WS_SECURITY_PROPERTY_ID enumeration (webservices.h)
Identifies the properties representing channel-wide security settings. This enumeration is used within the WS_SECURITY_PROPERTY structure, which is in turn used within a WS_SECURITY_DESCRIPTION structure.
Syntax
typedef enum {
WS_SECURITY_PROPERTY_TRANSPORT_PROTECTION_LEVEL = 1,
WS_SECURITY_PROPERTY_ALGORITHM_SUITE = 2,
WS_SECURITY_PROPERTY_ALGORITHM_SUITE_NAME = 3,
WS_SECURITY_PROPERTY_MAX_ALLOWED_LATENCY = 4,
WS_SECURITY_PROPERTY_TIMESTAMP_VALIDITY_DURATION = 5,
WS_SECURITY_PROPERTY_MAX_ALLOWED_CLOCK_SKEW = 6,
WS_SECURITY_PROPERTY_TIMESTAMP_USAGE = 7,
WS_SECURITY_PROPERTY_SECURITY_HEADER_LAYOUT = 8,
WS_SECURITY_PROPERTY_SECURITY_HEADER_VERSION = 9,
WS_SECURITY_PROPERTY_EXTENDED_PROTECTION_POLICY = 10,
WS_SECURITY_PROPERTY_EXTENDED_PROTECTION_SCENARIO = 11,
WS_SECURITY_PROPERTY_SERVICE_IDENTITIES = 12
} WS_SECURITY_PROPERTY_ID;
Constants
WS_SECURITY_PROPERTY_TRANSPORT_PROTECTION_LEVELValue: 1 A WS_PROTECTION_LEVEL value that determines whether signing alone or signing plus encryption should be done for the connection. With at least one transport security binding in the security description, the default is WS_PROTECTION_LEVEL_SIGN_AND_ENCRYPT. |
WS_SECURITY_PROPERTY_ALGORITHM_SUITEValue: 2 With mixed-mode security, this property is a WS_SECURITY_ALGORITHM_SUITE structure that specifies the algorithm suite to be used. . This property may not be used in conjunction with WS_SECURITY_PROPERTY_ALGORITHM_SUITE_NAME. If neither this property nor WS_SECURITY_ALGORITHM_SUITE_NAME is specified, the algorithm suite defaults to WS_SECURITY_ALGORITHM_SUITE_NAME_BASIC128 when WS_KERBEROS_APREQ_MESSAGE_SECURITY_BINDING is used and WS_SECURITY_ALGORITHM_SUITE_NAME_BASIC256 otherwise. |
WS_SECURITY_PROPERTY_ALGORITHM_SUITE_NAMEValue: 3 With mixed-mode security, this property is a WS_SECURITY_ALGORITHM structure that specifies the algorithm suite to be used. The suite names refer to collections of algorithms defined in WS-SecurityPolicy 1.1section 7.1. This property may not be used in conjunction with WS_SECURITY_PROPERTY_ALGORITHM_SUITE. If neither this property nor WS_SECURITY_ALGORITHM_SUITE is specified, the algorithm suite defaults to WS_SECURITY_ALGORITHM_SUITE_NAME_BASIC128 when WS_KERBEROS_APREQ_MESSAGE_SECURITY_BINDING is used and WS_SECURITY_ALGORITHM_SUITE_NAME_BASIC256 otherwise. |
WS_SECURITY_PROPERTY_MAX_ALLOWED_LATENCYValue: 4 With mixed-mode security, this property is a WS_TIMESPAN structure that specifies the maximum allowed staleness of an incoming timestamp in the security header. The default is 5 minutes. |
WS_SECURITY_PROPERTY_TIMESTAMP_VALIDITY_DURATIONValue: 5 With mixed-mode security, this property is a WS_TIMESPAN structure that specifies the timestamp generated by the sender will remain valid for this duration from the security application instant. This setting is sometimes called 'time-to-live' or 'TTL'. The default is 5 minutes. |
WS_SECURITY_PROPERTY_MAX_ALLOWED_CLOCK_SKEWValue: 6 With mixed-mode security, this property is a WS_TIMESPAN structure that specifies the maximum skew allowed between the clocks of the sender and receiver. This quantity serves as a margin of tolerance on the enforcement of settings such as WS_SECURITY_PROPERTY_MAX_ALLOWED_LATENCY. The default is 5 minutes. |
WS_SECURITY_PROPERTY_TIMESTAMP_USAGEValue: 7 With mixed-mode security, this property is a WS_SECURITY_TIMESTAMP_USAGE value that specifies whether a timestamp should be generated (at sender) and demanded (at receiver) in the security header. The default is WS_SECURITY_TIMESTAMP_USAGE_ALWAYS. |
WS_SECURITY_PROPERTY_SECURITY_HEADER_LAYOUTValue: 8 With mixed-mode security, this property is a WS_SECURITY_HEADER_LAYOUT value that specifies the layout of the security header. The default is WS_SECURITY_HEADER_LAYOUT_STRICT. |
WS_SECURITY_PROPERTY_SECURITY_HEADER_VERSIONValue: 9 With mixed-mode security, this property is a WS_SECURITY_HEADER_VERSION value that specifies the WS-Security version to use for the security header. The default is WS_SECURITY_HEADER_VERSION_1_1. |
WS_SECURITY_PROPERTY_EXTENDED_PROTECTION_POLICYValue: 10 A WS_EXTENDED_PROTECTION_POLICY value that specfies whether to validate Extended Protection data. Only available if extended protection is used. The default is WS_EXTENDED_PROTECTION_POLICY_WHEN_SUPPORTED on configurations that support extended protection. This property is only available on the server and can only be used when WS_HTTP_CHANNEL_BINDING with either WS_HTTP_HEADER_AUTH_SECURITY_BINDING or WS_KERBEROS_APREQ_MESSAGE_SECURITY_BINDING is used. Supported by default on Windows 7 and above. May require an update on systems running earlier versions of Windows. If the operating system was not updated, this property is still available but has no effect. |
WS_SECURITY_PROPERTY_EXTENDED_PROTECTION_SCENARIOValue: 11 A WS_EXTENDED_PROTECTION_SCENARIO value that specifies the deployment scenario of the server as it pertains to Extended Protection. Only available if extended protection is used. This property is only available on the server and can only be used when WS_HTTP_CHANNEL_BINDING with either WS_HTTP_HEADER_AUTH_SECURITY_BINDING or WS_KERBEROS_APREQ_MESSAGE_SECURITY_BINDING is used. The default is WS_EXTENDED_PROTECTION_SCENARIO_BOUND_SERVER. Supported by default on Windows 7 and above. May require an update on systems running earlier versions of Windows. If the operating system was not updated, this property is still available but has no effect. |
WS_SECURITY_PROPERTY_SERVICE_IDENTITIESValue: 12 A WS_SERVICE_SECURITY_IDENTITIES structure that sets the Server Principal Names (SPNs) the server is willing to accept as part of validating Extended Protection data. SPNs are validated when a WS_HTTP_HEADER_AUTH_SECURITY_BINDING is used without a WS_SSL_TRANSPORT_SECURITY_BINDING or when WS_EXTENDED_PROTECTION_SCENARIO_TERMINATED_SSL is set. This property is only available on the server and can only be used with WS_HTTP_CHANNEL_BINDING. If all of the above requirements are met, this property must be set for security verification to succeed. Otherwise, it must not be set. Supported by default on Windows 7 and above. Requires update to the operating system on other platforms. If the operating system was not updated, this property is still available but has no effect. |
Remarks
All properties defined by the keys here have reasonable defaults; so specifying them is optional. In the common case, one should be able to create a WS_SECURITY_DESCRIPTION without setting any of the properties below.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 7 [desktop apps | UWP apps] |
| Minimum supported server | Windows Server 2008 R2 [desktop apps | UWP apps] |
| Header | webservices.h |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for