Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

ConfigurationBasedIssuerNameRegistry Class

.NET Framework 4.5

Represents an issuer name registry that maintains a list of trusted issuers loaded from elements in the application configuration file that associate each issuer name to the X.509 certificate that is needed to verify the signature of tokens produced by the issuer.

System.Object
  System.IdentityModel.Tokens.IssuerNameRegistry
    System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry

Namespace:  System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)
public class ConfigurationBasedIssuerNameRegistry : IssuerNameRegistry

The ConfigurationBasedIssuerNameRegistry type exposes the following members.

  NameDescription
Public methodConfigurationBasedIssuerNameRegistryInitializes a new instance of the ConfigurationBasedIssuerNameRegistry class.
Top
  NameDescription
Public propertyConfiguredTrustedIssuersGets the dictionary of trusted issuers that have been configured for this instance.
Top
  NameDescription
Public methodAddTrustedIssuerAdds an issuer to the dictionary of trusted issuers.
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetIssuerName(SecurityToken)Returns the issuer name associated with the specified X509SecurityToken by mapping the certificate thumbprint to a name in the trusted issuers dictionary. (Overrides IssuerNameRegistry.GetIssuerName(SecurityToken).)
Public methodGetIssuerName(SecurityToken, String)When overridden in a derived class, returns the name of the issuer of the specified security token. The specified issuer name may be considered in determining the issuer name to return. (Inherited from IssuerNameRegistry.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodGetWindowsIssuerNameReturns the default issuer name to be used for Windows claims. (Inherited from IssuerNameRegistry.)
Public methodLoadCustomConfigurationLoads the trusted issuers from configuration. (Overrides IssuerNameRegistry.LoadCustomConfiguration(XmlNodeList).)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

The ConfigurationBasedIssuerNameRegistry class maintains a dictionary of trusted issuers by mapping the certificate of each trusted issuer to a name that refers to that issuer. The certificates are specified using the ASN.1 encoded form of the thumbprint. The issuer name can be any string, as long as it is unique within the scope of the application. This dictionary can be accessed through the ConfiguredTrustedIssuers property. The class can only resolve X.509 certificates.

The map of trusted issuers is specified in a configuration file by adding entries under the <trustedIssuers> element. The <trustedIssuers> element is a child element of the <issuerNameRegistry> element and it is valid when the ConfigurationBasedIssuerNameRegistry class is specified in the type attribute of that element. For more information, see the documentation for each of these elements in the Windows Identity Foundation Configuration Schema. For more information about issuer name registries, see the IssuerNameRegistry class.

You can derive from ConfigurationBasedIssuerNameRegistry to implement your own configuration based issuer name registry. Which methods you override will depend upon your implementation. For example, you can override the LoadCustomConfiguration method to load configuration from a custom configuration schema.

The following XML shows configuration for a ConfigurationBasedIssuerNameRegistry added for a collection of security token handlers. The <trustedIssuers> element behaves like a classic .NET configuration collection, allowing the <add>, <delete> and <clear> elements as child elements.

<system.identityModel>
  <identityConfiguration>
    <securityTokenHandlersCollection>
      <securityTokenHandlerConfiguration>
        <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel">
          <trustedIssuers>
             <add thumbprint="97249e … 158de" name="contoso.com" />
         </trustedIssuers>
        </issuerNameRegistry>
      </securityTokenHandlerConfiguration>
  </identityConfiguration>
</system.identityModel>

.NET Framework

Supported in: 4.5.1, 4.5

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.