<requireSoapHeader> Element
Represents a security assertion that requires the presence of the specified SOAP header in SOAP requests sent to a Web service.
<policies> Element
<policy> Element (Policy)
<requireSoapHeader actor name namespace />
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion
Attributes and Elements
Attributes
| Attribute | Description |
|---|---|
actor |
Optional attribute. The actor for which the SOAP header is intended. The default value is the ultimate recipient. |
name |
Required attribute. The name of the required SOAP header. |
namespace |
Required attribute. The XML namespace for the SOAP header. |
Child Elements
None
Parent Elements
| Element | Description |
|---|---|
Specifies one or more SOAP message requirements. |
Remarks
Use this assertion to require that an incoming SOAP message contain a specific SOAP header. This SOAP header must be a direct descendant of the <Header> element in the SOAP message.
Example
The following code example demonstrates how to secure a SOAP message exchange using an X509SecurityToken security token for protection and a UsernameToken security token for client authentication. The code example defines a policy named ServicePolicy that specifies that an X509SecurityToken security token is used to digitally sign the SOAP message, and to encrypt the <Body> element of the SOAP message. The policy requires the presence of a Merlot SOAP header that is intended for the ultimate recipient of the SOAP message. In the following code example, the user name and password must be specified in the application's code.
<policies>
<extensions>
<extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireSoapHeader"
type="Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="ServicePolicy">
<usernameForCertificateSecurity
establishSecurityContext="false"
renewExpiredSecurityContext="true"
signatureConfirmation="false"
protectionOrder="SignBeforeEncrypting"
deriveKeys="true" >
<serviceToken>
<x509
storeLocation="LocalMachine"
storeName="My"
findValue="CN=WSE2QuickStartServer"
findType="FindBySubjectDistinguishedName" />
</serviceToken>
<protection>
<request
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<response
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<fault
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="false" />
</protection>
</usernameForCertificateSecurity>
<requireActionHeader />
<requireSoapHeader name="Merlot" namespace="http://www.cohowinery.com"/>
</policy>
</policies>
See Also
Tasks
How to: Secure a Web Service Using a Policy File