Share via


<request> Element

Specifies the portions of SOAP requests that are signed or encrypted.

<policies> Element
  <policy> Element (Policy)
    <kerberosSecurity> Element
      <protection> Element

<request signatureOptions encryptBody >
  <signedHeader name ns />
</request>

Attributes and Elements

Attributes

Attribute Description

signatureOptions

Required attribute. A comma-separated string of SOAP message parts to sign. IncludeAddressing specifies that the WS-Addressing headers are signed. IncludeTimestamp specifies that the timestamp element within the WS-Security header is signed. IncludeSoapBody specifies that the <body> element is signed.

encryptBody

Required attribute. Specifies whether the <body> element is encrypted. Possible values are true and false.

Child Elements

Element Description

<signedHeader> Element

Used in a policy assertion to specify the name of a custom SOAP header that is to be signed.

Parent Elements

Element Description

<protection> Element

Specifies the portions of SOAP requests, SOAP responses, and SOAP faults sent to or from an endpoint that are signed or encrypted.

Remarks

The <protection> Element element can be included in policy assertions other than the <kerberosSecurity> Element policy assertion. For more information, see <protection> Element.

Example

The following code example demonstrates how to secure a Web service using KerberosToken security tokens. The code example defines a policy assertion named kerberosAuthenticationKerberosProtection that specifies that a KerberosToken security token is used to encrypt the <body> element and to digitally sign the WS-Addressing headers, <body> element, and the timestamp for all SOAP requests.

<policies>
  <extensions>
    <extension name="kerberosSecurity"
               type="Microsoft.Web.Services3.Design.KerberosAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="kerberos"
               type="Microsoft.Web.Services3.Design.KerberosTokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="requireActionHeader"
               type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </extensions>
  <policy name="kerberosAuthenticationKerberosProtection">
    <kerberosSecurity establishSecurityContext="false" signatureConfirmation="false" protectionOrder="SignBeforeEncrypting" deriveKeys="true">
      <token>
        <kerberos targetPrincipal="host/contoso4@contoso.com" impersonationLevel="Identification" />
      </token>
      <protection>
        <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
        <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
        <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
      </protection>
    </kerberosSecurity>
    <requireActionHeader />
  </policy>
</policies>

See Also

Tasks

How to: Secure a Web Service Using a Policy File

Reference

<protection> Element
<signedHeader> Element
<response> Element
<fault> Element