Share via

<signedHeader> Element

  • Article

Used in a policy assertion to specify the name of a custom SOAP header that is to be signed.

<policies> Element
  <policy> Element (Policy)
    <kerberosSecurity> Element
      <protection> Element
        <request> Element
          <response> Element

<signedHeader name namespace />

Attributes and Elements

Attributes

Attribute Description

name

The name of the custom SOAP header.

namespace

The target namespace for the custom SOAP header.

Child Elements

None.

Parent Elements

Element Description

<request> Element

Specifies the portions of SOAP requests that are signed or encrypted.

<response> Element

Specifies the portions of SOAP responses that are signed or encrypted.

Remarks

The <protection> Element element can be included in policy assertions other than the <kerberosSecurity> Element policy assertion. This element cannot be used with the <usernameOverTransportSecurity> Element turnkey assertion. or more information, see <protection> Element.

Example

The following code example demonstrates how to secure a Web service using KerberosToken security tokens. The code example defines a policy assertion named kerberosAuthenticationKerberosProtection that specifies that a KerberosToken security token is used to encrypt the <body> element and to digitally sign a custom SOAP header named CustomHeader, WS-Addressing headers, <body> element, and the timestamp for all SOAP requests.

<policies>
  <extensions>
    <extension name="kerberosSecurity"
               type="Microsoft.Web.Services3.Design.KerberosAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="kerberos"
               type="Microsoft.Web.Services3.Design.KerberosTokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="requireActionHeader"
               type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </extensions>
  <policy name="kerberosAuthenticationKerberosProtection">
    <kerberosSecurity establishSecurityContext="false" signatureConfirmation="false" protectionOrder="SignBeforeEncrypting" deriveKeys="true">
      <token>
        <kerberos targetPrincipal="host/contoso4@contoso.com" impersonationLevel="Identification" />
      </token>
      <protection>
        <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" >
          <signedHeader name="CustomHeader" namespace="https://www.contoso.com" />
        </request>
        <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
        <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
      </protection>
    </kerberosSecurity>
    <requireActionHeader />
  </policy>
</policies>

See Also

Tasks

How to: Secure a Web Service Using a Policy File

Reference

<request> Element
<response> Element