This documentation is archived and is not being maintained.

Configuration for Windows Identity Foundation

Windows Identity Foundation
[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

The topics in this section explain how to configure a Windows® Identity Foundation (WIF) relying party (RP) application using a configuration file. You can also configure an RP through classes exposed by WIF. These classes are noted in the sections that treat relevant elements in the schema. For more information about the classes used in configuration, see Configuration. The following lists the basic XML tag structure exposed by the WIF configuration schema. Attributes and end tags are omitted. Comments highlight major components of the schema and also correspond to sections in this topic.

<microsoft.identityModel>
    <!-- Service Configuration -->
    <service>
        <applicationService>
            <claimTypeRequired>
                <claimType> 
        <audienceUris>
            <add>
            <clear>
            <remove> 
        <certificateValidation>
            <certificateValidator> 
        <claimsAuthenticationManager>
        <claimsAuthorizationManager>
        
        <!-- Federation Authentication Configuration -->
        <federatedAuthentication>
            <federatedAuthentication>
                <wsFederation>
                <cookieHandler>
                    <chunkedCookieHandler>
                    <customCookieHandler>   
        
        <issuerNameRegistry>
        <issuerTokenResolver>
        <maximumClockSkew>
        
        <!-- Security Token Handler Collection Configuration -->
        <securityTokenHandlers>
            <add>
                <!-- Security Token Handler Configuration -->
                <optionalConfigurationElement>
            <clear>
            <remove>
            <securityTokenHandlerConfiguration>
                <audienceUris>
                    <add>
                    <clear>
                    <remove> 
                <certificateValidation>
                    <certificateValidator> 
                <issuerNameRegistry>
                <issuerTokenResolver>
                <maximumClockSkew>
                <serviceTokenResolver>
        
        <serviceCertificate>
        <serviceTokenResolver>
    </service>
</microsoft.identityModel>

This section is divided into the following topics:

  • How to Configure an ASP.NET Relying Party Application with Windows Identity Foundation provides information about the basic sections you must add to the Web.config file to configure an ASP.NET website to act as a WS-Federation relying party. This includes information about how to reference the Microsoft.IdentityModel assembly, how to register the appropriate HTTP modules, and how to create the configuration section, microsoft.identityModel, for WIF.

  • Conventions provides information about common types, attributes, and elements used throughout the microsoft.identityModel section.

  • Service Configuration provides information about how to create service-wide configuration settings using the <service> element.

  • Security Token Handler Collection Configuration provides information about how to configure token handler collections using the <securityTokenHandlers> element.

  • Security Token Handler Configuration provides information about how to specify configuration on individual security token handlers using a child element of the <add> element. Several of the built-in handlers support this feature and the elements that are used to configure them are discussed in this section.

  • Federated Authentication Configuration provides information about how to configure federation for the RP application by using the <federatedAthentication> element.

See Also



Show: