<extensions> Element
Specifies a set of policy extensions that are used to define the policy assertions for the application.
<extensions>
<extension name type />
</extensions>
Attributes and Elements
Attributes
None.
Child Elements
| Element | Description |
|---|---|
Required element. Specifies a policy extension. |
Parent Elements
| Element | Description |
|---|---|
The root element for a policy file. |
Remarks
Within a policy file, policy assertions are defined using standard or custom security assertions and security token providers that are specified in an <extension> Element child element of an <extensions> Element element. For example, the <usernameForCertificateSecurity> Element element is a standard security assertion that specifies that a UsernameToken security token is used to authenticate the client and that an X509SecurityToken security token is used to authenticate the server and to sign and encrypt the SOAP messages between the two endpoints. To use this standard security assertion, add <usernameForCertificateSecurity> Element, <x509> Element (Policy), and <username> Element child elements to the <extensions> Element element. The <x509> and <username> element are security token providers that are required by the <usernameOverX509Security> element.
Example
The following code example demonstrates how one might secure one portion of a client to Web service application using the combination of a username and password and an X.509 certificate. The code example defines a policy assertion named usernameAuthenticationX509Protection that specifies that a UsernameToken security token is used to authenticate the client and that an X509SecurityToken security token is used to authenticate the server and to sign and encrypt the SOAP messages between the client and the Web service.
Note
This code example is designed to demonstrate WSE features and is not intended for production use.
<policies>
<extensions>
<extension name="usernameOverX509Security"
type="Microsoft.Web.Services3.Design.UsernameOverX509Assertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="x509"
type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="usernameAuthenticationX509Protection">
<usernameOverX509Security
establishSecurityContext="true"
signatureConfirmation="false"
protectionOrder="SignBeforeEncrypting"
deriveKeys="true">
<serviceToken>
<x509 storeLocation="LocalMachine"
storeName="My"
findValue="CN=books.contoso.com"
findType="FindBySubjectDistinguishedName" />
</serviceToken>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="false" />
</protection>
</usernameOverX509Security>
<requireActionHeader />
</policy>
</policies>