WS_EXTENDED_PROTECTION_POLICY enumeration (webservices.h)

Defines if Extended Protection data should be validated. This property is only available on the server, and can only be set when WS_CHANNEL_BINDING with WS_SSL_TRANSPORT_SECURITY_BINDING and either WS_KERBEROS_APREQ_MESSAGE_SECURITY_BINDING or WS_HTTP_HEADER_AUTH_SECURITY_BINDING is used.

Syntax

typedef enum {
  WS_EXTENDED_PROTECTION_POLICY_NEVER = 1,
  WS_EXTENDED_PROTECTION_POLICY_WHEN_SUPPORTED = 2,
  WS_EXTENDED_PROTECTION_POLICY_ALWAYS = 3
} WS_EXTENDED_PROTECTION_POLICY;

Constants

WS_EXTENDED_PROTECTION_POLICY_NEVER Value: 1 Extended protection data is not validated.
WS_EXTENDED_PROTECTION_POLICY_WHEN_SUPPORTED Value: 2 If the client system supports the extended protection feature, extended protection data is looked for and validated during authentication. Otherwise it is ignored. A server can detect whether the client's operating system supports extended protection but chose not to include the extended protection data or whether it does not support extended protection. The former case is insecure and thus rejected. The latter is allowed when using this flag. NOTE: If the client supports the extended protection feature, but did not include extended protection data in the authentication data, this setting will cause requests to fail. This scenario is possible when the operating system was patched but the client web services implementation does not send the necessary data. This is the default.
WS_EXTENDED_PROTECTION_POLICY_ALWAYS Value: 3 Extended protection data is required to be present and is always validated. Clients that are not extended-protection-aware cannot authenticate to a server setting this flag.

Requirements

Requirement	Value
Minimum supported client	v.1.0
Header	webservices.h