Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All
Expand Minimize

<securityTokenManager> Element

Specifies a user supplied custom security token manager for an XML-based security token.

<microsoft.web.services2> Element
  <security> Element

<securityTokenManager qname type >
  <cacheLimit />
  <generationLimit />
  <keyAlgorithm name />
  <label />
  <offsetLimit />
  <renewalWindowInSeconds />
  <replayDection enabled windowInSeconds />
</securityTokenManager >

Attributes

Attribute Description

Qname

Required attribute. An XML qualified name that identifies the security token type within a SOAP message.

Type

Required attribute. The fully qualified type name of the custom security manager.

Child Elements

Element Description

<cacheLimit> Element

Optional element. Sets the limit on the number of security tokens that are cached.

<generationLimit> Element

Optional element. For DerivedKeyToken security tokens, specifies the maximum position at which the derived key is located in the byte stream for a serialized security token.

<keyAlgorithm> Element for <binarySecurityTokenManager>

Optional element. Specifies the key algorithm used by a security token.

<label> Element

Optional element. Specifies the label parameter in the key generation algorithm for UsernameToken security tokens.

<offsetLimit> Element

Optional element. For DerivedKeyToken security tokens, specifies the maximum position at which the derived key is located in the byte stream for a serialized security token.

<renewalWindowInSeconds> Element

Optional element. For SecurityContextToken security tokens, specifies the period of time immediately prior to expiration, in which the security can be renewed.

<replayDetection> Element

Optional element. Controls whether to enable replay detection against the UsernameToken nonce for a period of time.

Parent Elements

Element Description

<security> Element

Controls the security settings for a WSE application.

When a security token is received by WSE that it does not natively support, WSE looks to see if a security token manager has been configured to handle that type of security token. WSE looks for a <securityTokenManager> element with a qname attribute that matches the element representing the security token within the WS-Security SOAP header. When there is a match, WSE calls the type specified in the type attribute of the <securityTokenManager> to handle the security token.

Similarly, the <securityTokenManager> element can be used to register security token managers that override the default behavior of natively supported security tokens. For example, if you are using UsernameToken security tokens and you do not want WSE to authenticate the user name and password against an Windows user account, you can create and register a custom security token manager that authenticates the user name using a database of user name and password combinations. For more information about using UsernameToken security tokens, see How to: Verify Digital Signatures of SOAP Messages Signed Using a User Name and Password.

Before adding the <securityTokenManager> element to a configuration file, you must add the microsoft.web.services2 configuration section handler to the configuration file. For details about adding the microsoft.web.services2 configuration section handler, see <section> Element (WSE for Microsoft .NET).

The following code example specifies a type to call when UsernameToken security tokens are received.

<configuration>
  <microsoft.web.services2>
    <security> 
      <securityTokenManager qname="wsse:UsernameToken" type="CustomSecurityNamespace.CustomSecurityClass, AssemblyName" 
          xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
    </security>
  </microsoft.web.services2>
</configuration>
Show:
© 2015 Microsoft