<extension> Element
Specifies a policy extension.
<policies> Element
<extensions> Element
<extension name type />
Attributes and Elements
Attributes
| Attribute | Description |
|---|---|
name |
The name of the extension as it is referenced in policy assertions within the policy file. |
type |
The fully qualified type name that implements the policy extension. |
Child Elements
None.
Parent Elements
| Element | Description |
|---|---|
Required element. Specifies a set of policy extensions that are used to define the policy assertions for the application. |
Remarks
Within a policy file, policies are defined using standard or custom security assertions and security token providers that are specified in an <extension> Element child element of an <extensions> Element element. For example, the <usernameForCertificateSecurity> Element element is a standard security assertion that specifies that a UsernameToken security token is used to authenticate the client and that an X509SecurityToken security token is used to authenticate the server and to sign and encrypt the SOAP messages between the two endpoints. To use this standard security assertion, add <usernameForCertificateSecurity> Element, <x509> Element (Policy), and <username> Element child elements to the <extensions> Element element. The <x509> and <username> element are security token providers that are required by the <usernameOverX509Security> element.
Example
The following code example demonstrates a policy file that might be used to secure one portion of a gateway application over the Internet using X.509 certificates. A gateway application has three or more components. An example of a gateway application is a Windows client application that communicates with a Web service that then communicates with another Web service.
The code example defines a policy assertion named X509MutualAuthentication that specifies that an X509SecurityToken security token is used to mutually authenticate the client and Web service. SOAP requests are signed using a key from the client's X509SecurityToken security token and encrypted using a key from the Web service's security token. SOAP responses are signed using a key from the Web service's security token and encrypted using a key from the client's security token.
Note
This code example is designed to demonstrate WSE features and is not intended for production use.
<policies>
<extensions>
<extension name="mutualX509Security" type="Microsoft.Web.Services3.Design.MutualX509Assertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="x509"
type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="X509MutualAuthentication">
<mutualX509Security establishSecurityContext="false"
signatureConfirmation="false"
protectionOrder="SignBeforeEncrypting"
deriveKeys="false">
<serviceToken>
<x509 storeLocation="LocalMachine"
storeName="My" findValue="CN=books.contoso.com"
findType="FindBySubjectDistinguishedName" />
</serviceToken>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="false" />
</protection>
</mutualX509Security>
<requireActionHeader />
</policy>
</policies>