<limits> Element
Specifies the limitations on incoming SOAP messages.
<microsoft.web.services3> Element
<security> Element
<limits maxSignedItems maxEncryptedItems maxTokens />
Attributes and Elements
Attributes
| Attribute | Description |
|---|---|
maxSignedItems |
Required attribute. Specifies the maximum number of items that are digitally signed in an incoming SOAP message. When the same item is signed more than once, it counts towards this limitation as many times as it is signed. A value of -1 specifies there is no limit. The default value is 16. |
maxEncryptedItems |
Required attribute. Specifies the maximum number of items that are encrypted in an incoming SOAP message. When the same item is encrypted more than once, it counts towards this limitation as many times as it is encrypted. A value of -1 specifies there is no limit. The default value is 5. |
maxTokens |
Required attribute. Specifies the maximum number of security tokens contained within an incoming SOAP message. A value of -1 specifies there is no limit. The default value is 5. |
Child Elements
None
Parent Elements
| Element | Description |
|---|---|
Controls the security settings for a WSE application. |
Remarks
Use the <limits> element to help mitigate denial of service attacks that attempt to overload the computer hosting the Web service with SOAP messages that require a large amount of processing due to a large number of signatures, encrypted elements, or security tokens.
When a SOAP message is received that exceeds the specified limitations, a SOAP fault is returned to the sender. The SOAP fault code is set to Microsoft.Web.Services3.Security.SecurityFault.FailedAuthenticationCode when the number of security tokens is exceeded and Microsoft.Web.Services3.Security.SecurityFault.FailedCheckCode when the number of XML elements that are digitally signed or encrypted is exceeded.
Before adding the <limits> element to a configuration file, you must add the microsoft.web.services3 configuration section handler to the configuration file. For details about adding the microsoft.web.services3 configuration section handler, see <section> Element.
Example
The following code example specifies that all incoming SOAP messages contain no more than 10 XML elements that are digitally signed, 4 XML elements that are encrypted, and 2 security tokens.
<configuration>
<microsoft.web.services3>
<security>
<limits
maxSignedItems="10"
maxEncryptedItems="4"
maxTokens="2" />
</security>
</microsoft.web.services3>
</configuration>