<usernameOverTransportSecurity> Element
Represents a turnkey security assertion that authenticates the client using a UsernameToken security token. The SOAP message is not encrypted or digitally signed, so a secure transport should be used with this assertion. WSE does not verify that the transport is providing the message protection. WS-Security 1.1 or 1.0 can be used with this assertion.
<policies> Element
<policy> Element (Policy)
<usernameOverTransportSecurity
clientActor
serviceActor
ttlInSeconds >
<clientToken />
</usernameOverTransportSecurity >
Microsoft.Web.Services3.Design.UsernameOverTransportAssertion
Attributes and Elements
Attributes
| Attribute | Description |
|---|---|
clientActor |
Optional attribute. Specifies the actor attribute on the Security SOAP header for a SOAP message destined for a Web service client to which this policy assertion applies. When the SOAP message is not routed through an intermediary, such as a SOAP router, the actor attribute is an empty string (""). When the policy assertion applies to an intermediary, specify the URI for the intermediary. The default value is an empty string (""). |
serviceActor |
Optional attribute. Specifies the actor attribute on the Security SOAP header for a SOAP message destined for a Web service to which this policy assertion applies. When the SOAP message is not routed through an intermediary, such as a SOAP router, the actor attribute is an empty string (""). When the policy assertion applies to an intermediary, specify the URI for the intermediary. The default value is an empty string (""). |
ttlInSeconds |
Optional attribute. Specifies the default number of seconds that a SOAP message is valid after its creation. The default value is 5 minutes (300 seconds). |
Child Elements
| Element | Description |
|---|---|
Optional element. Specifies the security token that authenticates the client. |
Parent Elements
| Element | Description |
|---|---|
Specifies a SOAP message requirement. |
Remarks
When you use the <usernameOverTransportSecurity> policy assertion, it is recommended that you do not specify the client's user name and password in the policy file.
Example
The following code example demonstrates how to use the usernameOverTransportSecurity turnkey security assertion to send the client's user name and password in a SOAP message. The following code example does not place the user name and password in the policy file. Placing the user name and password is not recommended. In this case, the user name and password must be added in code.
<policies>
<extensions>
<extension name="usernameOverTransportSecurity" type="Microsoft.Web.Services3.Design.UsernameOverTransportAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="username" type="Microsoft.Web.Services3.Design.UsernameTokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="ClientPolicy">
<usernameOverTransportSecurity />
<requireActionHeader />
</policy>
</policies>
See Also
Tasks
How to: Secure a Web Service Using a Policy File
Reference
<serviceToken> Element (Policy)
<protection> Element
<policy> Element
X509SecurityToken