<system.identityModel.services>
Configuration section for authentication using the WS-Federation protocol.
<configuration>
<system.identityModel.services>
Syntax
<system.identityModel.services>
<federationConfiguration name=xs:string identityConfigurationName=xs:string>
</federationConfiguration>
</system.identityModel.services>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
None
Child Elements
| Element | Description |
|---|---|
| <federationConfiguration> | Contains the settings that configure the WSFederationAuthenticationModule (WSFAM) and the SessionAuthenticationModule (SAM) HTTP modules. |
Parent Elements
None
Remarks
Add a <system.identityModel.services> section to your application’s configuration file to provide settings for the SAM and WSFAM.
Important
When using the ClaimsPrincipalPermission or the ClaimsPrincipalPermissionAttribute class to provide claims-based access control in your code, the claims authorization manager (ClaimsAuthorizationManager) and policy that is used to make authorization decisions are configured through an <identityConfiguration> element that is implicitly or explicitly referenced from a <federationConfiguration> element in this section. For more information, see the Remarks under the <federationConfiguration> element.
The <system.identityModel.services> section is represented by the SystemIdentityModelServicesSection class. The collection of child <federationConfiguration> elements configured in the section is represented by the FederationConfigurationElementCollection class.
Example
The following XML shows how to add a <system.identityModel.services> section to a configuration file. You must first add section declarations for both the <system.identityModel.services> section and the <system.identityModel> sections. (When you add a <system.identityModel.services> section, you should also add a declaration for the <system.identityModel> section to ensure that a default <identityConfiguration> section can be created by the runtime if necessary.) After the section declarations have been added, you can configure federated authentication settings under the <system.identityModel.services> element.
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<!-- Additional elements (not shown) -->
<system.identityModel.services>
<federationConfiguration>
<wsFederation passiveRedirectEnabled="true"
issuer="http://localhost:15839/wsFederationSTS/Issue"
realm="http://localhost:50969/" reply="http://localhost:50969/"
requireHttps="false"
signOutReply="http://localhost:50969/SignedOutPage.html"
signOutQueryString="Param1=value2&Param2=value2"
persistentCookiesOnPassiveRedirects="true" />
<cookieHandler requireSsl="false" />
</federationConfiguration>
</system.identityModel.services>
</configuration>