Share via


Establishing a Secure Conversation

The Web Services Enhancements for Microsoft .NET (WSE) provides the capability to programmatically request a security token. The SOAP message sender obtains this security token from a security token service and uses that security token to digitally sign or encrypt a series of messages between itself and the target Web service. The SOAP message sender sends its first SOAP message, known as a Request Security Token (RST) message, to request a security token from a security token service that is trusted by a target Web service. By default, the RST must be signed, so that the security token service can verify that the SOAP message sender is entitled to receive the security token. After the signature is verified, authenticated, and authorized, the security token service returns a SOAP message, known as a Request Security Token Response (RSTR) message, which contains the security token. This security token can be used to communicate between the sender and the target Web service until it expires.

Obtaining and using a security token.

In This Section

See Also

Other Resources

Brokered Authentication – Security Token Service (STS)