You are creating a Windows Communication Foundation (WCF) service based on WSHttpBinding. New audit requirements dictate that callers must be authenticated on every call to ensure that their credentials have not been revoked.
You need to ensure that the service will not cache the security request token.
What should you do?

A.
Apply a ServiceBehavior attribute to the service implementation class with the InstanceContextMode property set to Single.

B.
In the message security configuration, change clientCredentialType from IssuedToken to UserName.

C.
In the message security configuration, set establishSecurityContext to false.

D.
At the end of every operation, call the SessionStateUtility.RaiseSessionEnd method.