Based Issuer Name Registry Class
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Represents an issuer name registry that maintains a list of trusted issuers loaded from elements in the application configuration file that associate each issuer name to the X.509 certificate that is needed to verify the signature of tokens produced by the issuer.
public ref class ConfigurationBasedIssuerNameRegistry : System::IdentityModel::Tokens::IssuerNameRegistry
public class ConfigurationBasedIssuerNameRegistry : System.IdentityModel.Tokens.IssuerNameRegistry
type ConfigurationBasedIssuerNameRegistry = class inherit IssuerNameRegistry
Public Class ConfigurationBasedIssuerNameRegistry Inherits IssuerNameRegistry
The following XML shows configuration for a ConfigurationBasedIssuerNameRegistry added for a collection of security token handlers. The
<trustedIssuers> element behaves like a classic .NET configuration collection, allowing the
<clear> elements as child elements.
<system.identityModel> <identityConfiguration> <securityTokenHandlersCollection> <securityTokenHandlerConfiguration> <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel"> <trustedIssuers> <add thumbprint="97249e … 158de" name="contoso.com" /> </trustedIssuers> </issuerNameRegistry> </securityTokenHandlerConfiguration> </identityConfiguration> </system.identityModel>
The ConfigurationBasedIssuerNameRegistry class maintains a dictionary of trusted issuers by mapping the certificate of each trusted issuer to a name that refers to that issuer. The certificates are specified using the ASN.1 encoded form of the thumbprint. The issuer name can be any string, as long as it is unique within the scope of the application. This dictionary can be accessed through the ConfiguredTrustedIssuers property. The class can only resolve X.509 certificates.
The map of trusted issuers is specified in a configuration file by adding entries under the <trustedIssuers> element. The
<trustedIssuers> element is a child element of the <issuerNameRegistry> element and it is valid when the ConfigurationBasedIssuerNameRegistry class is specified in the
type attribute of that element. For more information, see the documentation for each of these elements in the WIF Configuration Schema. For more information about issuer name registries, see the IssuerNameRegistry class.
You can derive from ConfigurationBasedIssuerNameRegistry to implement your own configuration based issuer name registry. Which methods you override will depend upon your implementation. For example, you can override the LoadCustomConfiguration method to load configuration from a custom configuration schema.
Initializes a new instance of the ConfigurationBasedIssuerNameRegistry class.
Gets the dictionary of trusted issuers that have been configured for this instance.
Adds an issuer to the dictionary of trusted issuers.
Determines whether the specified object is equal to the current object.(Inherited from Object)
Serves as the default hash function.(Inherited from Object)
Returns the issuer name associated with the specified X509SecurityToken by mapping the certificate thumbprint to a name in the trusted issuers dictionary.
When overridden in a derived class, returns the name of the issuer of the specified security token. The specified issuer name may be considered in determining the issuer name to return.(Inherited from IssuerNameRegistry)
Gets the Type of the current instance.(Inherited from Object)
Returns the default issuer name to be used for Windows claims.(Inherited from IssuerNameRegistry)
Loads the trusted issuers from configuration.
Creates a shallow copy of the current Object.(Inherited from Object)
Returns a string that represents the current object.(Inherited from Object)