To secure a web service using username-password tokens, digital signatures, and/or encryption, follow these steps.
Before securing a web service, make sure that the Application Server is set up as described in "Configuring the Application Server for Message Security", and that default providers have been enabled, as described in "Enabling Providers for Message Security" and "Enabling Message Security for Client Applications".
sender
for both the client and server provider. content
for both the client and server provider.content
and set the Authentication Recipient to before-content
for both the client and server provider. sender
and set the Authentication Recipient to before-content
for both the client and server provider.For a description of all possible combinations of Authentication Source and Authentication Recipient fields along with the results of these combinations, read "Actions of Request and Response Policy Configurations".
See Also: