<audienceUris>
Specifies the set of URIs that are acceptable identifiers of the relying party (RP). Tokens will not be accepted unless they are scoped for one of the allowed audience URIs.
<configuration>
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<securityTokenHandlerConfiguration>
<audienceUris>
Syntax
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<securityTokenHandlerConfiguration>
<audienceUris mode=xs:string>
<add value=xs:string />
<clear />
<remove value=xs:string />
</audienceUris>
</securityTokenHandlerConfiguration>
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
| Attribute | Description |
|---|---|
| mode | An AudienceUriMode value that specifies whether the audience restriction should be applied to an incoming token. The possible values are "Always", "Never", and "BearerKeyOnly". The default is "Always". Optional. |
Child Elements
| Element | Description |
|---|---|
<add value=xs:string> |
Adds the URI specified by the value attribute to the audienceUris collection. The value attribute is required. The URI is case-sensitive. |
<clear> |
Clears the audienceUris collection. All identifiers are removed from the collection. |
<remove value=xs:string> |
Removes the URI specified by the value attribute from the audienceUris collection. The value attribute is required. The URI is case-sensitive. |
Parent Elements
| Element | Description |
|---|---|
| <securityTokenHandlerConfiguration> | Provides configuration for a collection of security token handlers. |
Remarks
By default, the collection is empty; use <add>, <clear>, and <remove> elements to modify the collection. SamlSecurityTokenHandler and Saml2SecurityTokenHandler objects use the values in the audience URI collection to configure any allowed audience URI restrictions in SamlSecurityTokenRequirement objects.
The <audienceUris> element is represented by the AudienceUriElementCollection class. An individual URI added to the collection is represented by the AudienceUriElement class.
Note
The use of the <audienceUris> element as a child element of the <identityConfiguration> element has been deprecated, but is still supported for backward compatibility. Settings on the <securityTokenHandlerConfiguration> element override those on the <identityConfiguration> element.
Example
The following XML shows how to configure the acceptable audience URIs for an application. This example configures a single URI. Tokens scoped for this URI will be accepted, all others will be rejected.
<audienceUris>
<add value="http://localhost:19851/"/>
</audienceUris>