How to: Specify Security Token Requirements
The following procedure shows how to specify security token requirements.
To declare security token requirements
- Add a <SecurityToken> Element element.
Example
The following code example is a policy file containing a declaration for the policy that specifies that a message requires a UsernameToken security token.
<?xml version="1.0" encoding="utf-8" ?>
<policyDocument xmlns="https://schemas.microsoft.com/wse/2003/06/Policy">
<mappings>
<endpoint uri="http://www.cohowinery.com/Service1.asmx">
</mappings>
<policies
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wssp="https://schemas.xmlsoap.org/ws/2002/12/secext"
xmlns:wsp="https://schemas.xmlsoap.org/ws/2002/12/policy">
<wsp:Policy wsu:Id="signed-body-username">
<Integrity wsp:Usage="wsp:Required"
xmlns="https://schemas.xmlsoap.org/ws/2002/12/secext">
<TokenInfo>
<wssp:SecurityToken>
<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken</wssp:TokenType>
<wssp:Claims>
<wssp:SubjectName>SomeUsername</wssp:SubjectName>
<wssp:UsePassword Type="wssp:PasswordDigest" wsp:Usage="wsp:Required" />
</wssp:Claims>
</wssp:SecurityToken>
</TokenInfo>
<MessageParts xmlns:rp="https://schemas.xmlsoap.org/rp"
Dialect="https://schemas.xmlsoap.org/2002/12/wsse#part">
wsp:Body()
</MessageParts>
</Integrity>
</wsp:Policy>
</policies>
</PolicyDocument>