Editare

Partajați prin

SamlSecurityTokenAuthenticator.AudienceUriMode Property

  • Reference

Definition

Namespace:
System.IdentityModel.Selectors
Assembly:
System.IdentityModel.dll

Gets or sets an AudienceUriMode that specifies whether the SamlSecurityToken security token's SamlAudienceRestrictionCondition should be validated.

public:
 property System::IdentityModel::Selectors::AudienceUriMode AudienceUriMode { System::IdentityModel::Selectors::AudienceUriMode get(); void set(System::IdentityModel::Selectors::AudienceUriMode value); };
public System.IdentityModel.Selectors.AudienceUriMode AudienceUriMode { get; set; }
member this.AudienceUriMode : System.IdentityModel.Selectors.AudienceUriMode with get, set
Public Property AudienceUriMode As AudienceUriMode

Property Value

AudienceUriMode

An AudienceUriMode that specifies whether the SamlSecurityToken security token's SamlAudienceRestrictionCondition should be validated.

Remarks

Use the AudienceUriMode property in a federated application that utilizes a security token service (STS) that issues SamlSecurityToken security tokens. When the STS issues the security token, it can specify the URI of the Web services for which the security token is intended by adding a SamlAudienceRestrictionCondition to the security token. That allows the SamlSecurityTokenAuthenticator for the recipient Web service to verify that the issued security token is intended for this Web service by specifying that this check should happen by doing the following:

Note

When the AudienceUriMode property is set to BearerKeyOnly, an incoming non-endorsing SamlSecurityToken must contain a SamlAudienceRestrictionCondition and the Audiences collection must contain a URI that matches one of the valid URIs specified in the AllowedAudienceUris collection. A non-endorsing or bearer token is a security token that is included in the message and not used to sign any part of the message.

Applies to