# <system.identityModel.services>

Configuration section for authentication using the WS-Federation protocol.

<system.identityModel.services>

## Syntax

<system.identityModel.services>
<federationConfiguration name=xs:string identityConfigurationName=xs:string>
</federationConfiguration>
</system.identityModel.services>


## Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

None

### Child Elements

Element Description
<federationConfiguration> Contains the settings that configure the WSFederationAuthenticationModule (WSFAM) and the SessionAuthenticationModule (SAM) HTTP modules.

None

## Remarks

Add a <system.identityModel.services> section to your application’s configuration file to provide settings for the SAM and WSFAM.

Important

When using the ClaimsPrincipalPermission or the ClaimsPrincipalPermissionAttribute class to provide claims-based access control in your code, the claims authorization manager (ClaimsAuthorizationManager) and policy that is used to make authorization decisions are configured through an <identityConfiguration> element that is implicitly or explicitly referenced from a <federationConfiguration> element in this section. For more information, see the Remarks under the <federationConfiguration> element.

The <system.identityModel.services> section is represented by the SystemIdentityModelServicesSection class. The collection of child <federationConfiguration> elements configured in the section is represented by the FederationConfigurationElementCollection class.

## Example

The following XML shows how to add a <system.identityModel.services> section to a configuration file. You must first add section declarations for both the <system.identityModel.services> section and the <system.identityModel> sections. (When you add a <system.identityModel.services> section, you should also add a declaration for the <system.identityModel> section to ensure that a default <identityConfiguration> section can be created by the runtime if necessary.) After the section declarations have been added, you can configure federated authentication settings under the <system.identityModel.services> element.

<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>

<!-- Additional elements (not shown) -->

<system.identityModel.services>
<federationConfiguration>
<wsFederation passiveRedirectEnabled="true"
issuer="http://localhost:15839/wsFederationSTS/Issue"