Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Specifies the X509SecurityToken security token that protects the SOAP messages.
<policies> Element
<policy> Element (Policy)
<anonymousForCertificateSecurity> Element
<serviceToken>
<x509 />
</serviceToken>
Attributes and Elements
Attributes
None.
Child Elements
| Element | Description |
|---|---|
Specifies details about a X509SecurityToken security token. |
Parent Elements
| Element | Description |
|---|---|
Represents a turnkey security assertion that uses an X509SecurityToken security token to protect SOAP messages. The client is not authenticated. WS-Security 1.1 is required for this assertion. |
|
Represents a turnkey security assertion that uses X509SecurityToken security tokens to authenticate the client and protect SOAP messages. WS-Security 1.0 and 1.1 can be used with this assertion. |
|
Represents a turnkey security assertion that uses X509SecurityToken security tokens to authenticate the client and protect SOAP messages. WS-Security 1.1 is required for this assertion. |
|
Represents a turnkey security assertion that uses an X509SecurityToken security token to protect SOAP messages. The client is authenticated using a UsernameToken security token. WS-Security 1.1 is required for this assertion. |
Remarks
Use the <serviceToken> element with the <anonymousForCertificateSecurity> Element, <mutualCertificate10Security> Element, <mutualCertificate11Security> Element, <usernameForCertificateSecurity> Element turnkey security assertions to specify the Web service's X509SecurityToken security token. WSE provides the <x509> Element (Policy) to specify the details of the security token.
The <serviceToken> element can only be used with one of the Turnkey Security Assertions. It does not work with custom security assertions.
Note
The child element of the <serviceToken> element is extensible. Instead of being one of the default child elements, the child element may be an element that represents a custom security token provider. The custom security token provider must be a generic type with an X509TokenProvider constraint. Additionally, the security token provider must be able to parse the custom XML element and be registered in the policy file using an <extension> Element.
Example
The following code example demonstrates how to secure a SOAP message exchange using an X509SecurityToken security token for protection and a UsernameToken security token for client authentication. The code example defines a policy assertion named ClientPolicy that specifies that a X509SecurityToken security token is used to digitally sign the SOAP message, and to encrypt the <body> element of the SOAP message. The keys used to generate the digital signature and encrypt the <body> element are not the same keys, but rather are derived from the same key. In the following code example, the user name and password need to be added in code.
<policies>
<extensions>
<extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="ClientPolicy">
<usernameForCertificateSecurity
establishSecurityContext="false"
renewExpiredSecurityContext="true"
signatureConfirmation="false"
protectionOrder="SignBeforeEncrypting"
deriveKeys="true" >
<serviceToken>
<x509
storeLocation="CurrentUser"
storeName="AddressBook"
findValue="CN=WSE2QuickStartServer"
findType="FindBySubjectDistinguishedName" />
</serviceToken>
<protection>
<request
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<response
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<fault
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="false" />
</protection>
</usernameForCertificateSecurity>
<requireActionHeader />
</policy>
</policies>
See Also
Reference
<x509> Element (Policy)
<protection> Element
<policy> Element
X509SecurityToken