Drilldown on Your Policy File.

Listing 1. You can learn a significant amount of information by examining the structure of the policy file. For example, you can look at this file to determine the intricacies of how WSE implemented the usernameForCertificateSecurity assertion. Note that the settings for this file were determined by the options you selected in the wizard.

<policies xmlns=
"http://schemas.microsoft.com/wse/2005/06/policy">
<extensions>
	<extension 
		name="usernameForCertificateSecurity" 
		type="Microsoft.Web.Services3.
			Design.UsernameForCertificateAssertion,
			Microsoft.Web.Services3,
			Version=3.0.0.0, Culture=neutral,
			PublicKeyToken=31bf3856ad364e35" />
	<extension name="x509" 
		type="Microsoft.Web.Services3.
		Design.X509TokenProvider,
		Microsoft.Web.Services3, Version=3.0.0.0,
		Culture=neutral,
		PublicKeyToken=31bf3856ad364e35" />
	<extension name="requireActionHeader" 
		type="Microsoft.Web.Services3.
		Design.RequireActionHeaderAssertion,
		Microsoft.Web.Services3, Version=3.0.0.0,
		Culture=neutral,
		PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="MyPolicy">
	<usernameForCertificateSecurity 
		establishSecurityContext="false" 
		renewExpiredSecurityContext="true" 
		requireSignatureConfirmation="false" 
		messageProtectionOrder="SignBeforeEncrypt" 
		requireDerivedKeys="true" 
		ttlInSeconds="300">
	<serviceToken>
		<x509 storeLocation="LocalMachine" 
			storeName="My" 
			findValue="CN=WSE2QuickStartServer" 
		findType="FindBySubjectDistinguishedName"
		/>
	</serviceToken>
	<protection>
		<request 
			signatureOptions="IncludeAddressing,
			IncludeTimestamp, IncludeSoapBody"
			encryptBody="true" />
		<response 
			signatureOptions="IncludeAddressing,
			IncludeTimestamp, IncludeSoapBody" 
			encryptBody="true" />
		<fault 
			signatureOptions="IncludeAddressing,
			IncludeTimestamp, IncludeSoapBody" 
			encryptBody="false" />
		</protection>
	</usernameForCertificateSecurity>
	<requireActionHeader />
</policy>
</policies>