<securityTokenManager> Element
Specifies a user supplied custom security token manager for an XML-based security token.
<microsoft.web.services2> Element
<security> Element
<securityTokenManager qname type >
<cacheLimit />
<generationLimit />
<keyAlgorithm name />
<label />
<offsetLimit />
<renewalWindowInSeconds />
<replayDection enabled windowInSeconds />
</securityTokenManager >
Attributes and Elements
Attributes
| Attribute | Description |
|---|---|
Qname |
Required attribute. An XML qualified name that identifies the security token type within a SOAP message. |
Type |
Required attribute. The fully qualified type name of the custom security manager. |
Child Elements
| Element | Description |
|---|---|
Optional element. Sets the limit on the number of security tokens that are cached. |
|
Optional element. For DerivedKeyToken security tokens, specifies the maximum position at which the derived key is located in the byte stream for a serialized security token. |
|
Optional element. Specifies the key algorithm used by a security token. |
|
Optional element. Specifies the label parameter in the key generation algorithm for UsernameToken security tokens. |
|
Optional element. For DerivedKeyToken security tokens, specifies the maximum position at which the derived key is located in the byte stream for a serialized security token. |
|
Optional element. For SecurityContextToken security tokens, specifies the period of time immediately prior to expiration, in which the security can be renewed. |
|
Optional element. Controls whether to enable replay detection against the UsernameToken nonce for a period of time. |
Parent Elements
| Element | Description |
|---|---|
Controls the security settings for a WSE application. |
Remarks
When a security token is received by WSE that it does not natively support, WSE looks to see if a security token manager has been configured to handle that type of security token. WSE looks for a <securityTokenManager> element with a qname attribute that matches the element representing the security token within the WS-Security SOAP header. When there is a match, WSE calls the type specified in the type attribute of the <securityTokenManager> to handle the security token.
Similarly, the <securityTokenManager> element can be used to register security token managers that override the default behavior of natively supported security tokens. For example, if you are using UsernameToken security tokens and you do not want WSE to authenticate the user name and password against an Windows user account, you can create and register a custom security token manager that authenticates the user name using a database of user name and password combinations. For more information about using UsernameToken security tokens, see How to: Verify Digital Signatures of SOAP Messages Signed Using a User Name and Password.
Before adding the <securityTokenManager> element to a configuration file, you must add the microsoft.web.services2 configuration section handler to the configuration file. For details about adding the microsoft.web.services2 configuration section handler, see <section> Element (WSE for Microsoft .NET).
Example
The following code example specifies a type to call when UsernameToken security tokens are received.
<configuration>
<microsoft.web.services2>
<security>
<securityTokenManager qname="wsse:UsernameToken" type="CustomSecurityNamespace.CustomSecurityClass, AssemblyName"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
</security>
</microsoft.web.services2>
</configuration>
See Also
Tasks
How to: Create a Security Token Manager for a Custom Security Token