Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

<identityConfiguration>

.NET Framework 4.5

Specifies service-level identity settings.

<system.identityModel>
  <identityConfiguration>
<system.identityModel>
  <identityConfiguration
      name=xs:string
      saveBootstrapContext=xs:boolean>
      maximumClockSkew=TimeSpan >
  </identityConfiguration>
</system.identityModel>

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute

Description

name

The name of the identity configuration section. You can use this name to reference a specific configuration section. If no name attribute is specified, the section defines the default configuration. The default configuration is always used for passive federation scenarios. For more information, see the <federationConfiguration> element.

saveBootstrapContext

Specifies whether bootstrap tokens should be included in the session token. The value may also be set on a token handler collection by setting the saveBootstrapContext attribute on the <securityTokenHandlerConfiguration> element. A value set on the token handler collection overrides the value set on the service.

maximumClockSkew

A TimeSpan that specifies the maximum allowed clock skew. Controls the maximum allowed clock skew when performing time-sensitive operations, such as validating the expiration time of a sign-in session. The default is 5 minutes, “00:05:00”. For more information about how to specify TimeSpan values, see Timespan Values. The maximum clock skew may also be set on a token handler collection by setting the maximumClockSkew attribute on the <securityTokenHandlerConfiguration> element. A value set on the token handler collection overrides the value set on the service.

Child Elements

Element

Description

<caches>

Registers the caches used for session tokens and token replay detection. Can be specified at the service-level or on a security token handler collection. Optional.

<certificateValidation>

Controls the settings that token handlers use to validate certificates. Can be specified at the service-level or on a security token handler collection. Optional.

<claimsAuthenticationManager>

Registers a claims authentication manager for the incoming claims. Optional.

<claimsAuthorizationManager>

Registers a claims authorization manager for the incoming claims. Optional.

<claimTypeRequired>

Specifies the set of required claims for incoming security tokens. Optional.

<securityTokenHandlers>

Specifies a collection of security token handlers. Zero or more collections of security token handlers can be specified. Optional.

<tokenReplayDetection>

Enables token replay detection and specifies the expiration time for tokens. Can be specified at the service-level or on a security token handler collection. Optional.

Parent Elements

Element

Description

<system.identityModel>

Provides configuration for enabling Windows Identity Foundation (WIF) options in applications.

Multiple identity configurations may be defined, each with a unique name. The behavior is as follows:

  1. If no <identityConfiguration> element is specified. A default identity configuration is created at runtime and populated with default values.

  2. If a single <identityConfiguration> element is specified. It is the default identity configuration. It does not matter whether it is named or unnamed.

  3. If multiple <identityConfiguration> elements are specified. The unnamed element specifies the default identity configuration. It is recommended that when you specify multiple <identityConfiguration> elements, one of them should be unnamed.

Caution noteCaution

If you specify multiple <identityConfiguration> elements, one of them should be unnamed. The unnamed element will be the default identity configuration.

Some of the settings specified in the <identityConfiguration> element can be overridden by settings on a security token handler collection or by settings on individual security token handlers.

Important noteImportant

When using the ClaimsPrincipalPermission or the ClaimsPrincipalPermissionAttribute class to provide claims-based access control in your code, the identity configuration that is referenced by the <federationConfiguration> element configures the claims authorization manager and policy that is used to make authorization decisions. This is true, even in scenarios that are not passive Web scenarios, for example Windows Communication Foundation (WCF) applications or an application that is not Web-based. If the application is not a passive Web application, the <claimsAuthorizationManager> element (and its child policy elements, if present) of the referenced identity configuration are the only settings applied. All other settings are ignored. For more information, see the <federationConfiguration> element.

The <identityConfiguration> element is represented by the IdentityConfigurationElement class. An identity configuration section is represented by the IdentityConfiguration class.

Important noteImportant

Specifying the following elements as child elements of the <identityConfiguration> element has been deprecated, although the behavior is still supported for backward compatibility. These elements should, instead, be specified under the <securityTokenHandlerConfiguration> element.

The following example creates an identity configuration named “alternateConfiguration”. The identity configuration specifies default settings.

<system.identityModel>
    <identityConfiguration name="alternateConfiguration"/>
</system.identityModel>
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.