Represents an issuer name registry that maintains a list of trusted issuers loaded from elements in the application configuration file that associate each issuer name to the X.509 certificate that is needed to verify the signature of tokens produced by the issuer.
Assembly: System.IdentityModel (in System.IdentityModel.dll)
Thetype exposes the following members.
|AddTrustedIssuer||Adds an issuer to the dictionary of trusted issuers.|
|Equals(Object)||Determines whether the specified object is equal to the current object. (Inherited from Object.)|
|Finalize||Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)|
|GetHashCode||Serves as the default hash function. (Inherited from Object.)|
|GetIssuerName(SecurityToken)||Returns the issuer name associated with the specified X509SecurityToken by mapping the certificate thumbprint to a name in the trusted issuers dictionary. (Overrides IssuerNameRegistry.GetIssuerName(SecurityToken).)|
|GetIssuerName(SecurityToken, String)||When overridden in a derived class, returns the name of the issuer of the specified security token. The specified issuer name may be considered in determining the issuer name to return. (Inherited from IssuerNameRegistry.)|
|GetType||Gets the Type of the current instance. (Inherited from Object.)|
|GetWindowsIssuerName||Returns the default issuer name to be used for Windows claims. (Inherited from IssuerNameRegistry.)|
|LoadCustomConfiguration||Loads the trusted issuers from configuration. (Overrides IssuerNameRegistry.LoadCustomConfiguration(XmlNodeList).)|
|MemberwiseClone||Creates a shallow copy of the current Object. (Inherited from Object.)|
|ToString||Returns a string that represents the current object. (Inherited from Object.)|
The class maintains a dictionary of trusted issuers by mapping the certificate of each trusted issuer to a name that refers to that issuer. The certificates are specified using the ASN.1 encoded form of the thumbprint. The issuer name can be any string, as long as it is unique within the scope of the application. This dictionary can be accessed through the ConfiguredTrustedIssuers property. The class can only resolve X.509 certificates.
The map of trusted issuers is specified in a configuration file by adding entries under the <trustedIssuers> element. The <trustedIssuers> element is a child element of the <issuerNameRegistry> element and it is valid when the class is specified in the type attribute of that element. For more information, see the documentation for each of these elements in the Windows Identity Foundation Configuration Schema. For more information about issuer name registries, see the IssuerNameRegistry class.
You can derive from to implement your own configuration based issuer name registry. Which methods you override will depend upon your implementation. For example, you can override the LoadCustomConfiguration method to load configuration from a custom configuration schema.
The following XML shows configuration for a added for a collection of security token handlers. The <trustedIssuers> element behaves like a classic .NET configuration collection, allowing the <add>, <delete> and <clear> elements as child elements.
<system.identityModel> <identityConfiguration> <securityTokenHandlersCollection> <securityTokenHandlerConfiguration> <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel"> <trustedIssuers> <add thumbprint="97249e … 158de" name="contoso.com" /> </trustedIssuers> </issuerNameRegistry> </securityTokenHandlerConfiguration> </identityConfiguration> </system.identityModel>