<add> Element for <securityTokenManager>

  • Article

Adds a user-supplied custom security token manager for an XML-based security token to the application domain.

<microsoft.web.services3> Element
  <security> Element
    <securityTokenManager> Element

<add localName namespace type >
  <cacheLimit />
  <generationLimit />
  <keyAlgorithm name />
  <label />
  <offsetLimit />
  <renewalWindowInSeconds />
  <replayDection enabled windowInSeconds />
  <signatureKeyLength value />
</add>

Attributes and Elements

Attributes

Attribute Description

localName

Required attribute. The security token type minus the XML namespace prefix, as it appears in a SOAP message.

namespace

Required attribute. The XML qualified name in which the name specified in the localName attribute is a member of.

type

Required attribute. The fully qualified type name of the custom security manager. When the security token manager referenced in the localName and namespace attributes is one of the built-in security token managers (i.e. UsernameTokenManager ), the type attribute is not required.

Child Elements

Element Description

<cacheLimit> Element

Optional element. Sets the limit on the number of security tokens that are cached.

<generationLimit> Element

Optional element. For DerivedKeyToken security tokens, specifies the maximum position at which the derived key is located in the byte stream for a serialized security token.

<keyAlgorithm> Element for <securityTokenManager>

Optional element. Specifies the key algorithm used by a security token.

<label> Element

Optional element. Specifies the label parameter in the key generation algorithm for UsernameToken security tokens.

<offsetLimit> Element

Optional element. For DerivedKeyToken security tokens, specifies the maximum position at which the derived key is located in the byte stream for a serialized security token.

<renewalWindowInSeconds> Element

Optional element. For SecurityContextToken security tokens, specifies the period of time immediately prior to expiration, in which the security can be renewed.

<replayDetection> Element

Optional element. Controls whether to enable replay detection against the UsernameToken nonce for a period of time.

<signatureKeyLength> Element

For DerivedKeyToken security tokens that only digitally sign SOAP messages, specifies the key length.

Parent Elements

Element Description

<securityTokenManager> Element

Specifies the user supplied custom security token managers for XML-based security tokens within an application domain.

Remarks

When WSE receives a security token that it does not natively support, WSE looks to see if a security token manager has been configured to handle that type of security token. WSE looks for a <add> Element for <securityTokenManager> element with a localName attribute that matches the element representing the security token within the WS-Security SOAP header. When there is a match, WSE calls the type specified in the type attribute of the <add> element to handle the security token.

Similarly, the <add> element can be used to register security token managers that override the default behavior of natively supported security tokens. For example, say you are using UsernameToken security tokens and you do not want WSE to authenticate the user name and password against a Windows user account. You can create and register a custom security token manager that authenticates the user name using a database of user name and password combinations. For more information about using UsernameToken security tokens, see How to: Verify Digital Signatures of SOAP Messages Signed Using a User Name and Password.

Before adding the <add> element to a configuration file, you must add the microsoft.web.services3 configuration section handler to the configuration file. For information about adding the microsoft.web.services3 configuration section handler, see <section> Element.

Example

The following code example specifies a type to call when UsernameToken security tokens are received.

<configuration>
  <microsoft.web.services3>
    <security> 
      <securityTokenManager>
        <add localName="UsernameToken"
             type="CustomSecurityNamespace.CustomSecurityClass, AssemblyName" 
             namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
      </securityTokenManager>
    </security>
  </microsoft.web.services3>
</configuration>

See Also

Tasks

How to: Create a Security Token Manager for a Custom Security Token

Reference

<securityTokenManager> Element
<cacheLimit> Element