<policies> Element
The root element for a policy file.
<policies>
<extensions>
<policy name>
</policies>
Attributes and Elements
Attributes
None
Child Elements
| Element | Description |
|---|---|
Optional element. Specifies a set of policy extensions that are used to define the policy assertions for the application. |
|
Required element. Specifies a SOAP message requirement. |
Parent Elements
None
Remarks
The <policies> element is the root XML element for a policy file, which defines how SOAP messages are secured for the application. The <policies> element can contain zero or more <policy> Element (Policy) elements, which each define a policy. A policy defines how SOAP messages are secured between a client and a Web service without specifying which Web service the policy applies to. To specify which Web service the policy assertion applies to, apply a PolicyAttribute attribute to the class implementing the Web service. For more details, see Specifying the Security Requirements For a Web Service.
Within the policy file, policies are defined using turnkey or custom security assertions and security token providers that are specified in an <extensions> Element child element. For example, the <usernameForCertificateSecurity> Element element is a turnkey security assertion that specifies that a UsernameToken security token is used to authenticate the client and that an X509SecurityToken security token is used to protect the SOAP messages between the two endpoints.
Example
The following code example demonstrates how to secure a SOAP message exchange using an X509SecurityToken security token for protection and a UsernameToken security token for client authentication. The code example defines a policy assertion named ClientPolicy that specifies that a X509SecurityToken security token is used to digitally sign the SOAP message, and to encrypt the <body> element of the SOAP message. The keys used to generate the digital signature and encrypt the <body> element are not the same keys, but rather are derived from the same key. In the following code example, the user name and password needs to be added in code.
<policies>
<extensions>
<extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="ClientPolicy">
<usernameForCertificateSecurity
establishSecurityContext="false"
renewExpiredSecurityContext="true"
signatureConfirmation="false"
protectionOrder="SignBeforeEncrypting"
deriveKeys="true" >
<serviceToken>
<x509
storeLocation="CurrentUser"
storeName="AddressBook"
findValue="CN=WSE2QuickStartServer"
findType="FindBySubjectDistinguishedName" />
</serviceToken>
<protection>
<request
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<response
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<fault
signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="false" />
</protection>
</usernameForCertificateSecurity>
<requireActionHeader />
</policy>
</policies>
See Also
Tasks
How to: Secure a Web Service Using a Policy File
Reference
<policy> Element (Policy)
<extensions> Element