Defines a way for the Federation Service to digitally sign an AD FS token for an application (represented in the trust policy by a TrustingApplication object). Such tokens are signed using symmetric keys which are securely shared using the Kerberos security protocol of a Windows forest. A defined for a particular application overrides the global default X509SigningMethod defined in a Federation Service’s web.config file. Because the utilizes a cached symmetric session key, it may provide performance benefits over the default asymmetric-key-based signing method.
Assembly: System.Web.Security.SingleSignOn (in System.Web.Security.SingleSignOn.dll)
Gets or sets the ServicePrincipalName (SPN) of the target server resource partner or application.
Theclass is part of the Federation Service’s trust policy configuration.
In order for theobject to be used, the target application must be running as a Windows domain service account from a domain in the same forest as the Federation Service’s domain service account or from a forest which has a cross-forest trust with the Federation Service’s forest. Generally, Kerberos authentication does not work across an external trust.
The TargetName property should be set to the ServicePrincipalName (SPN) of the targeted application. In the case of a claims-based application, the SPN should be registered on the domain service account under which the target’s IIS application pool is configured to run. In the case of a Windows NT token-based application, the SPN should be registered on the domain service account under which the target’s AD FS Web Agent Authentication Service (IFSSVC) is configured to run.
Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.