Share via


<extensions> Element

Specifies a set of policy extensions that are used to define the policy assertions for the application.

<policies> Element

<extensions>
  <extension name type />
</extensions>

Attributes and Elements

Attributes

None.

Child Elements

Element Description

<extension> Element

Required element. Specifies a policy extension.

Parent Elements

Element Description

<policies> Element

The root element for a policy file.

Remarks

Within a policy file, policy assertions are defined using standard or custom security assertions and security token providers that are specified in an <extension> Element child element of an <extensions> Element element. For example, the <usernameForCertificateSecurity> Element element is a standard security assertion that specifies that a UsernameToken security token is used to authenticate the client and that an X509SecurityToken security token is used to authenticate the server and to sign and encrypt the SOAP messages between the two endpoints. To use this standard security assertion, add <usernameForCertificateSecurity> Element, <x509> Element (Policy), and <username> Element child elements to the <extensions> Element element. The <x509> and <username> element are security token providers that are required by the <usernameOverX509Security> element.

Example

The following code example demonstrates how one might secure one portion of a client to Web service application using the combination of a username and password and an X.509 certificate. The code example defines a policy assertion named usernameAuthenticationX509Protection that specifies that a UsernameToken security token is used to authenticate the client and that an X509SecurityToken security token is used to authenticate the server and to sign and encrypt the SOAP messages between the client and the Web service.

Note

This code example is designed to demonstrate WSE features and is not intended for production use.

<policies>
  <extensions>
    <extension name="usernameOverX509Security"
               type="Microsoft.Web.Services3.Design.UsernameOverX509Assertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="x509"
               type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="requireActionHeader"
               type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </extensions>
  <policy name="usernameAuthenticationX509Protection">
    <usernameOverX509Security 
      establishSecurityContext="true"
      signatureConfirmation="false"
      protectionOrder="SignBeforeEncrypting"
      deriveKeys="true">
      <serviceToken>
        <x509 storeLocation="LocalMachine"
              storeName="My"
              findValue="CN=books.contoso.com"
              findType="FindBySubjectDistinguishedName" />
      </serviceToken>
      <protection>
        <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" 
                 encryptBody="true" />
        <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
                  encryptBody="true" />
        <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
                  encryptBody="false" />
      </protection>
    </usernameOverX509Security>
    <requireActionHeader />
  </policy>
</policies>

See Also

Reference

<extension> Element
<policies> Element