What's New in Service Pack 2
The following sections detail the new features, core product changes, and new documentation topics in service pack 2.
New Features
| Feature | Description |
|---|---|
| KerberosToken2 security token | The KerberosToken2 security token extends the capability of the KerberosToken security token, such that it can be used to secure SOAP messages sent to a Web farm and the identity associated with it can be impersonated. For more details, see Differences between KerberosToken and KerberosToken2. |
Core product changes
-
The wire format for outgoing SOAP messages can now be specified using configuration. To specify the wire format for outgoing SOAP messages, add a <compatibility> Element to the sending application's configuration file. For more details, see <compatibility> Element.
-
The LoadTokenFromXml method no longer throws an exception when the IsCurrent property is false. The security input filter makes the same check and throws an exception when IsCurrent property is false.
-
When a Web service method of a SoapService class is expected to return a SOAP response and it returns null, WSE returns an empty SoapEnvelope to the SOAP message sender.
-
The Decrypt method only decrypts one and only one XML element. When the Decrypt method is passed more than one XML element, a security fault is thrown.
-
When the Send method is called with a SoapEnvelope that contains an unsupported content type, such as text/html, the response stream is read and stored in the exception text.
- SoapService instances configured to automatically issue SecurityContextToken security tokens no longer re-use the same instance of the SecurityContextTokenService security token service. A new instance is created per request. Use the AutoIssueSCTService property to access the current instance of the SecurityContextTokenService. If the previous behavior is required, do one of the following:
-
Override the AutoIssueSCTService property to return a singleton instance of a SecurityContextTokenService.
-
Create a class that wraps the SecurityContextTokenService class and delegates to a singleton instance. The wrapped security token service must be registered using the <tokenIssuer> Element (WSE for Microsoft .NET) (2) element.
-
Override the AutoIssueSCTService property to return a singleton instance of a SecurityContextTokenService.
Documentation Updates
The following topics were added to the documentation.
| Topic | Description |
|---|---|
| Details the differences between the KerberosToken2 and KerberosToken security tokens. | |
| Adds an encryption formatter for security token managers. | |
| Adds a key exchange formatter for security token managers. | |
| Adds a signature formatter for security token managers. | |
| Specifies the wire format used by outgoing SOAP messages. | |
| Specifies the list of cryptographic algorithms that are available to place keys, encrypted data, and digital signatures in a SOAP message. | |
| Specifies the types that take encrypted data and place it within a SOAP message according to the specified encryption algorithm. | |
| For DerivedKeyToken security tokens, specifies the maximum position at which the derived key is located in the byte stream for a serialized security token. | |
| Specifies how a recipient of a KerberosToken2 security token can use the identity associated with the security token. | |
| Specifies the key algorithm used by a security token. | |
| Specifies the list of cryptographic algorithms that are available to generate keys or encrypt SOAP messages. | |
| Specifies the algorithm used to generate keys for a security token that uses symmetric keys. | |
| Specifies the types available to security token managers that can take a key and place it within a SOAP message according to a specific cryptographic algorithm. | |
| For DerivedKeyToken security tokens, specifies the maximum position at which the derived key is located in the byte stream for a serialized security token. | |
| For KerberosToken and SecurityContextToken security tokens, specifies the period of time immediately prior to expiration, in which the security can be renewed. | |
| Specifies the types that take a digital signature and place it within a SOAP message according to the specified cryptographic algorithm. |