How to Configure an ASP.NET Relying Party Application with Windows Identity Foundation
[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]
In order to use the Windows® Identity Foundation (WIF) framework to create an ASP.NET website that acts as an Information Card or WS-Federation relying party, you must make a number of changes to the Web.config file.
Reference the Microsoft.IdentityMode assembly.
You must reference the Microsoft.IdentityModel assembly from the system.web/compilation section of the Web.config file.
<configuration> ... <system.web> ... <compilation> <assemblies> <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </assemblies> </compilation> ... </system.web> ... </configuration>Register the HTTP module.
Support for relying party applications has been built using the following ASP.NET modules:
Depending on your hosting environment, you must add the necessary modules for your application in one of two places:
For ASP.NET applications running under Internet Information Services (IIS) 6.0 or running under IIS 7.0 from an application pool configured for Classic mode, you must reference the modules required by the application from the system.web/httpModules section of the Web.config file.
<configuration> ... <system.web> ... <httpModules> <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> <add name="WSFederatedAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederatedAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </httpModules> ... </system.web> ... </configuration>For ASP.NET applications running under IIS 7.0 from an application pool configured for Integrated mode, you must reference the modules required by the application from the system.webServer/modules section of the Web.config file or the ApplicationHost.config file.
<configuration> ... <system.webServer> ... <modules> <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/> <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler"/> </modules> ... </system.webServer> ... </configuration>
Register the configuration section.
To use the rest of the configuration described by this topic, you must reference MicrosoftIdentityModelSection from the configSections section of the Web.config file.
<configuration> ... <configSections> <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </configSections> ... </configuration>Create a microsoft.identityModel section and add one or more <service> elements to create WIF service configurations. For more information about the <service> element, see Service Configuration.
<configuration> ... <microsoft.identiyModel> <service name="MyService"> ... </service> ... </microsoft.identityModel> ... </configuration>