Export (0) Print
Expand All

<policies> Element

The root element for a policy file.


<policies>
  <extensions>
  <policy name>
</policies>

Attributes

None

Child Elements

Element Description

<extensions> Element

Optional element. Specifies a set of policy extensions that are used to define the policy assertions for the application.

<policy> Element (Policy)

Required element. Specifies a SOAP message requirement.

Parent Elements

None

The <policies> element is the root XML element for a policy file, which defines how SOAP messages are secured for the application. The <policies> element can contain zero or more <policy> Element (Policy) elements, which each define a policy. A policy defines how SOAP messages are secured between a client and a Web service without specifying which Web service the policy applies to. To specify which Web service the policy assertion applies to, apply a PolicyAttribute attribute to the class implementing the Web service. For more details, see Specifying the Security Requirements For a Web Service.

Within the policy file, policies are defined using turnkey or custom security assertions and security token providers that are specified in an <extensions> Element child element. For example, the <usernameForCertificateSecurity> Element element is a turnkey security assertion that specifies that a UsernameToken security token is used to authenticate the client and that an X509SecurityToken security token is used to protect the SOAP messages between the two endpoints.

The following code example demonstrates how to secure a SOAP message exchange using an X509SecurityToken security token for protection and a UsernameToken security token for client authentication. The code example defines a policy assertion named ClientPolicy that specifies that a X509SecurityToken security token is used to digitally sign the SOAP message, and to encrypt the <body> element of the SOAP message. The keys used to generate the digital signature and encrypt the <body> element are not the same keys, but rather are derived from the same key. In the following code example, the user name and password needs to be added in code.

<policies>
  <extensions>
    <extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="requireActionHeader"
               type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </extensions>
  <policy name="ClientPolicy">
    <usernameForCertificateSecurity 
      establishSecurityContext="false" 
      renewExpiredSecurityContext="true" 
      signatureConfirmation="false" 
      protectionOrder="SignBeforeEncrypting" 
      deriveKeys="true" >
      <serviceToken>
        <x509
          storeLocation="CurrentUser"
          storeName="AddressBook"
          findValue="CN=WSE2QuickStartServer"
          findType="FindBySubjectDistinguishedName" />
      </serviceToken>
      <protection>
        <request
          signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
          encryptBody="true" />
        <response 
          signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
          encryptBody="true" />
        <fault
          signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
          encryptBody="false" />
      </protection>
    </usernameForCertificateSecurity>
    <requireActionHeader />
  </policy>
</policies>
Show:
© 2014 Microsoft