<KeyInfo> Element (WSE for Microsoft .NET) (2)
Specifies a type of security token or a security token with a specific key.
<microsoft.web.services2> Element
<tokenIssuer> Element (WSE for Microsoft .NET) (2)
<serverToken> Element
<KeyInfo>
<SecurityTokenReference/>
</KeyInfo>
Attributes and Elements
Attributes
None.
Child Elements
| Element | Description |
|---|---|
<SecurityTokenReference> Element (WSE for Microsoft .NET) (2) |
Required element. Specifies the token type and key for a specific security token. |
Parent Elements
| Element | Description |
|---|---|
Specifies the security token used to sign the response for a security token request. |
Remarks
When issuing security tokens, use the <KeyInfo> element to specify a security token within a <serverToken> Element. For more details about issuing security tokens, see Issuing Security Tokens.
The list of elements that can be children of the <KeyInfo> element is dependent on the computer, with the exception of the <SecurityTokenReference> Element (WSE for Microsoft .NET) (2) element. The <SecurityTokenReference> element is explicilty defined in the WS-Security specification, so it is supported. WSE also uses the model for loading <KeyInfo> elements that is defined by the System.Security.Cryptography.Xml.KeyInfo and System.Security.Cryptography.Xml.KeyInfoClause classes. Therefore, it is possible to extend te support for all security token managers by registering a custom KeyInfo clause.
It is also possible to extend the list of supported <KeyInfo> child elements on a per-security token manager basis. To do so, build and configure a custom security token manager that overrides the LoadTokenFromKeyInfo method to parse <KeyInfo> elements with your custom child elements. WSE calls the LoadTokenFromKeyInfo method for all native and configured security token managers when it receives a SOAP message containing a <KeyInfo> element until it finds one that can parse it. For more details about building a custom security token manager, see How to: Create a Security Token Manager for a Custom Security Token.
Example
The following code example specifies an X509SecurityToken with a specific key to sign the responses for security token requests.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<microsoft.web.services2>
<tokenIssuer>
<serverToken>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">
ZPGrPnuqATeSgVjLYcmiY/GSWWY=
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
</serverToken>
</tokenIssuer>
</microsoft.web.services2>
</configuration>
See Also
Reference
<serverToken> Element
<SecurityTokenReference> Element (WSE for Microsoft .NET) (2)