ConfigurationBasedIssuerNameRegistry Class

.NET Framework (current version)

The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Represents an issuer name registry that maintains a list of trusted issuers loaded from elements in the application configuration file that associate each issuer name to the X.509 certificate that is needed to verify the signature of tokens produced by the issuer.

Namespace:   System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)


Public Class ConfigurationBasedIssuerNameRegistry
	Inherits IssuerNameRegistry


Initializes a new instance of the ConfigurationBasedIssuerNameRegistry class.


Gets the dictionary of trusted issuers that have been configured for this instance.

System_CAPS_pubmethodAddTrustedIssuer(String, String)

Adds an issuer to the dictionary of trusted issuers.


Determines whether the specified object is equal to the current object.(Inherited from Object.)


Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)


Serves as the default hash function. (Inherited from Object.)


Returns the issuer name associated with the specified X509SecurityToken by mapping the certificate thumbprint to a name in the trusted issuers dictionary.(Overrides IssuerNameRegistry.GetIssuerName(SecurityToken).)

System_CAPS_pubmethodGetIssuerName(SecurityToken, String)

When overridden in a derived class, returns the name of the issuer of the specified security token. The specified issuer name may be considered in determining the issuer name to return.(Inherited from IssuerNameRegistry.)


Gets the Type of the current instance.(Inherited from Object.)


Returns the default issuer name to be used for Windows claims.(Inherited from IssuerNameRegistry.)


Loads the trusted issuers from configuration.(Overrides IssuerNameRegistry.LoadCustomConfiguration(XmlNodeList).)


Creates a shallow copy of the current Object.(Inherited from Object.)


Returns a string that represents the current object.(Inherited from Object.)

The ConfigurationBasedIssuerNameRegistry class maintains a dictionary of trusted issuers by mapping the certificate of each trusted issuer to a name that refers to that issuer. The certificates are specified using the ASN.1 encoded form of the thumbprint. The issuer name can be any string, as long as it is unique within the scope of the application. This dictionary can be accessed through the ConfiguredTrustedIssuers property. The class can only resolve X.509 certificates.

The map of trusted issuers is specified in a configuration file by adding entries under the <trustedIssuers> element. The <trustedIssuers> element is a child element of the <issuerNameRegistry> element and it is valid when the ConfigurationBasedIssuerNameRegistry class is specified in the type attribute of that element. For more information, see the documentation for each of these elements in the Windows Identity Foundation Configuration Schema. For more information about issuer name registries, see the IssuerNameRegistry class.

You can derive from ConfigurationBasedIssuerNameRegistry to implement your own configuration based issuer name registry. Which methods you override will depend upon your implementation. For example, you can override the LoadCustomConfiguration method to load configuration from a custom configuration schema.

The following XML shows configuration for a ConfigurationBasedIssuerNameRegistry added for a collection of security token handlers. The <trustedIssuers> element behaves like a classic .NET configuration collection, allowing the <add>, <delete> and <clear> elements as child elements.

        <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel">
             <add thumbprint="97249e … 158de" name="" />

.NET Framework
Available since 4.5

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top