<system.identityModel.services>

Configuration section for authentication using the WS-Federation protocol.

<system.identityModel.services>

Syntax

<system.identityModel.services>  
  <federationConfiguration name=xs:string identityConfigurationName=xs:string>  
  </federationConfiguration>  
</system.identityModel.services>  

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

None

Child Elements

Element Description
<federationConfiguration> Contains the settings that configure the WSFederationAuthenticationModule (WSFAM) and the SessionAuthenticationModule (SAM) HTTP modules.

Parent Elements

None

Remarks

Add a <system.identityModel.services> section to your application’s configuration file to provide settings for the SAM and WSFAM.

Important

When using the ClaimsPrincipalPermission or the ClaimsPrincipalPermissionAttribute class to provide claims-based access control in your code, the claims authorization manager (ClaimsAuthorizationManager) and policy that is used to make authorization decisions are configured through an <identityConfiguration> element that is implicitly or explicitly referenced from a <federationConfiguration> element in this section. For more information, see the Remarks under the <federationConfiguration> element.

The <system.identityModel.services> section is represented by the SystemIdentityModelServicesSection class. The collection of child <federationConfiguration> elements configured in the section is represented by the FederationConfigurationElementCollection class.

Example

The following XML shows how to add a <system.identityModel.services> section to a configuration file. You must first add section declarations for both the <system.identityModel.services> section and the <system.identityModel> sections. (When you add a <system.identityModel.services> section, you should also add a declaration for the <system.identityModel> section to ensure that a default <identityConfiguration> section can be created by the runtime if necessary.) After the section declarations have been added, you can configure federated authentication settings under the <system.identityModel.services> element.

<configuration>  
  <configSections>  
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />  
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />  
  </configSections>  

  <!-- Additional elements (not shown) -->  

  <system.identityModel.services>  
    <federationConfiguration>  
      <wsFederation passiveRedirectEnabled="true"   
        issuer="http://localhost:15839/wsFederationSTS/Issue"   
        realm="http://localhost:50969/" reply="http://localhost:50969/"   
        requireHttps="false"   
        signOutReply="http://localhost:50969/SignedOutPage.html"   
        signOutQueryString="Param1=value2&Param2=value2"   
        persistentCookiesOnPassiveRedirects="true" />  
      <cookieHandler requireSsl="false" />  
    </federationConfiguration>  
  </system.identityModel.services>  

</configuration>