Share via


<extension> Element

Specifies a policy extension.

<policies> Element
  <extensions> Element

<extension name type />

Attributes and Elements

Attributes

Attribute Description

name

The name of the extension as it is referenced in policy assertions within the policy file.

type

The fully qualified type name that implements the policy extension.

Child Elements

None.

Parent Elements

Element Description

<extensions> Element

Required element. Specifies a set of policy extensions that are used to define the policy assertions for the application.

Remarks

Within a policy file, policies are defined using standard or custom security assertions and security token providers that are specified in an <extension> Element child element of an <extensions> Element element. For example, the <usernameForCertificateSecurity> Element element is a standard security assertion that specifies that a UsernameToken security token is used to authenticate the client and that an X509SecurityToken security token is used to authenticate the server and to sign and encrypt the SOAP messages between the two endpoints. To use this standard security assertion, add <usernameForCertificateSecurity> Element, <x509> Element (Policy), and <username> Element child elements to the <extensions> Element element. The <x509> and <username> element are security token providers that are required by the <usernameOverX509Security> element.

Example

The following code example demonstrates a policy file that might be used to secure one portion of a gateway application over the Internet using X.509 certificates. A gateway application has three or more components. An example of a gateway application is a Windows client application that communicates with a Web service that then communicates with another Web service.

The code example defines a policy assertion named X509MutualAuthentication that specifies that an X509SecurityToken security token is used to mutually authenticate the client and Web service. SOAP requests are signed using a key from the client's X509SecurityToken security token and encrypted using a key from the Web service's security token. SOAP responses are signed using a key from the Web service's security token and encrypted using a key from the client's security token.

Note

This code example is designed to demonstrate WSE features and is not intended for production use.

<policies>
  <extensions>
    <extension name="mutualX509Security" type="Microsoft.Web.Services3.Design.MutualX509Assertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="x509"
               type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="requireActionHeader"
               type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </extensions>
  <policy name="X509MutualAuthentication">
    <mutualX509Security establishSecurityContext="false"
                        signatureConfirmation="false"
                        protectionOrder="SignBeforeEncrypting"
                        deriveKeys="false">
      <serviceToken>
        <x509 storeLocation="LocalMachine"
              storeName="My" findValue="CN=books.contoso.com"
              findType="FindBySubjectDistinguishedName" />
      </serviceToken>
      <protection>
        <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" 
                 encryptBody="true" />
        <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
                  encryptBody="true" />
        <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
               encryptBody="false" />
      </protection>
    </mutualX509Security>
    <requireActionHeader />
  </policy>
</policies>

See Also

Reference

<policies> Element
<extensions> Element