Specifies the types of required and optional claims expected to appear in the federated credential.
Assembly: System.ServiceModel (in System.ServiceModel.dll)
Thetype exposes the following members.
|Equals(Object)||Determines whether the specified object is equal to the current object. (Inherited from Object.)|
|Finalize||Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)|
|GetHashCode||Serves as the default hash function. (Inherited from Object.)|
|GetType||Gets the Type of the current instance. (Inherited from Object.)|
|MemberwiseClone||Creates a shallow copy of the current Object. (Inherited from Object.)|
|ToString||Returns a string that represents the current object. (Inherited from Object.)|
In a federated scenario, services state the requirements on incoming credentials. For example, the incoming credentials must possess a certain set of claim types. This requirement is manifested in a security policy. When a client requests a security token from a security token service (for example, CardSpace), it puts the requirements into a token request so that the security token service can issue the security token that satisfies the requirements accordingly.
The following code adds two claim type requirements to a security binding.
WSFederationHttpBinding binding = new WSFederationHttpBinding(); binding.Security.Message.ClaimTypeRequirements.Add (new ClaimTypeRequirement ("http://schemas.microsoft.com/ws/2005/05/identity/claims/EmailAddress")); binding.Security.Message.ClaimTypeRequirements.Add (new ClaimTypeRequirement ("http://schemas.microsoft.com/ws/2005/05/identity/claims/UserName", true));
The following config file is used with the preceding code.
<bindings> <wsFederationHttpBinding> <binding name="myFederatedBinding"> <security mode="Message"> <message issuedTokenType="urn:oasis:names:tc:SAML:1.0:assertion"> <claimTypeRequirements> <add claimType="http://schemas.microsoft.com/ws/2005/05/identity/claims/EmailAddress" isOptional="false" /> <add claimType="http://schemas.microsoft.com/ws/2005/05/identity/claims/UserName" isOptional="true" /> </claimTypeRequirements> </message> </security> </binding> </wsFederationHttpBinding> </bindings>