Share via


<x509> Element (Policy)

Specifies the details for creating a new X509SecurityToken instance.

<policies> Element
  <policy> Element (Policy)
    <anonymousForCertificateSecurity> Element
      <serviceToken> Element (Policy)

<x509
  findType
  findValue
  storeLocation="LocalMachine|CurrentUser"
  storeName
/>

Microsoft.Web.Services3.Design.X509TokenProvider

Attributes and Elements

Attributes

Attribute Description

findType

One of the System.Security.Cryptography.X509Certificates.X509FindType values that specifies how to find the certificate in the certificate store. Possible values are FindByApplicationPolicy, FindByCertificatePolicy, FindByExtension, FindByIssuerDistinguishedName, FindByIssuerName, FindByKeyUsage, FindBySerialNumber, FindBySubjectDistinguishedName, FindBySubjectKeyIdentifier, FindBySubjectName, FindByTemplateName, FindByThumbprint, FindByTimeExpired, FindByTimeNotYetValid, and FindByTimeValid.

findValue

The value to search for in the certificate store.

storeLocation

One of the System.Security.Cryptography.X509Certificates.StoreLocation values that specifies the location of the X.509 certificate store. Possible values are CurrentUser and LocalMachine.

storeName

One of the System.Security.Cryptography.X509Certificates.StoreName values that specifies the name of the certificate store. Possible values are AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, and TrustedPublisher. The AddressBook store is the same store that is displayed in the Certificates MMC as OtherPeople.

Child Elements

None

Parent Elements

Element Description

<clientToken> Element

Specifies the security token that authenticates the client.

<serviceToken> Element (Policy)

Specifies the X509SecurityToken security token that protects the SOAP message.

Remarks

The following turnkey assertions use the <x509> element:

Example

The following code example demonstrates how to search for an X.509 certificate in the My certificate store for the LocalMachine using the FindBySubjectDistinguishedName method.

<policies>
  <extensions>
    <extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="requireActionHeader"
               type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </extensions>
  <policy name="ServerPolicy">
    <usernameForCertificateSecurity 
      establishSecurityContext="false" 
      renewExpiredSecurityContext="true" 
      signatureConfirmation="false" 
      protectionOrder="SignBeforeEncrypting" 
      deriveKeys="true" >
      <serviceToken>
        <x509
          storeLocation="LocalMachine"
          storeName="My"
          findValue="CN=WSE2QuickStartServer"
          findType="FindBySubjectDistinguishedName" />
      </serviceToken>
      <protection>
        <request
          signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
          encryptBody="true" />
        <response 
          signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
          encryptBody="true" />
        <fault
          signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
          encryptBody="false" />
      </protection>
    </usernameForCertificateSecurity>
    <requireActionHeader />
  </policy>
</policies>

See Also

Tasks

How to: Secure a Web Service Using a Policy File

Reference

<serviceToken> Element (Policy)

Concepts

Turnkey Security Assertions