Assembly: System.IdentityModel (in System.IdentityModel.dll)
Use the property in a federated application that utilizes a security token service (STS) that issues SamlSecurityToken security tokens. When the STS issues the security token, it can specify the URI of the Web services for which the security token is intended by adding a SamlAudienceRestrictionCondition to the security token. That allows the SamlSecurityTokenAuthenticator for the recipient Web service to verify that the issued security token is intended for this Web service by specifying that this check should happen by doing the following:
Specify the set of valid URIs, by adding the URIs to the AllowedAudienceUris collection.
When the property is set to BearerKeyOnly, an incoming non-endorsing SamlSecurityToken must contain a SamlAudienceRestrictionCondition and the Audiences collection must contain a URI that matches one of the valid URIs specified in the AllowedAudienceUris collection. A non-endorsing or bearer token is a security token that is included in the message and not used to sign any part of the message.
Optionally, override the ValidateAudienceRestriction method to specify the validation algorithm to use for the allowed URI.
Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.