Share via

<KeyInfo> Element (WSE for Microsoft .NET) (2)

  • Article

Specifies a type of security token or a security token with a specific key.

<microsoft.web.services2> Element
  <tokenIssuer> Element (WSE for Microsoft .NET) (2)
    <serverToken> Element

<KeyInfo>
  <SecurityTokenReference/>
</KeyInfo>

Attributes and Elements

Attributes

None.

Child Elements

Element Description

<SecurityTokenReference> Element (WSE for Microsoft .NET) (2)

Required element. Specifies the token type and key for a specific security token.

Parent Elements

Element Description

<serverToken> Element

Specifies the security token used to sign the response for a security token request.

Remarks

When issuing security tokens, use the <KeyInfo> element to specify a security token within a <serverToken> Element. For more details about issuing security tokens, see Issuing Security Tokens.

The list of elements that can be children of the <KeyInfo> element is dependent on the computer, with the exception of the <SecurityTokenReference> Element (WSE for Microsoft .NET) (2) element. The <SecurityTokenReference> element is explicilty defined in the WS-Security specification, so it is supported. WSE also uses the model for loading <KeyInfo> elements that is defined by the System.Security.Cryptography.Xml.KeyInfo and System.Security.Cryptography.Xml.KeyInfoClause classes. Therefore, it is possible to extend te support for all security token managers by registering a custom KeyInfo clause.

It is also possible to extend the list of supported <KeyInfo> child elements on a per-security token manager basis. To do so, build and configure a custom security token manager that overrides the LoadTokenFromKeyInfo method to parse <KeyInfo> elements with your custom child elements. WSE calls the LoadTokenFromKeyInfo method for all native and configured security token managers when it receives a SOAP message containing a <KeyInfo> element until it finds one that can parse it. For more details about building a custom security token manager, see How to: Create a Security Token Manager for a Custom Security Token.

Example

The following code example specifies an X509SecurityToken with a specific key to sign the responses for security token requests.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <microsoft.web.services2>
    <tokenIssuer>
      <serverToken>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
          <wsse:SecurityTokenReference 
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">
              ZPGrPnuqATeSgVjLYcmiY/GSWWY=
            </wsse:KeyIdentifier>
          </wsse:SecurityTokenReference>
        </KeyInfo>
      </serverToken>
    </tokenIssuer>
  </microsoft.web.services2>
</configuration>

See Also

Reference

<serverToken> Element
<SecurityTokenReference> Element (WSE for Microsoft .NET) (2)

Other Resources

Issuing Security Tokens