<x509> Element (Policy)
Specifies the details for creating a new X509SecurityToken instance.
<policies> Element
<policy> Element (Policy)
<anonymousForCertificateSecurity> Element
<serviceToken> Element (Policy)
<x509
findType
findValue
storeLocation="LocalMachine|CurrentUser"
storeName
/>
Microsoft.Web.Services3.Design.X509TokenProvider
Attributes and Elements
Attributes
| Attribute | Description |
|---|---|
findType |
One of the System.Security.Cryptography.X509Certificates.X509FindType values that specifies how to find the certificate in the certificate store. Possible values are FindByApplicationPolicy, FindByCertificatePolicy, FindByExtension, FindByIssuerDistinguishedName, FindByIssuerName, FindByKeyUsage, FindBySerialNumber, FindBySubjectDistinguishedName, FindBySubjectKeyIdentifier, FindBySubjectName, FindByTemplateName, FindByThumbprint, FindByTimeExpired, FindByTimeNotYetValid, and FindByTimeValid. |
findValue |
The value to search for in the certificate store. |
storeLocation |
One of the System.Security.Cryptography.X509Certificates.StoreLocation values that specifies the location of the X.509 certificate store. Possible values are CurrentUser and LocalMachine. |
storeName |
One of the System.Security.Cryptography.X509Certificates.StoreName values that specifies the name of the certificate store. Possible values are AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, and TrustedPublisher. The AddressBook store is the same store that is displayed in the Certificates MMC as OtherPeople. |
Child Elements
None
Parent Elements
| Element | Description |
|---|---|
Specifies the security token that authenticates the client. |
|
Specifies the X509SecurityToken security token that protects the SOAP message. |
Remarks
The following turnkey assertions use the <x509> element:
- <anonymousForCertificateSecurity> Element
- <mutualCertificate10Security> Element
- <mutualCertificate11Security> Element
- <usernameForCertificateSecurity> Element
Example
The following code example demonstrates how to search for an X.509 certificate in the My certificate store for the LocalMachine using the FindBySubjectDistinguishedName method.
<policies>
<extensions>
<extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="ServerPolicy">
<usernameForCertificateSecurity
establishSecurityContext="false"
renewExpiredSecurityContext="true"
signatureConfirmation="false"
protectionOrder="SignBeforeEncrypting"
deriveKeys="true" >
<serviceToken>
<x509
storeLocation="LocalMachine"
storeName="My"
findValue="CN=WSE2QuickStartServer"
findType="FindBySubjectDistinguishedName" />
</serviceToken>
<protection>
<request
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<response
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<fault
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="false" />
</protection>
</usernameForCertificateSecurity>
<requireActionHeader />
</policy>
</policies>
See Also
Tasks
How to: Secure a Web Service Using a Policy File
Reference
<serviceToken> Element (Policy)