Share via


<fault> Element

Specifies the portions of SOAP faults sent to or from an endpoint that are signed and/or encrypted.

<policies> Element
  <policy> Element (Policy)
    <kerberosSecurity> Element
      <protection> Element

<fault signatureOptions encryptBody />

Attributes and Elements

Attributes

Attribute Description

signatureOptions

Required attribute. A comma-separated string of SOAP message parts to sign. IncludeAddressing specifies that the WS-Addressing headers are signed. IncludeTimestamp specifies that the timestamp element within the WS-Security header is signed. IncludeSoapBody specifies that the <body> element is signed.

encryptBody

Required attribute. Specifies whether the <body> element is encrypted. Possible values are true and false.

Child Elements

None.

Parent Elements

Element Description

<protection> Element

Specifies the portions of SOAP requests, SOAP responses, and SOAP faults sent to or from an endpoint that are signed and/or encrypted.

Remarks

The <protection> Element element has more parent elements than the <kerberosSecurity> Element element. For more information, see <protection> Element.

Example

The following code example demonstrates how to secure an application using a KerberosToken security token. The code example defines a policy assertion named kerberosAuthenticationKerberosProtection that specifies that a KerberosToken security token is used to digitally sign the WS-Addressing headers, <body> element, and the timestamp for all SOAP faults that are thrown by the application.

Note

This code example is designed to demonstrate WSE features and is not intended for production use.

<policies>
  <extensions>
    <extension name="kerberosSecurity"
               type="Microsoft.Web.Services3.Design.KerberosAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="kerberos"
               type="Microsoft.Web.Services3.Design.KerberosTokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    <extension name="requireActionHeader"
               type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </extensions>
  <policy name="kerberosAuthenticationKerberosProtection">
    <kerberosSecurity establishSecurityContext="false" signatureConfirmation="false" protectionOrder="SignBeforeEncrypting" deriveKeys="true">
      <token>
        <kerberos targetPrincipal="host/contoso4@contoso.com" impersonationLevel="Identification" />
      </token>
      <protection>
        <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
        <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
        <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
      </protection>
    </kerberosSecurity>
    <requireActionHeader />
  </policy>
</policies>

See Also

Reference

<protection> Element
<request> Element
<response> Element