Export (0) Print
Expand All
Expand Minimize

<replayDetection> Element

Controls whether to enable replay detection against the UsernameToken nonce for a period of time.

<microsoft.web.services3> Element
  <security> Element
    <securityTokenManager> Element
      <add> Element for <securityTokenManager>

  windowInSeconds="300" />


Attribute Description


Required attribute. Set to true if replay detection should be enabled for the UsernameToken nonce; otherwise, false.


Required attribute. The time in seconds that replay detection is enabled against the UsernameToken nonce.

Child Elements


Parent Elements

Element Description

<add> Element for <securityTokenManager>

Adds a user-supplied custom security token manager for an XML-based security token to the application domain.

Before adding the <replayDetection> element to a configuration file, you must add the microsoft.web.services3 configuration section handler to the configuration file. For more information, see <section> Element.

Use the <replayDetection> element to specify that replay detection is enabled against the UsernameToken nonce. If this option is enabled, when a UsernameToken arrives, a check is performed as to whether the token creation time is within the reply window. If it is outside of the window, an error is generated and the token is considered invalid. If a nonce is reused within the replay window, a message is generated to note that a particular nonce value can only be used once within a given time period.

The following code example specifies that replay detection is enabled and the window is set to 300 seconds for UsernameToken security tokens.

        <add localName="UsernameToken"
             type="Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager, Microsoft.Web.Services3, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" priority="1" group="0" 
          <replayDetection enabled="true" windowInSeconds="300" />
© 2014 Microsoft