Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining


Windows Identity Foundation
[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

This topic discusses conventions used throughout the Windows® Identity Foundation (WIF) configuration topics and describes some common features and attributes used in the <microsoft.identityModel> section.

Many of the elements have a mode attribute. This attribute typically controls which class is used to do a particular part of the processing and which configuration elements are allowed as child elements of the current element. A configuration error will be raised if elements that are included in the configuration file are ignored because of the mode settings.

Where TimeSpan is used as the type of an attribute, see the Parse method to see the allowed format, which fits the following specification.

[ws][-]{ d | [d.]hh:mm[:ss[.ff]] }[ws]

For example, "30", "30.00:00", "30.00:00:00" all mean 30 days; and "00:05", "00:05:00", "0.00:05:00.00" all mean 5 minutes.

Several elements take references to certificates using the <certificateReference> element. When referencing a certificate, the following attributes are available.



A value of the StoreLocation enumeration: CurrentUser or CurrentMachine.


A value of the StoreName enumeration; the most useful for this context are My and TrustedPeople.


A value of the X509FindType enumeration; the most useful for this context are FindBySubjectName and FindByThumbprint. To eliminate the chance of error, it is recommended that the FindByThumbprint type be used in production environments.


The value used to find the certificate, based on the x509FindType attribute. To eliminate the chance of error, it is recommended that the FindByThumbprint type be used in production environments. When FindByThumbPrint is specified, this attribute takes a value that is the hexadecimal-string form of the certificate thumbprint; for example, "97249e1a5fa6bee5e515b82111ef524a4c91583f".

Several elements reference custom types, using the type attribute. This attribute should specify the name of the custom type. To reference a type from the Global Assembly Cache (GAC), a strong name should be used. To reference a type from an assembly in the Bin/ directory, a simple assembly-qualified reference may be used. Types defined in the App_Code/ directory may also be referenced by simply specifying the type name with no qualifying assembly.

Custom types must be derived from the type specified and they must provide a public default (0 argument) constructor.

© 2015 Microsoft