Specifies the types of required and optional claims expected to appear in the federated credential.
Assembly: System.ServiceModel (in System.ServiceModel.dll)
Thetype exposes the following members.
|Equals(Object)||Determines whether the specified Object is equal to the current Object. (Inherited from Object.)|
|Finalize||Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)|
|GetHashCode||Serves as a hash function for a particular type. (Inherited from Object.)|
|GetType||Gets the Type of the current instance. (Inherited from Object.)|
|MemberwiseClone||Creates a shallow copy of the current Object. (Inherited from Object.)|
|ToString||Returns a string that represents the current object. (Inherited from Object.)|
In a federated scenario, services state the requirements on incoming credentials. For example, the incoming credentials must possess a certain set of claim types. This requirement is manifested in a security policy. When a client requests a security token from a security token service (for example, ), it puts the requirements into a token request so that the security token service can issue the security token that satisfies the requirements accordingly.
The following code adds two claim type requirements to a security binding.
WSFederationHttpBinding binding = new WSFederationHttpBinding(); binding.Security.Message.ClaimTypeRequirements.Add (new ClaimTypeRequirement ("http://schemas.microsoft.com/ws/2005/05/identity/claims/EmailAddress")); binding.Security.Message.ClaimTypeRequirements.Add (new ClaimTypeRequirement ("http://schemas.microsoft.com/ws/2005/05/identity/claims/UserName", true));
The following config file is used with the preceding code.
<bindings> <wsFederationHttpBinding> <binding name="myFederatedBinding"> <security mode="Message"> <message issuedTokenType="urn:oasis:names:tc:SAML:1.0:assertion"> <claimTypeRequirements> <add claimType="http://schemas.microsoft.com/ws/2005/05/identity/claims/EmailAddress" isOptional="false" /> <add claimType="http://schemas.microsoft.com/ws/2005/05/identity/claims/UserName" isOptional="true" /> </claimTypeRequirements> </message> </security> </binding> </wsFederationHttpBinding> </bindings>
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2