Hello
Envelopes are a kind of ‘converters’ applied to incoming data stream to somehow convert it. If incoming stream is not marked as containing AES encrypted data then AES conversion is not applied to it.
When server sends data back to the client it applies all defined envelopes to the data stream.
The purpose of AES envelope is not to prevent server method calls if incoming request is not encrypted. Its purpose is to secure client-server communication.
That said, AES envelopes are considered obsolete because of the need to store password in the client app which makes them vulnerable. It is better to consider to switch to SSL/TLS traffic encryption instead.
Regards