Partager via


<issuerTokenResolver>

Registers the issuer token resolver that is used by handlers in the token handler collection. The issuer token resolver is used to resolve the signing token on incoming tokens and messages.

<configuration>
  <system.identityModel>
    <identityConfiguration>
      <securityTokenHandlers>
        <securityTokenHandlerConfiguration>
          <issuerTokenResolver>

Syntax

<system.identityModel>  
  <identityConfiguration>  
    <securityTokenHandlers>  
      <securityTokenHandlerConfiguration>  
        <issuerTokenResolver type=xs:string>  
        </issuerTokenResolver>  
      </securityTokenHandlerConfiguration>  
    </securityTokenHandlers>  
  </identityConfiguration>  
</system.identityModel>  

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description
type Specifies the type of the issuer token resolver. Must be either the IssuerTokenResolver class or a type that derives from the IssuerTokenResolver class. Required.

Child Elements

None

Parent Elements

Element Description
<securityTokenHandlerConfiguration> Provides configuration for a collection of security token handlers.

Remarks

The issuer token resolver is used to resolve the signing token on incoming tokens and messages. It is used to retrieve the cryptographic material that is used for checking the signature. You must specify the type attribute. The type specified can be either IssuerTokenResolver or a custom type that derives from the IssuerTokenResolver class.

Some token handlers allow you to specify issuer token resolver settings in configuration. Settings on individual token handlers override those specified on the security token handler collection.

Note

Specifying the <issuerTokenResolver> element as a child element of the <identityConfiguration> element has been deprecated, but is still supported for backward compatibility. Settings on the <securityTokenHandlerConfiguration> element override those on the <identityConfiguration> element.

Example

The following XML shows configuration for an issuer token resolver that is based on a custom class that derives from IssuerTokenResolver. The token resolver maintains a dictionary of audience-key pairs that is initialized from a custom configuration element (<AddAudienceKeyPair>) defined for the class. The class overrides the LoadCustomConfiguration method to process this element. The override is shown in the following example; however, the methods it calls are not shown for brevity. For the complete example, see the CustomToken sample.

<issuerTokenResolver type="SimpleWebToken.CustomIssuerTokenResolver, SimpleWebToken">  
  <AddAudienceKeyPair  symmetricKey="wAVkldQiFypTQ+kdNdGWCYCHRcee8XmXxOvgmak8vSY=" audience="http://localhost:19851/" />  
</issuerTokenResolver>  

Example

public override void LoadCustomConfiguration(System.Xml.XmlNodeList nodelist)  
{  
    foreach (XmlNode node in nodelist)  
    {  
        XmlDictionaryReader rdr = XmlDictionaryReader.CreateDictionaryReader(new XmlTextReader(new StringReader(node.OuterXml)));  
        rdr.MoveToContent();  
  
        string symmetricKey = rdr.GetAttribute("symmetricKey");  
        string audience = rdr.GetAttribute("audience");  
  
        this.AddAudienceKeyPair(audience, symmetricKey);  
    }  
}  

See also