<serviceToken> Element (Policy)
Specifies the X509SecurityToken security token that protects the SOAP messages.
<policies> Element
<policy> Element (Policy)
<anonymousForCertificateSecurity> Element
<serviceToken>
<x509 />
</serviceToken>
Attributes and Elements
Attributes
None.
Child Elements
| Element | Description |
|---|---|
Specifies details about a X509SecurityToken security token. |
Parent Elements
| Element | Description |
|---|---|
Represents a turnkey security assertion that uses an X509SecurityToken security token to protect SOAP messages. The client is not authenticated. WS-Security 1.1 is required for this assertion. |
|
Represents a turnkey security assertion that uses X509SecurityToken security tokens to authenticate the client and protect SOAP messages. WS-Security 1.0 and 1.1 can be used with this assertion. |
|
Represents a turnkey security assertion that uses X509SecurityToken security tokens to authenticate the client and protect SOAP messages. WS-Security 1.1 is required for this assertion. |
|
Represents a turnkey security assertion that uses an X509SecurityToken security token to protect SOAP messages. The client is authenticated using a UsernameToken security token. WS-Security 1.1 is required for this assertion. |
Remarks
Use the <serviceToken> element with the <anonymousForCertificateSecurity> Element, <mutualCertificate10Security> Element, <mutualCertificate11Security> Element, <usernameForCertificateSecurity> Element turnkey security assertions to specify the Web service's X509SecurityToken security token. WSE provides the <x509> Element (Policy) to specify the details of the security token.
The <serviceToken> element can only be used with one of the Turnkey Security Assertions. It does not work with custom security assertions.
Note
The child element of the <serviceToken> element is extensible. Instead of being one of the default child elements, the child element may be an element that represents a custom security token provider. The custom security token provider must be a generic type with an X509TokenProvider constraint. Additionally, the security token provider must be able to parse the custom XML element and be registered in the policy file using an <extension> Element.
Example
The following code example demonstrates how to secure a SOAP message exchange using an X509SecurityToken security token for protection and a UsernameToken security token for client authentication. The code example defines a policy assertion named ClientPolicy that specifies that a X509SecurityToken security token is used to digitally sign the SOAP message, and to encrypt the <body> element of the SOAP message. The keys used to generate the digital signature and encrypt the <body> element are not the same keys, but rather are derived from the same key. In the following code example, the user name and password need to be added in code.
<policies>
<extensions>
<extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="ClientPolicy">
<usernameForCertificateSecurity
establishSecurityContext="false"
renewExpiredSecurityContext="true"
signatureConfirmation="false"
protectionOrder="SignBeforeEncrypting"
deriveKeys="true" >
<serviceToken>
<x509
storeLocation="CurrentUser"
storeName="AddressBook"
findValue="CN=WSE2QuickStartServer"
findType="FindBySubjectDistinguishedName" />
</serviceToken>
<protection>
<request
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<response
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<fault
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="false" />
</protection>
</usernameForCertificateSecurity>
<requireActionHeader />
</policy>
</policies>
See Also
Reference
<x509> Element (Policy)
<protection> Element
<policy> Element
X509SecurityToken