Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Specifies the portions of SOAP responses that are signed or encrypted.
<policies> Element
<policy> Element (Policy)
<kerberosSecurity> Element
<protection> Element
<response signatureOptions encryptBody >
<signedHeader name namespace />
</response>
Attributes and Elements
Attributes
| Attribute | Description |
|---|---|
signatureOptions |
Required attribute. A comma-separated string of SOAP message parts to sign. IncludeAddressing specifies that the WS-Addressing headers are signed. IncludeTimestamp specifies that the timestamp element within the WS-Security header is signed. IncludeSoapBody specifies that the <body> element is signed. |
encryptBody |
Required attribute. Specifies whether the <body> element is encrypted. Possible values are true and false. |
Child Elements
| Element | Description |
|---|---|
Used in a policy assertion to specify the name of a custom SOAP header that is to be signed. |
Parent Elements
| Element | Description |
|---|---|
Specifies the portions of SOAP requests, SOAP responses, and SOAP faults sent to or from an endpoint that are signed or encrypted. |
Remarks
The <protection> Element element can be included in policy assertions other than the <kerberosSecurity> Element policy assertion. For more information, see <protection> Element.
Example
The following code example demonstrates how to secure one portion of an application that contains a Web service using a KerberosToken security token. The code example defines a policy assertion named kerberosAuthenticationKerberosProtection that specifies that a KerberosToken security token is used to encrypt the <body> element and to digitally sign the WS-Addressing headers, <body> element, and the timestamp for all SOAP responses.
<policies>
<extensions>
<extension name="kerberosSecurity"
type="Microsoft.Web.Services3.Design.KerberosAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="kerberos"
type="Microsoft.Web.Services3.Design.KerberosTokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="kerberosAuthenticationKerberosProtection">
<kerberosSecurity establishSecurityContext="false" signatureConfirmation="false" protectionOrder="SignBeforeEncrypting" deriveKeys="true">
<token>
<kerberos targetPrincipal="host/[email protected]" impersonationLevel="Identification" />
</token>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
</protection>
</kerberosSecurity>
<requireActionHeader />
</policy>
</policies>
See Also
Tasks
How to: Secure a Web Service Using a Policy File
Reference
<protection> Element
<signedHeader> Element
<request> Element
<fault> Element