How to Configure an ASP.NET Relying Party Application with Windows Identity Foundation
In order to use the Windows® Identity Foundation (WIF) framework to create an ASP.NET website that acts as an Information Card or WS-Federation relying party, you must make a number of changes to the Web.config file.
-
Reference the Microsoft.IdentityMode assembly.
You must reference the Microsoft.IdentityModel assembly from the system.web/compilation section of the Web.config file.
<configuration> ... <system.web> ... <compilation> <assemblies> <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </assemblies> </compilation> ... </system.web> ... </configuration> -
Register the HTTP module.
Support for relying party applications has been built using the following ASP.NET modules:
-
SessionAuthenticationModule
-
WSFederationAuthenticationModule
-
ClaimsPrincipalHttpModule
-
ClaimsAuthorizationModule
Depending on your hosting environment, you must add the necessary modules for your application in one of two places:
-
For ASP.NET applications running under Internet Information Services (IIS) 6.0 or running under IIS 7.0 from an application pool configured for Classic mode, you must reference the modules required by the application from the system.web/httpModules section of the Web.config file.
<configuration> ... <system.web> ... <httpModules> <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> <add name="WSFederatedAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederatedAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </httpModules> ... </system.web> ... </configuration> -
For ASP.NET applications running under IIS 7.0 from an application pool configured for Integrated mode, you must reference the modules required by the application from the system.webServer/modules section of the Web.config file or the ApplicationHost.config file.
<configuration> ... <system.webServer> ... <modules> <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/> <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/> </modules> ... </system.webServer> ... </configuration>
-
SessionAuthenticationModule
-
Register the configuration section.
To use the rest of the configuration described by this topic, you must reference MicrosoftIdentityModelSection from the configSections section of the Web.config file.
<configuration> ... <configSections> <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </configSections> ... </configuration> -
Create a microsoft.identityModel section and add one or more <service> elements to create WIF service configurations. For more information about the <service> element, see Service Configuration.
<configuration> ... <microsoft.identiyModel> <service name="MyService"> ... </service> ... </microsoft.identityModel> ... </configuration>
See Also