<issuerTokenResolver>
Registers the issuer token resolver that is used by handlers in the token handler collection. The issuer token resolver is used to resolve the signing token on incoming tokens and messages.
<configuration>
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<securityTokenHandlerConfiguration>
<issuerTokenResolver>
Syntax
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<securityTokenHandlerConfiguration>
<issuerTokenResolver type=xs:string>
</issuerTokenResolver>
</securityTokenHandlerConfiguration>
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
| Attribute | Description |
|---|---|
| type | Specifies the type of the issuer token resolver. Must be either the IssuerTokenResolver class or a type that derives from the IssuerTokenResolver class. Required. |
Child Elements
None
Parent Elements
| Element | Description |
|---|---|
| <securityTokenHandlerConfiguration> | Provides configuration for a collection of security token handlers. |
Remarks
The issuer token resolver is used to resolve the signing token on incoming tokens and messages. It is used to retrieve the cryptographic material that is used for checking the signature. You must specify the type attribute. The type specified can be either IssuerTokenResolver or a custom type that derives from the IssuerTokenResolver class.
Some token handlers allow you to specify issuer token resolver settings in configuration. Settings on individual token handlers override those specified on the security token handler collection.
Note
Specifying the <issuerTokenResolver> element as a child element of the <identityConfiguration> element has been deprecated, but is still supported for backward compatibility. Settings on the <securityTokenHandlerConfiguration> element override those on the <identityConfiguration> element.
Example
The following XML shows configuration for an issuer token resolver that is based on a custom class that derives from IssuerTokenResolver. The token resolver maintains a dictionary of audience-key pairs that is initialized from a custom configuration element (<AddAudienceKeyPair>) defined for the class. The class overrides the LoadCustomConfiguration method to process this element. The override is shown in the following example; however, the methods it calls are not shown for brevity. For the complete example, see the CustomToken sample.
<issuerTokenResolver type="SimpleWebToken.CustomIssuerTokenResolver, SimpleWebToken">
<AddAudienceKeyPair symmetricKey="wAVkldQiFypTQ+kdNdGWCYCHRcee8XmXxOvgmak8vSY=" audience="http://localhost:19851/" />
</issuerTokenResolver>
Example
public override void LoadCustomConfiguration(System.Xml.XmlNodeList nodelist)
{
foreach (XmlNode node in nodelist)
{
XmlDictionaryReader rdr = XmlDictionaryReader.CreateDictionaryReader(new XmlTextReader(new StringReader(node.OuterXml)));
rdr.MoveToContent();
string symmetricKey = rdr.GetAttribute("symmetricKey");
string audience = rdr.GetAttribute("audience");
this.AddAudienceKeyPair(audience, symmetricKey);
}
}