WSE’s little known fact: custom SecurityContextToken issuers and policy

Byvibro on
0 Comments

I’m sure everybody appreciated how WSE2 makes exceptionally easy to use WS-SecureConversation: you turn autoIssueSecurityContextToken on, you lay out two matching policy caches and voilà. Your endpoint has a double life: by day it answers WSDL-legitimate requests, by night it gives away SCTs to the worthy clients 🙂
What is less known is that you can apply exactly the same model even if you lay out your own SecurityContextTokenService heir: you have just to add a classical type attribute to autoIssueSecurityContextToken, where you describe your issuer class:


<autoIssueSecurityContextToken enabled=”true” type=”MyAssembly.CustomSecurityContextTokenService, MyAssembly” />


your custom SCT issuer will be automagically associated with the endpoint, exactly like the WSE one. Coool, isn’t it?

Leave a Reply

Your email address will not be published. Required fields are marked *