LogonServerConfigurationHandler Class

 

Reads configuration data for the Logon Server component of AD FS, which runs on the Federation Service and Federation Service Proxy and is responsible for handling protocol requests to the endpoint URL.

Namespace:   System.Web.Security.SingleSignOn
Assembly:  System.Web.Security.SingleSignOn (in System.Web.Security.SingleSignOn.dll)

System.Object
  System.Web.Security.SingleSignOn.LogonServerConfigurationHandler

public class LogonServerConfigurationHandler : IConfigurationSectionHandler

NameDescription
System_CAPS_pubmethodLogonServerConfigurationHandler()

Initializes a new instance of the LogonServerConfigurationHandler class.

NameDescription
System_CAPS_pubmethodCreate(Object, Object, XmlNode)

This method supports the AD FS infrastructure and is not intended for public use.

System_CAPS_pubmethodEquals(Object)

(Inherited from Object.)

System_CAPS_protmethodFinalize()

(Inherited from Object.)

System_CAPS_pubmethodGetHashCode()

(Inherited from Object.)

System_CAPS_pubmethodGetType()

(Inherited from Object.)

System_CAPS_protmethodMemberwiseClone()

(Inherited from Object.)

System_CAPS_pubmethodToString()

(Inherited from Object.)

The web.config in the application root of Federation Service or Federation Service Proxy should register a system.web section called “logonserver” to be handled by this class. Such a registration looks like this:

<configuration>
    <configSections>
        <sectionGroup name="system.web">
            <section name="logonserver" type="System.Web.Security.SingleSignOn.LogonServerConfigurationHandler, System.Web.Security.SingleSignOn, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35, Custom=null" />
        </sectionGroup>
    </configSections>
</configuration>

XPath

Element value description

logonserver/forms/discovery

The name of the aspx form which should be invoked for the DiscoverClientRealm action. The default is “discoverclientrealm.aspx”.

logonserver/forms/logon

The name of the aspx form which should be invoked for the CollectionInitialCredentials and CollectAdditionalCredentials actions. The default is “clientlogon.aspx”.

logonserver/forms/signout

The name of the aspx form which should be invoked for the CleanupTopLevel and CleanupNested actions. The default is “signout.aspx”.

logonserver/forms/policy

The name of the aspx form which should be invoked for the PolicyEnforcement action. The default is null, which avoid the PolicyEnforcement action.

logonserver/posttimeout

The number of seconds to pause before posting a token to a resource partner or application. The default is 0.

logonserver/policyinterval

On the Federation Service Proxy, this indicates the frequency with which an otherwise idle proxy will consider calling GetProxyTrustInformation to refresh trust policy information from the Federation Service. The default is 30 minutes.

logonserver/policythreshhold

On the Federation Service Proxy, this indicates how old the trust policy information must be to warrant a call to GetProxyTrustInformation. Every policyinterval minutes, if the proxy has not made any call to the Federation Server in policythreshhold minutes or more, it forces a call to GetProxyTrustInformation to update the policy.

logonserver/soap/fsuri

On the Federation Service Proxy, this specifies the URL of the Federation Service. Generally, this is of the form “https://fs.example.com/adfs/fs/federationserverservice.asmx”.

logonserver/soap/certhash

On the Federation Service Proxy, this specifies the thumbprint of the certificate from the Local Machine “My” store which should be used to perform client authentication to the Federation Service. This certificate hash must also be configured on the Federation Service in the TrustPolicy.LSClientCertificates collection.

logonserver/auditlevel

On the Federation Service Proxy, this specifies the value of SingleSignOnEventLogLevel to be used for event logging and auditing. The default is SingleSignOnEventLogLevel.Everything.

<system.web>
  <logonserver>
    <forms>
      <discovery>discoverclientrealm.aspx</discovery>
      <logon>clientlogon.aspx</logon>
      <signout>signout.aspx</signout>
    </forms>
  </logonserver>
</system.web>

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top

Community Additions

ADD
Show: