SecurityTokenServiceConfiguration Class

.NET Framework (current version)
 

Defines the configuration for a security token service (STS). Classes that implement STSs derive from the SecurityTokenService class.

Namespace:   System.IdentityModel.Configuration
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

System.Object
  System.IdentityModel.Configuration.IdentityConfiguration
    System.IdentityModel.Configuration.SecurityTokenServiceConfiguration

public class SecurityTokenServiceConfiguration : IdentityConfiguration

NameDescription
System_CAPS_pubmethodSecurityTokenServiceConfiguration()

Initializes a new instance of the SecurityTokenServiceConfiguration class.

System_CAPS_pubmethodSecurityTokenServiceConfiguration(Boolean)

Initializes a new instance of the SecurityTokenServiceConfiguration class. Optionally loads settings from the current configuration.

System_CAPS_pubmethodSecurityTokenServiceConfiguration(String)

Initializes a new instance of the SecurityTokenServiceConfiguration class that has the specified issuer name.

System_CAPS_pubmethodSecurityTokenServiceConfiguration(String, Boolean)

Initializes a new instance of the SecurityTokenServiceConfiguration class that has the specified issuer name. Optionally loads settings from the current configuration.

System_CAPS_pubmethodSecurityTokenServiceConfiguration(String, SigningCredentials)

Initializes a new instance of the SecurityTokenServiceConfiguration class that has the specified issuer name and signing credentials.

System_CAPS_pubmethodSecurityTokenServiceConfiguration(String, SigningCredentials, Boolean)

Initializes a new instance of the SecurityTokenServiceConfiguration class that has the specified issuer name and signing credentials. Optionally loads settings from the current configuration.

System_CAPS_pubmethodSecurityTokenServiceConfiguration(String, SigningCredentials, String)

Initializes a new instance of the SecurityTokenServiceConfiguration class that has the specified issuer name and signing credentials. Settings are loaded from the specified named configuration.

NameDescription
System_CAPS_pubpropertyAudienceRestriction

Gets or sets the configured AudienceRestriction.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyCaches

Gets or sets the configured IdentityModelCaches.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyCertificateValidationMode

Gets or sets the certificate validation mode used by handlers to validate issuer certificates.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyCertificateValidator

Gets or sets the certificate validator used by handlers to validate issuer certificates.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyClaimsAuthenticationManager

Gets or sets the claims authentication manager. The default is an instance of the ClaimsAuthenticationManager class.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyClaimsAuthorizationManager

Gets or sets the claims authorization manager.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyDefaultMaxSymmetricKeySizeInBits

Gets or sets the default key size limit in bits used check if the KeySize specified in the request is within this limit.

System_CAPS_pubpropertyDefaultSymmetricKeySizeInBits

Gets or sets the default key size in bits used in the issued token.

System_CAPS_pubpropertyDefaultTokenLifetime

Gets or sets the default lifetime used in the issued tokens.

System_CAPS_pubpropertyDefaultTokenType

Gets or sets the default token type that is used in token issuance.

System_CAPS_pubpropertyDetectReplayedTokens

Gets or sets a value in the default handler configuration that indicates whether handlers should detect replayed tokens.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyDisableWsdl

Gets or sets a value that specifies whether WSDL generation should be enabled for the security token service (STS).

System_CAPS_pubpropertyIsInitialized

Gets or sets a value that indicates whether the Initialize method has been called.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyIssuerNameRegistry

Gets or sets the issuer name registry used to resolve issuer names.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyIssuerTokenResolver

Gets or sets the issuer token resolver.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyMaxClockSkew

Gets or sets the maximum allowable time difference between the system clocks of the two parties that are communicating.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyMaximumTokenLifetime

Gets or sets the maximum token lifetime for issued tokens.

System_CAPS_pubpropertyName

Gets the service name of this configuration.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyRevocationMode

Gets or sets the revocation mode used by handlers to validate issuer certificates.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertySaveBootstrapContext

Gets or sets a value that indicates whether the BootstrapContext object is saved in the ClaimsIdentity and Sessions after token validation.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertySecurityTokenHandlerCollectionManager

Gets the SecurityTokenHandlerCollectionManager containing the set of SecurityTokenHandler objects that are used to serialize and validate tokens found in WS-Trust messages.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertySecurityTokenHandlers

Gets the collection of SecurityTokenHandler objects used to serialize and validate tokens found in WS-Trust messages.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertySecurityTokenService

Gets or sets the Type of the security token service (STS).

System_CAPS_pubpropertyServiceCertificate

Gets or sets the service certificate.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyServiceTokenResolver

Gets or sets the service token resolver.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertySigningCredentials

Gets or sets the signing credentials.

System_CAPS_pubpropertyTokenIssuerName

Gets or sets the issuer name so that it can be set in the issued token.

System_CAPS_pubpropertyTokenReplayCacheExpirationPeriod

Gets or sets the expiration period for items placed in the TokenReplayCache.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyTrustedStoreLocation

Gets or sets the trusted store location used by handlers to validate issuer certificates.(Inherited from IdentityConfiguration.)

System_CAPS_pubpropertyWSTrust13RequestSerializer

Gets or sets the WS-Trust 1.3 Request (RST) serializer.

System_CAPS_pubpropertyWSTrust13ResponseSerializer

Gets or sets the WS-Trust 1.3 Response (RSTR) serializer.

System_CAPS_pubpropertyWSTrustFeb2005RequestSerializer

Gets or sets the WS-Trust Feb 2005 Request (RST) serializer.

System_CAPS_pubpropertyWSTrustFeb2005ResponseSerializer

Gets or sets the WS-Trust Feb 2005 Response (RSTR) serializer.

NameDescription
System_CAPS_pubmethodCreateSecurityTokenService()

Creates an security token service (STS) instance from the Type specified in the SecurityTokenService property.

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_pubmethodInitialize()

Updates properties in the SecurityTokenHandlerConfiguration objects for the SecurityTokenHandlerCollection objects contained in the SecurityTokenHandlerCollectionManager to be consistent with the property values on this IdentityConfiguration instance.(Inherited from IdentityConfiguration.)

System_CAPS_protmethodLoadConfiguration(IdentityConfigurationElement)

Loads the settings for this IdentityConfiguration instance from the application or Web configuration file.(Inherited from IdentityConfiguration.)

System_CAPS_protmethodLoadHandlerConfiguration(IdentityConfigurationElement)

Loads a SecurityTokenHandlerConfiguration by using the elements directly under the specified IdentityConfigurationElement.(Inherited from IdentityConfiguration.)

System_CAPS_protmethodLoadHandlerConfiguration(SecurityTokenHandlerConfiguration, SecurityTokenHandlerConfigurationElement)

Loads configuration elements pertaining to the SecurityTokenHandlerCollection.(Inherited from IdentityConfiguration.)

System_CAPS_protmethodLoadHandlers(IdentityConfigurationElement)

Loads the SecurityTokenHandlerCollectionManager defined for the specified service.(Inherited from IdentityConfiguration.)

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

The code examples that are used in the SecurityTokenService topics are taken from the Custom Token sample. This sample provides custom classes that enable processing of Simple Web Tokens (SWT) and it includes an implementation of a passive STS that is capable of serving an SWT token. For an example of how to implement an active STS, you can see the Federation Metadata sample. For information about these samples and other samples available for WIF and about where to download them, see WIF Code Sample Index. The following code shows a custom implementation of the SecurityTokenServiceConfiguration class to support a passive STS that processes SWT tokens. The configuration is initialized and stored in the HTTP application state the first time the static Current property is accessed. The constructor initializes the properties of the custom configuration with the type of the custom STS, a custom issuer token resolver, and the default token type (the URI of the SWT token type). It also adds an SWT token handler to the default handler collection.

namespace PassiveSTS
{
    /// <summary>
    /// Extends the Microsoft.IdentityModel.Services.SecurityTokenServiceConfiguration class to 
    /// be consumed by the CustomSecurityTokenService.
    /// </summary>
    public class CustomSecurityTokenServiceConfiguration : SecurityTokenServiceConfiguration
    {
        static readonly object syncRoot = new object();
        static string CustomSecurityTokenServiceConfigurationKey = "CustomSecurityTokenServiceConfigurationKey";
        static string Base64SymmetricKey = "wAVkldQiFypTQ+kdNdGWCYCHRcee8XmXxOvgmak8vSY=";

        public static CustomSecurityTokenServiceConfiguration Current
        {
            get
            {
                HttpApplicationState httpAppState = HttpContext.Current.Application;

                CustomSecurityTokenServiceConfiguration myConfiguration = httpAppState.Get( CustomSecurityTokenServiceConfigurationKey ) as CustomSecurityTokenServiceConfiguration;

                if ( myConfiguration != null )
                {
                    return myConfiguration;
                }

                lock ( syncRoot )
                {
                    myConfiguration = httpAppState.Get( CustomSecurityTokenServiceConfigurationKey ) as CustomSecurityTokenServiceConfiguration;

                    if ( myConfiguration == null )
                    {
                        myConfiguration = new CustomSecurityTokenServiceConfiguration();
                        httpAppState.Add( CustomSecurityTokenServiceConfigurationKey, myConfiguration );
                    }

                    return myConfiguration;
                }
            }
        }

        public CustomSecurityTokenServiceConfiguration()
            : base( "PassiveSTS" )
        {
            this.SecurityTokenService = typeof( PassiveSTS.CustomSecurityTokenService );
            SimpleWebTokenHandler tokenHandler = new SimpleWebTokenHandler();
            this.SecurityTokenHandlers.Add(tokenHandler);

            CustomIssuerTokenResolver  customTokenResolver =  new SimpleWebToken.CustomIssuerTokenResolver();
            customTokenResolver.AddAudienceKeyPair("http://localhost:19851/", Base64SymmetricKey);
            this.IssuerTokenResolver = customTokenResolver;

            this.DefaultTokenType = SimpleWebTokenHandler.SimpleWebTokenTypeUri;
        }
    }
}

The following code shows how to invoke a custom passive STS to process a WS-Federation request by calling the FederatedPassiveSecurityTokenServiceOperations.ProcessRequest(HttpRequest, ClaimsPrincipal, SecurityTokenService, HttpResponse) method from the code behind in the default.aspx.cs file. The CreateSecurityTokenService method initializes an instance of the PassiveSTS.CustomSecurityTokenService class using the properties set on the CustomSecurityTokenServiceConfiguration class shown in the previous example.

using System;
using System.IdentityModel.Services;
using System.Security.Claims;

namespace PassiveSTS
{
    public partial class _Default : System.Web.UI.Page
    {
        /// <summary>
        /// We perform the WS-Federation Passive Protocol processing in this method. 
        /// </summary>
        protected void Page_PreRender( object sender, EventArgs e ) 
        {
            FederatedPassiveSecurityTokenServiceOperations.ProcessRequest( Request, User as ClaimsPrincipal, CustomSecurityTokenServiceConfiguration.Current.CreateSecurityTokenService(), Response );
        }
    }
}

.NET Framework
Available since 4.5

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: