Share via


LogonServerConfigurationHandler Class

 

Reads configuration data for the Logon Server component of AD FS, which runs on the Federation Service and Federation Service Proxy and is responsible for handling protocol requests to the endpoint URL.

Namespace:   System.Web.Security.SingleSignOn
Assembly:  System.Web.Security.SingleSignOn (in System.Web.Security.SingleSignOn.dll)

Inheritance Hierarchy

System.Object
  System.Web.Security.SingleSignOn.LogonServerConfigurationHandler

Syntax

public class LogonServerConfigurationHandler : IConfigurationSectionHandler
public ref class LogonServerConfigurationHandler : IConfigurationSectionHandler
type LogonServerConfigurationHandler = 
    class
        interface IConfigurationSectionHandler
    end
Public Class LogonServerConfigurationHandler
    Implements IConfigurationSectionHandler

Constructors

Name Description
System_CAPS_pubmethod LogonServerConfigurationHandler()

Initializes a new instance of the LogonServerConfigurationHandler class.

Methods

Name Description
System_CAPS_pubmethod Create(Object, Object, XmlNode)

This method supports the AD FS infrastructure and is not intended for public use.

System_CAPS_pubmethod Equals(Object)

(Inherited from Object.)

System_CAPS_protmethod Finalize()

(Inherited from Object.)

System_CAPS_pubmethod GetHashCode()

(Inherited from Object.)

System_CAPS_pubmethod GetType()

(Inherited from Object.)

System_CAPS_protmethod MemberwiseClone()

(Inherited from Object.)

System_CAPS_pubmethod ToString()

(Inherited from Object.)

Remarks

The web.config in the application root of Federation Service or Federation Service Proxy should register a system.web section called “logonserver” to be handled by this class. Such a registration looks like this:

<configuration>
    <configSections>
        <sectionGroup name="system.web">
            <section name="logonserver" type="System.Web.Security.SingleSignOn.LogonServerConfigurationHandler, System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35, Custom=null" />
        </sectionGroup>
    </configSections>
</configuration>

XPath

Element value description

logonserver/forms/discovery

The name of the aspx form which should be invoked for the DiscoverClientRealm action. The default is “discoverclientrealm.aspx”.

logonserver/forms/logon

The name of the aspx form which should be invoked for the CollectionInitialCredentials and CollectAdditionalCredentials actions. The default is “clientlogon.aspx”.

logonserver/forms/signout

The name of the aspx form which should be invoked for the CleanupTopLevel and CleanupNested actions. The default is “signout.aspx”.

logonserver/forms/policy

The name of the aspx form which should be invoked for the PolicyEnforcement action. The default is null, which avoid the PolicyEnforcement action.

logonserver/posttimeout

The number of seconds to pause before posting a token to a resource partner or application. The default is 0.

logonserver/policyinterval

On the Federation Service Proxy, this indicates the frequency with which an otherwise idle proxy will consider calling GetProxyTrustInformation to refresh trust policy information from the Federation Service. The default is 30 minutes.

logonserver/policythreshhold

On the Federation Service Proxy, this indicates how old the trust policy information must be to warrant a call to GetProxyTrustInformation. Every policyinterval minutes, if the proxy has not made any call to the Federation Server in policythreshhold minutes or more, it forces a call to GetProxyTrustInformation to update the policy.

logonserver/soap/fsuri

On the Federation Service Proxy, this specifies the URL of the Federation Service. Generally, this is of the form “https://fs.example.com/adfs/fs/federationserverservice.asmx”.

logonserver/soap/certhash

On the Federation Service Proxy, this specifies the thumbprint of the certificate from the Local Machine “My” store which should be used to perform client authentication to the Federation Service. This certificate hash must also be configured on the Federation Service in the TrustPolicy.LSClientCertificates collection.

logonserver/auditlevel

On the Federation Service Proxy, this specifies the value of SingleSignOnEventLogLevel to be used for event logging and auditing. The default is SingleSignOnEventLogLevel.Everything.

Examples

<system.web>
  <logonserver>
    <forms>
      <discovery>discoverclientrealm.aspx</discovery>
      <logon>clientlogon.aspx</logon>
      <signout>signout.aspx</signout>
    </forms>
  </logonserver>
</system.web>

Thread Safety

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

See Also

LSAuthenticationModule
System.Web.Security.SingleSignOn Namespace

Return to top