How to: Specify Security Token Requirements

The following procedure shows how to specify security token requirements.

To declare security token requirements

• Add a <SecurityToken> Element element.

Example

The following code example is a policy file containing a declaration for the policy that specifies that a message requires a UsernameToken security token.

<?xml version="1.0" encoding="utf-8" ?>
<policyDocument xmlns="https://schemas.microsoft.com/wse/2003/06/Policy">
  <mappings>
    <endpoint uri="http://www.cohowinery.com/Service1.asmx">
  </mappings>
  <policies 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    xmlns:wssp="https://schemas.xmlsoap.org/ws/2002/12/secext" 
    xmlns:wsp="https://schemas.xmlsoap.org/ws/2002/12/policy">
    <wsp:Policy wsu:Id="signed-body-username">
      <Integrity wsp:Usage="wsp:Required" 
        xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
        <TokenInfo>
          <wssp:SecurityToken>
            <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken</wssp:TokenType>
            <wssp:Claims>
              <wssp:SubjectName>SomeUsername</wssp:SubjectName>
              <wssp:UsePassword Type="wssp:PasswordDigest" wsp:Usage="wsp:Required" />
            </wssp:Claims>
          </wssp:SecurityToken>
        </TokenInfo>
        <MessageParts xmlns:rp="https://schemas.xmlsoap.org/rp" 
          Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">
          wsp:Body()
        </MessageParts>
      </Integrity>
    </wsp:Policy>
  </policies>
</PolicyDocument>

See Also

Tasks

How to: Declare a Policy

Concepts

Policy Overview

Other Resources

Configuring a Web Service's Policy