By using a Web service policy you can easily specify the security requirements of a Web service, such as the type of credentials that clients should supply to authenticate themselves, and how security information should be encrypted. Connected Services Framework provides features that help you to specify the policies to be implemented by a Web service, and how a session should apply a policy when it routes a message to a Web service.
When you use a policy with a Web service, you must perform the following tasks:
- Define the policy. You can do this by using the WSE 3.0 Settings Wizard. In a Web service, the policy is stored in the wse3policyCache.config file by default. The WSE 3.0 Settings Wizard creates this file if necessary, and updates the Web.config file so that the Web service refers to this file. However, the Session Web service implements several of its own custom policy assertions, and you should be careful that any policy you create does not conflict with these policy assertions. For more information, see >The SessionPolicy.Config File.
- Implement the policy. You can specify that the Web service implements the policy by using the Policy attribute when you define the Web service, or by using the SetPolicy method of the CsfService class. For more information, see >How to Implement Policy for a Web Service Receiving Messages.
- Add the policy to the participant manifest. The session must apply the policy when it routes messages to the Web service. To enable this, you must add the policy to the SessionPolicy.config file for the Session Web service, and add a reference to the policy to the participant manifest for the Web service. For more information, see >How to Specify a Policy in the Participant Manifest.
Note: WSE policy files contain sensitive security configuration information. Make sure that you configure an appropriately restrictive access control list (ACL) on any directory that contains WSE policy files.
See Also