<system.identityModel.services>

.NET Framework 4.5

Configuration section for authentication using the WS-Federation protocol.

<system.identityModel.services>
<system.identityModel.services>
  <federationConfiguration name=xs:string identityConfigurationName=xs:string>
  </federationConfiguration>
</system.identityModel.services>

The following sections describe attributes, child elements, and parent elements.

Attributes

None

Child Elements

Element

Description

<federationConfiguration>

Contains the settings that configure the WSFederationAuthenticationModule (WSFAM) and the SessionAuthenticationModule (SAM) HTTP modules.

Parent Elements

None

Add a <system.identityModel.services> section to your application’s configuration file to provide settings for the SAM and WSFAM.

Important note Important

When using the ClaimsPrincipalPermission or the ClaimsPrincipalPermissionAttribute class to provide claims-based access control in your code, the claims authorization manager (ClaimsAuthorizationManager) and policy that is used to make authorization decisions are configured through an <identityConfiguration> element that is implicitly or explicitly referenced from a <federationConfiguration> element in this section. For more information, see the Remarks under the <federationConfiguration> element.

The <system.identityModel.services> section is represented by the SystemIdentityModelServicesSection class. The collection of child <federationConfiguration> elements configured in the section is represented by the FederationConfigurationElementCollection class.

The following XML shows how to add a <system.identityModel.services> section to a configuration file. You must first add section declarations for both the <system.identityModel.services> section and the <system.identityModel> sections. (When you add a <system.identityModel.services> section, you should also add a declaration for the <system.identityModel> section to ensure that a default <identityConfiguration> section can be created by the runtime if necessary.) After the section declarations have been added, you can configure federated authentication settings under the <system.identityModel.services> element.

<configuration>
  <configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
  </configSections>
  
  <!-- Additional elements (not shown) -->
  
  
  <system.identityModel.services>
    <federationConfiguration>
      <wsFederation passiveRedirectEnabled="true" 
        issuer="http://localhost:15839/wsFederationSTS/Issue" 
        realm="http://localhost:50969/" reply="http://localhost:50969/" 
        requireHttps="false" 
        signOutReply="http://localhost:50969/SignedOutPage.html" 
        signOutQueryString="Param1=value2&amp;Param2=value2" 
        persistentCookiesOnPassiveRedirects="true" />
      <cookieHandler requireSsl="false" />
    </federationConfiguration>
  </system.identityModel.services>
  
</configuration>
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft