services3.design.securitypolicyassertion.establishsecuritycontext.aspx)