Securing Web Services

The Web Services Enhancements for Microsoft .NET (WSE) provides three fundamental mechanisms to help secure communication between clients and Web services:

• Adding security credentials to a SOAP message.
• Digitally signing a SOAP message.
• Encrypting a SOAP message.

Digitally signing a SOAP message allows a recipient to cryptographically verify that the message has not been altered since it was signed. When WSE is configured on the SOAP recipient's computer, WSE automatically verifies the signature. By encrypting a SOAP message, a Web service client can reasonably ensure that only the intended Web service can decrypt the contents of the message.

In This Section

• Signing and Encrypting SOAP Messages
  Details how to use WSE to digitally sign and/or encrypt SOAP messages.

• How to: Add Security Credentials to a SOAP Message
  Details how to use WSE to add one or more security tokens to a SOAP message for authentication.

• How to: Add a Security Token to the Security Token Cache
  Details how to make a security token available to WSE policy enforcement for outgoing SOAP messages.

• Authorizing Access to a Web Service
  Details how to authorize access to a Web service based upon the security token that signed the SOAP message.

• Supported Security Tokens
  Describes the set of security tokens natively supported by WSE and provides details on how you can use them.

• Creating Custom Security Tokens
  Details how to create a class that represents a set of binary or XML user credentials that are not natively supported by WSE.

• Issuing Security Tokens
  Details how to issue security tokens and then use them in a series of SOAP messages between a sender and receiver, known as a conversation.