Partager via


<issuerNameRegistry>

Configures the issuer name registry that is used by handlers in the token handler collection.

<configuration>
  <system.identityModel>
    <identityConfiguration>
      <securityTokenHandlers>
        <securityTokenHandlerConfiguration>
          <issuerNameRegistry>

Syntax

<system.identityModel>  
  <identityConfiguration>  
    <securityTokenHandlers>  
      <securityTokenHandlerConfiguration>  
        <issuerNameRegistry type=xs:string>  
          <optionalCustomConfigurationElements />  
        </issuerNameRegistry>  
      </securityTokenHandlerConfiguration>  
    </securityTokenHandlers>  
  </identityConfiguration>  
</system.identityModel>  

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description
type A type that derives from the IssuerNameRegistry class. For more information about how to specify a custom type, see [Custom Type References].

Child Elements

Element Description
<trustedIssuers> When the type attribute specifies the configuration-based issuer name registry (the ConfigurationBasedIssuerNameRegistry class), the <trustedIssuers> element must be specified. The <trustedIssuers> element can take <add>, <clear>, or <remove> elements as child elements.

Parent Elements

Element Description
<securityTokenHandlerConfiguration> Provides configuration for a collection of security token handlers.

Remarks

All issuer tokens are validated using an issuer name registry. This is an object that derives from the IssuerNameRegistry class. The issuer name registry is used to associate a mnemonic name to the cryptographic material that is needed to verify the signatures of tokens produced by the corresponding issuer. The issuer name registry maintains a list of issuers that are trusted by the relying party (RP) application. The type of the issuer name registry is specified using the type attribute. The <issuerNameRegistry> element can have one or more child elements that provide configuration for the specified type. You provide the logic that processes these child elements by overriding the LoadCustomConfiguration method.

WIF provides a single issuer name registry type out of the box, the ConfigurationBasedIssuerNameRegistry class. This class uses a set of trusted issuer certificates that are specified in configuration. It requires a child configuration element, <trustedIssuers>, under which the collection of trusted issuer certificates is configured. Trusted certificates are specified using the ASN.1 encoded form of the certificate thumbprint and are added or removed from the collection by using <add>, <clear>, or <remove> elements.

The <issuerNameRegistry> element is represented by the IssuerNameRegistryElement class.

Note

Specifying the <issuerNameRegistry> element as a child element of the <identityConfiguration> element has been deprecated, but is still supported for backward compatibility. Settings on the <securityTokenHandlerConfiguration> element override those on the <identityConfiguration> element.

Example

The following XML shows how to specify the configuration based issuer name registry.

<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">  
  <trustedIssuers>  
    <add thumbprint="9B74CB … 1EF40D0" name="LocalSTS" />  
  </trustedIssuers>  
</issuerNameRegistry>  

See also