<response> Element
Specifies the portions of SOAP responses that are signed or encrypted.
<policies> Element
<policy> Element (Policy)
<kerberosSecurity> Element
<protection> Element
<response signatureOptions encryptBody >
<signedHeader name namespace />
</response>
Attributes and Elements
Attributes
Attribute | Description |
---|---|
signatureOptions |
Required attribute. A comma-separated string of SOAP message parts to sign. IncludeAddressing specifies that the WS-Addressing headers are signed. IncludeTimestamp specifies that the timestamp element within the WS-Security header is signed. IncludeSoapBody specifies that the <body> element is signed. |
encryptBody |
Required attribute. Specifies whether the <body> element is encrypted. Possible values are true and false. |
Child Elements
Element | Description |
---|---|
Used in a policy assertion to specify the name of a custom SOAP header that is to be signed. |
Parent Elements
Element | Description |
---|---|
Specifies the portions of SOAP requests, SOAP responses, and SOAP faults sent to or from an endpoint that are signed or encrypted. |
Remarks
The <protection> Element element can be included in policy assertions other than the <kerberosSecurity> Element policy assertion. For more information, see <protection> Element.
Example
The following code example demonstrates how to secure one portion of an application that contains a Web service using a KerberosToken security token. The code example defines a policy assertion named kerberosAuthenticationKerberosProtection
that specifies that a KerberosToken security token is used to encrypt the <body> element and to digitally sign the WS-Addressing headers, <body> element, and the timestamp for all SOAP responses.
<policies>
<extensions>
<extension name="kerberosSecurity"
type="Microsoft.Web.Services3.Design.KerberosAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="kerberos"
type="Microsoft.Web.Services3.Design.KerberosTokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="kerberosAuthenticationKerberosProtection">
<kerberosSecurity establishSecurityContext="false" signatureConfirmation="false" protectionOrder="SignBeforeEncrypting" deriveKeys="true">
<token>
<kerberos targetPrincipal="host/contoso4@contoso.com" impersonationLevel="Identification" />
</token>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
</protection>
</kerberosSecurity>
<requireActionHeader />
</policy>
</policies>
See Also
Tasks
How to: Secure a Web Service Using a Policy File
Reference
<protection> Element
<signedHeader> Element
<request> Element
<fault> Element