Share via


Policy Extensions

To use a turnkey or custom security assertion, the type representing the assertion and any extensions that are associated with the assertion must be registered in the policy file using an <extension> Element. A policy extension deserializes child elements of a policy assertion, but not all child elements are handled by policy extensions—just those defined by the developer of the policy assertion. A policy extension allows code reuse for functionality that is shared between policy assertions. The type implementing the policy extension is specified using the type attribute for the <extension> Element.

The following example registers the <kerberosSecurity> Element turnkey security assertion and the <kerberos> Element policy extension, which is used by the <kerberosSecurity> Element turnkey security assertion.

<extensions>
  <extension name="kerberosSecurity"
             type="Microsoft.Web.Services3.Design.KerberosAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  <extension name="kerberos"
             type="Microsoft.Web.Services3.Design.KerberosTokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>

The <kerberos> Element policy extension is a type of policy extension that specifies security token requirements for the security assertion, which is known as a security token provider.

See Also

Concepts

Policy Assertions
Policy Files

Other Resources

Securing a Web Service