Issuing Security Tokens

The Web Services Enhancements for Microsoft .NET (WSE) provides the capability to programmatically request a security token. The SOAP message sender obtains this security token from a security token service and uses that security token to digitally sign or encrypt a series of messages between itself and the target Web service. The SOAP message sender sends its first SOAP message, known as a Request Security Token (RST) message, to request a security token from a security token service that is trusted by a target Web service. By default, the RST must be signed, so that the security token service can verify that the SOAP message sender is entitled to receive the security token. After the signature is verified, authenticated, and authorized, the security token service returns a SOAP message, known as a Request Security Token Response (RSTR) message, which contains the security token. This security token can be used to communicate between the sender and the target Web service until it expires.

Obtaining and using a security token.

In This Section

• Issuing Security Context Tokens
  Details how to issue and obtain SecurityContextToken security tokens using a security context token service.

• Issuing Custom Security Tokens
  Details how to issue and obtain security tokens using a custom security token service.