Share via


<KeyInfo> Element

Specifies a type of security token or a security token with a specific key.

<microsoft.web.services3> Element
  <tokenIssuer> Element
    <serviceToken> Element

<KeyInfo>
  <SecurityTokenReference/>
</KeyInfo>

Attributes and Elements

Attributes

None.

Child Elements

Element Description

<SecurityTokenReference> Element

Required element. Specifies the token type and key for a specific security token.

Parent Elements

Element Description

<serviceToken> Element

Specifies the security token that a security token service uses to encrypt the session key in the response for a security token request.

Remarks

When issuing security tokens, use the <KeyInfo> element to specify a security token within a <serviceToken> Element. For more details about issuing security tokens, see Establishing a Secure Conversation.

The list of elements that can be children of the <KeyInfo> element is dependent on the computer, with the exception of the <SecurityTokenReference> Element element. The <SecurityTokenReference> element is explicitly defined in the WS-Security specification, so it is supported. WSE also uses the model for loading <KeyInfo> elements that is defined by the System.Security.Cryptography.Xml.KeyInfo and System.Security.Cryptography.Xml.KeyInfoClause classes. Therefore, it is possible to extend the support for all security token managers by registering a custom KeyInfo clause.

It is also possible to extend the list of supported <KeyInfo> child elements on a per-security token manager basis. To do so, build and configure a custom security token manager that overrides the LoadTokenFromKeyInfo method to parse <KeyInfo> elements with your custom child elements. WSE calls the LoadTokenFromKeyInfo method for all native and configured security token managers when it receives a SOAP message containing a <KeyInfo> element until it finds one that can parse it. For more details about building a custom security token manager, see How to: Create a Security Token Manager for a Custom Security Token.

Example

The following code example specifies an X509SecurityToken with a specific key to encrypt the session key in the responses for security token requests.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <microsoft.web.services3>
    <tokenIssuer>
      <serviceToken>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
          <wsse:SecurityTokenReference 
            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">
              ZPGrPnuqATeSgVjLYcmiY/GSWWY=
            </wsse:KeyIdentifier>
          </wsse:SecurityTokenReference>
        </KeyInfo>
      </serviceToken>
    </tokenIssuer>
  </microsoft.web.services3>
</configuration>

See Also

Reference

<serviceToken> Element
<SecurityTokenReference> Element

Other Resources

Establishing a Secure Conversation