System.IdentityModel.Services

Specifies the kind of application.

An ASP.NET Web application.

A Windows Communication Foundation application.

The exception that is thrown when an error occurs during an asynchronous operation.

Initializes a new instance of the class.

Initializes a new instance of the class with a system-supplied error message and a reference to the inner exception that is the cause of this exception.

The that is the cause of the current exception. If the parameter is not , the current exception is raised in a block that handles the inner exception.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

The error message that explains the reason for the exception. The that is the cause of the current exception. If the parameter is not , the current exception is raised in a block that handles the inner exception.

Represents a WS-Federation Attribute Request message. This message is created when the wa parameter in the received message is "wattr1.0".

Initializes a new instance of the class with the specified base URL.

The base URL to which this message applies.

Gets or sets the wattr parameter of the message.

A string that contains the value of the wattr parameter.

Gets or sets the wattrptr parameter of the message.

A string that contains the value of the wattrptr parameter. An attempt to set a value that is not a valid URI occurs.

Gets or sets the wreply parameter of the message.

A string that contains the value of the wreply parameter. This is the URL to which the reply should be sent. An attempt to set a value that is not a valid URI occurs.

Gets or sets the wresult parameter of the message.

A string that contains the value of the wresult parameter.

Gets or sets the wresultptr parameter of the message.

A string that contains the value of the wresultptr parameter. An attempt to set a value that is not a valid URI occurs.

No validation is performed by the framework. Users of this class should validate externally.

Writes the message in query string form to the specified text writer.

The writer to which to write the message. is .

Provides data for the event.

Initializes a new instance of the class.

Gets or sets a value that indicates whether the runtime () should redirect to an identity provider.

to redirect; otherwise, .

Represents a cookie handler that writes cookie data so that cookies never exceed a set size.

Initializes a new instance of the class that uses the default chunk size.

Initializes a new instance of the class that uses a specified chunk size.

The chunk size that will be used to write cookies. ' is less than the minimum chunk size of 1000 ().

Gets the chunk size used by the current instance.

The chunk size, in bytes.

The default chunk size of 2000 characters.

The minimum chunk size of 1000 characters.

Represents the configuration element.

Initializes a new instance of the class.

Gets or sets the chunk size for the handler.

The chunk size, in bytes. The default is . Do not set a value below the minimum chunk size defined by .

Represents an HTTP module that performs claims-based authorization.

Initializes a new instance of the class.

Returns a value that indicates whether the requestor (principal) is authorized for the current request.

if the principal is authorized; otherwise, . The default is if no claims authentication manager is associated with this module. The associated with the request is not authorized.

Gets or sets the current claims authorization manager instance that is used by this module.

The claims authorization manager instance or if no claims authorization manager is associated with this module. An attempt to set the property to occurs.

Disposes of the resources (other than memory) used by the module.

Initializes the module and prepares it to handle events from its ASP.NET application object.

The application object that contains this module.

Initializes the module properties based on definitions in the configuration file.

Handles the HTTP pipeline event

The source of the event. The data for the event.

Represents a permission that uses a implementation to determine if access to a resource should be granted to the active principal. This class cannot be inherited.

Creates a new instance of the class.

The resource on which the principal should be authorized. The action for which the principal should be authorized. is or an empty string. is .

Checks if the current principal is authorized to perform the specified action on the specified resource.

The resource on which the principal should be authorized. The action for which the principal should be authorized. The current principal is not assignable from . -or- There is no configured. The authorization check failed.

Returns a copy of the current instance.

A copied from the current instance.

Checks if the current principal is authorized for the resource-action pairs associated with the current instance.

The current principal is not assignable from . -or- There is no configured. The authorization check failed.

Reconstructs the current permission and its state from the specified XML encoding.

The XML encoding to use to reconstruct the permission. is . The encoding contains unrecognized elements or attributes or improperly formed XML.

Returns a permission that is the intersection of the current permission and the specified permission.

The permission to intersect with the current permission. It must be an instance of . A new that represents the intersection of the current permission and the specified permission; or if is or is not an instance of .

Returns a value that indicates whether current permission is a subset of the specified permission.

The permission to be tested for the subset relationship. It must be an instance of . if current permission is a subset of the specified permission; otherwise, .

Returns a value that indicates whether the permission is unrestricted.

if the permission is unrestricted; otherwise, . Always returns indicating that permission is unrestricted.

Returns the XML encoded form of the current permission and its state.

The XML encoded form of the current permission and its state.

Returns a new permission that is the union of the current permission and the specified permission. object that has all of the resource-action pairs that are present in the current instance and the target instance.

The permission to combine with current permission. It must be of type . A new that represents the union of the current permission and the specified permission; or if is or is not an instance of .

Represents a security attribute used to declaratively assign access checks based on the logic provided by the instance in the current application context. This class cannot be inherited.

Initializes a new instance of the class.

One of the values that specifies the security actions that can be performed when using declarative security.

Creates new instance of the class that is based on the current instance.

A with the operation and resource associated with this instance.

Gets or sets the operation for which the current principal should be authorized on the specified resource.

The action for which the current principal should be authorized.

Gets or sets the resource on which the principal should be authorized to perform the specified action (operation).

The resource on which the current principal should be authorized.

Exposes properties that contain federation settings that control the behavior of the WS-Federation Authentication Module () and the Session Authentication Module () in web applications.

Initializes a new instance of the class by loading settings from the section of the configuration file.

Initializes a new instance of the class by optionally loading settings from the section of the configuration file.

to initialize with settings loaded from the configuration file; to initialize to default values. The configuration section is not defined in the configuration file.

Initializes a new instance of the class from the <federationConfiguration> element with the specified name.

The name of the element from which to load the configuration. There is no section defined in the configuration file. -or- There is no section defined in the configuration file. -or- There is no element with the specified name in the section.

Gets or sets the cookie handler to be used by the Session Authentication Module ().

The cookie handler to be used by the Session Authentication Module (SAM). An attempt to set the property to occurs.

Gets or sets the custom XML element, if any, present in this configuration.

The custom XML element.

Defines the name of the default <federationConfiguration> element from which settings should be loaded. This is an empty string as the default element is unnamed.

Gets or sets the object associated with this instance.

The identity configuration object associated with this instance. An attempt to set the property to occurs.

Initializes the current instance.

The current instance has already been initialized (The property is .)

Gets or sets a value that indicates whether the method has been called.

if the configuration object has been configured; otherwise .

Loads the properties for the current instance from the configuration file. This method is called by constructors that initialize the newly created from configuration settings.

The element to load settings from. Can be to load default values.

Gets the name associated with this instance.

The name associated with this federation configuration instance.

Gets or sets the X.509 certificate used to sign WS-Federation protocol messages.

The X.509 certificate used to sign WS-Federation protocol messages.

Gets or sets the configuration settings for the WS-Federation Authentication Module ().

The configuration settings for the WS-Federation Authentication Module. An attempt to set the property to occurs.

Provides data for the event.

Initializes a new instance of the class with the specified federation configuration object.

The federation configuration object. A object contains the configurable properties for the WS-Federation Authentication Module () and the Session Authentication Module () in a web application.

Gets or sets the federation configuration object that was initialized from the configuration file.

The federation configuration object that was initialized from configuration.

Represents the element in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Gets or sets the child element.

The child element.

Gets or sets a custom child configuration element, if one exists.

The custom configuration element.

Gets or sets the attribute.

The name of the section to associate with this element.

Gets a value that indicates whether this element has been configured with non-default values.

if the element has been configured with non-default values; otherwise, .

Gets or sets the attribute.

The name of this federation configuration element.

Gets or sets the child element.

The child element.

Gets or sets the child element.

The child element.

Contains a collection of all of the elements that are specified in the configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Retrieves the element that has the specified name.

The name of the element to retrieve. The element that has the specified name. is . No element with the specified name was found.

Represents the section in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Gets a reference to the section from the configuration file.

The section from the configuration file. if the configuration file does not contain a section.

Gets the unnamed element from the configuration file.

The unnamed element from the configuration file. if the configuration file does not contain a section.

Gets the collection of elements configured in this section.

A collection that contains all of the elements configured in this section.

A constant that defines the name of the configuration section; "system.identityModel.services".

Contains all of the configuration settings needed by the WS-Federation Authentication Module ().

Initializes a new instance of the class from the specified element.

The element from which to initialize the new instance.

Initializes a new instance of the class by using the specified issuer and realm.

A string that contains the URI of the issuer to be used by the WS-Federation Authentication Module (WSFAM). A string that contains the URI of the requesting realm to be used by the WSFAM. is . -or- is .

Gets or sets the value of the wauth parameter to use in WS-Federation sign-in requests ("wsignin1.0").

A URI that specifies the authentication type. The default is an empty string.

Gets a dictionary that contains any extra attributes specified in the element in the configuration file.

The dictionary that contains the extra attributes.

A constant that contains the default value for the property; zero.

A constant that sets the default property of the XML dictionary reader quotas object referenced by the property.

A constant that sets the default property of the XML dictionary reader quotas object referenced by the property.

A constant that contains the default value for the property; , passive redirects are enabled.

A constant that contains the default value for the property; , cookies are not enabled.

A constant that contains the default value for the property; , HTTPS is required on redirects.

Gets or sets the value of the wfresh parameter to use in WS-Federation sign-in requests ("wsignin1.0").

The desired maximum age of authentication requests, in minutes. The default is .

Gets or sets the value of the whr parameter to use in WS-Federation sign-in requests ("wsignin1.0").

The address of the home realm identity provider. The default is an empty string.

Gets or sets a URI that identifies the intended issuer of the security token.

The URI that identifies the security token service (STS). Cannot be . An attempt to set the property to occurs.

Gets or sets a value that specifies whether the module is enabled to initiate WS-Federation protocol redirects.

to enable redirects; otherwise, . The default is , redirects are enabled.

Gets or sets a value that specifies whether a persistent session cookie is issued on successful authentication.

to issue a persistent session cookie; otherwise, . The default is , cookies are not enabled.

Gets or sets the value of the wp parameter to be used in WS-Federation sign-in requests ("wsignin1.0").

A URL that identifies the policy to use. The default is an empty string.

Gets or sets the value of the wtrealm parameter to be used for WS-Federation sign-in requests ("wsignin1.0").

A URI that identifies the relying party (RP) to the security token service (STS). Cannot be . An attempt to set the property to occurs.

Gets or sets the value of the wreply parameter to use in WS-Federation sign-in requests ("wsignin1.0").

A URL that identifies the address at which the relying party (RP) application would like to receive replies from the Security Token Service (STS). The default is an empty string.

Gets or sets the value of the wreq parameter to use in WS-Federation sign-in requests ("wsignin1.0").

The token issuance request expressed as a element. The default is an empty string.

Gets or sets the value of the wreqptr parameter to use in WS-Federation sign-in requests ("wsignin1.0").

A URL that specifies the location of the token issuance request expressed as a element

Gets or sets a value that specifies whether communication with the security token service (STS) must use HTTPS protocol.

if communication with the STS must be secured using HTTPS; otherwise, . The default is , HTTPS is required.

Gets or sets the value of the wres parameter to use in WS-Federation sign-in requests ("wsignin1.0").

A URI that identifies the resource being accessed, the relying party (RP), to the to the security token service (STS). The default is an empty string.

Gets or sets a query string that contains any additional parameters to be sent in WS-Federation sign-in requests ("wsignin1.0").

A URL fragment that contains the additional message parameters in the following format: "?param1=value1&param2=value2&paramN=valueN". The default is an empty string.

Gets or sets a query string that contains any additional parameters to be sent in WS-Federation sign-out requests ("wsignout1.0") during passive sign-out.

A URL fragment that contains the additional message parameters in the following format: "?param1=value1&param2=value2&paramN=valueN". The default is an empty string.

Gets or sets the value of the wreply parameter to use during WS-Federation sign-out requests ("wsignout1.0").

The URL to which the client should be redirected by the security token service (STS) during passive sign-out through the WS-Federation protocol. The default is an empty string.

Gets or sets the configurable quota values for XML dictionary readers used by this instance.

The object that contains the configurable quota values. The default object has the property set to and the property set to . An attempt to set the property to occurs.

Represents the element in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Gets or sets the attribute.

A string that contains a URI that represents the WS-Federation sign-in request wauth type. The default is an empty string. Optional.

Gets or sets the dictionary that contains any custom attributes.

The dictionary that contains the custom attributes, keyed by attribute name.

Gets or sets the attribute.

The required freshness. Sets the WS-Federation sign-in request wfresh parameter. Optional.

Gets or sets the attribute.

A string that contains the URI of the home realm of the identity provider (IP). The default is an empty string. Sets the WS-Federation sign-in request whr parameter. Optional.

Gets a value that indicates whether this element has been configured with non-default values.

if the element has been configured with non-default values; otherwise, .

Gets or sets the attribute.

A string that contains the URI of the token issuer. The default is an empty string. Required.

Gets or sets the attribute.

to enable the WS-Federation Authentication Module (WSFAM) to automatically redirect unauthorized requests to an STS; otherwise, . The default is , unauthorized requests are automatically redirected. Optional.

Gets or sets the attribute.

to issue persistent cookies when the WS-Federation Authentication Module (WSFAM) is enabled to initiate WS-Federation passive protocol redirects; otherwise, . The default is , cookies are not issued. Optional.

Gets or sets the attribute.

A string that contains the URI of the relevant policy. The default is an empty string. Sets the WS-Federation sign-in request wp parameter. Optional.

Gets or sets the attribute.

A string that contains the URI of requesting realm. The default is an empty string. Sets the WS-Federation sign-in request wtrealm parameter. Required.

Gets or sets the attribute.

A string that contains the URI of the address to reply to. The default is an empty string. Sets the wreply parameter on a WS-Federation sign-in request. Optional.

Gets or sets the attribute.

A string that contains the token issuance request. The default is an empty string. Sets the WS-Federation sign-in request wreq parameter. Optional.

Gets or sets the attribute.

A URL that specifies the location of the token issuance request. The default is an empty string. Sets the WS-Federation sign-in request wreqptr parameter. Optional.

Gets or sets the attribute.

to specify that the WS-Federation Authentication Module (WSFAM) to only redirect to a secure URL for the STS; otherwise, . The default is , the WSFAM only redirects to a secure URL for the STS. Optional.

Gets or sets the attribute.

A string that contains the URI of the WS-Federation resource value. The default is an empty string. Sets the request WS-Federation sign-in request wres parameter. Optional.

Gets or sets the attribute.

Any application defined parameters for the WS-Federation sign-in request URL. The default is an empty string. Provides an extensibility point to include application defined query parameters in the sign-in request URL. Optional.

Gets or sets the attribute.

Any application defined parameters for the WS-Federation sign-out request URL. The default is an empty string. Provides an extensibility point to include application defined query parameters in the sign-out request URL. Optional.

Gets or sets the attribute.

A string that contains the URL to return to following sign out. Sets the wreply parameter on a WS-Federation sign-out request. Optional.

Provides an abstract base class for reading, writing, and deleting session cookies on an HTTP client.

Called from constructors in derived classes to initialize the class.

Deletes the cookie associated with the current request that has the default name, domain, and path.

Deletes the cookie associated with the current request that has the specified name and the default domain and path.

The name of the cookie. is or empty.

Deletes the cookie associated with the specified request that has the specified name, path, and domain.

The name of the cookie. The path for the cookie. The domain for the cookie The for the request is or empty.

Deletes the cookie associated with the specified request that has the specified name and the default domain and path.

The name of the cookie. The for the request. is or empty.

Deletes the cookie associated with the current request that has the default name, domain, and path.

The for the request.

When overridden in a derived class, deletes the cookie associated with the specified request that has the specified name, domain, and path.

The name of the cookie The path for the cookie The domain for the cookie The for the request.

Gets or sets the domain used for cookies.

The domain used for cookies. The default is .

Gets or sets a value that indicates whether the cookie should be hidden from client script.

if the cookie should be hidden from client script; otherwise, . The default is .

If the target domain is within the cookie domain and the target path is within the cookie path, match the casing of the cookie path portion.

The base URL of the request. The URL to match Returns .

Gets or sets the base name for cookies written by the handler.

The base name to use for cookies. The default is "FedAuth". An attempt to set a or empty value occurs.

Gets or sets the virtual path for cookies written by the handler.

The virtual path. Defaults to the root of the ASP.NET application. An attempt to set a or empty value occurs.

The lifetime of persistent sessions. If zero, transient sessions are always used.

The session lifetime. The default is . A value that is less than zero is specified.

Reads the cookie associated with the current request that has the default name.

The cookie value or if the cookie was not found.

Reads the cookie associated with the current request that has the specified name.

The name of the cookie to read. The cookie value or if the cookie was not found. is or empty.

Reads the cookie associated with the specified request that has the specified name and the default domain and path.

The name of the cookie to read. The for the request. The cookie value or if the cookie was not found. is or empty.

Reads the cookie associated with the current request that has the default name, domain, and path.

The for the request. The cookie value or if the cookie was not found.

When overridden in a derived class, reads the cookie that has the specified name and that is associated with the specified request.

The name of the cookie The for the request. The cookie value or if the cookie was not found

Gets or sets a value that specifies whether the cookie should be used only with SSL.

if the cookie should only be used over an SSL connection; otherwise, . The default is .

Writes a cookie associated with the current request that has the specified value, persistence, and expiration time.

The cookie value. if the cookie is persistent; if the cookie is session-only, that is, only valid until the browser on the client is closed. The expiration time for the underlying token. is or empty.

Writes a cookie associated with the current request that has the specified name, value, and expiration time.

The cookie value. The name of the cookie. The expiration time for the cookie, or for a session (session-only) cookie. is or empty. is or empty.

Writes a cookie associated with the specified request that has the specified name, value, and expiration time.

The cookie value. The name of the cookie. The expiration time for the cookie, or for a session (session-only) cookie. The for the request. is or empty. is or empty.

Writes a cookie associated with the specified request that has the specified name, value, domain, path, expiration time, and visibility.

The cookie value. The name of the cookie. The path for the cookie The domain for the cookie The expiration time for the cookie, or for a session (session-only) cookie. if the cookie should only be used over an SSL connection; otherwise, . if the cookie should be hidden from client script; otherwise, . The for the request. is or empty. is or empty.

When overridden in a derived class, writes a cookie associated with the specified request that has the specified name, value, domain, path, expiration time, persistence and visibility.

The cookie value. The name of the cookie. The path for the cookie The domain for the cookie The expiration time for the cookie, or for a session (session-only) cookie. if the cookie should only be used over an SSL connection; otherwise, . if the cookie should be hidden from client script; otherwise, . The for the request.

Represents the configuration element.

Initializes a new instance of the class.

Gets or sets a chunked cookie handler.

A that provides additional configuration for the chunked cookie handler.

Gets or sets a custom cookie handler type. This property must be set when a custom cookie handler is being configured.

A that defines the custom cookie handler type.

Gets or sets the domain value for cookies written by the handler.

The domain value. The default is an empty string.

Gets a new cookie handler based on the configuration properties.

The cookie handler. This will be an instance of or depending on the kind of handler that is configured by the properties of the current instance. A cookie handler cannot be created from the properties of the current instance.

Gets or sets a value that specifies whether the property of the cookies written by this handler should be set.

if the property should be set; otherwise, . The default is .

Gets or sets the cookie handler mode.

A valid value that indicates the kind of cookie handler that is being configured. The default value is , which indicates a chunked cookie handler.

Gets or sets the base name for any cookies written by the handler.

The base name for the cookies. The default is "FedAuth".

Gets or sets the path value for cookies written by the handler.

A string that contains the path.

Gets or sets the lifetime of cookies issued by the handler.

A that represents the cookie lifetime. The default is 0 days ("0.0:0:0"). The value must be a value between 0 ("0.0:0:0") and 365 ("365.0:0:0") days.

Gets or sets a value that specifies whether the cookie should be used only with SSL.

if the cookie should only be used over an SSL connection; otherwise, . The default is .

Specifies the cookie handler modes that are supported. Defines the possible values of the property. This property defines the kind of cookie handler that a object configures. For more information, see the class.

Specifies a chunked cookie handler; a cookie handler that is an instance of or that derives from the class.

Specifies a custom cookie handler; a custom cookie handler that derives from the class.

Specifies that the default type of cookie handler is used. For the class the default is a chunked cookie handler.

Provides data for the event.

Initializes a new instance of the class with the specified cancel state and exception.

The initial cancel state. Sets the property. The exception that occurred. Sets the property. is .

Initializes a new instance of the class with the specified exception.

The exception that occurred. Sets the property. is .

Gets the exception that occurred.

The exception that occurred.

Provides access to state pertinent to all HTTP modules relevant to federated authentication in the web application.

Gets the claims authorization module used by the web application.

The claims authorization module.

Gets the singleton instance used by the HTTP modules in this web application.

The federation configuration instance. The property is set to by an event handler for the event.

Occurs when the property is accessed for the first time by one of the HTTP modules in the web application.

Gets the HTTP module of the specified type that is being used by the web application.

The type of the module. The HTTP module of the specified type or if a module of the specified type cannot be found.

Gets the session authentication module (SAM) used by the web application.

The session authentication module.

Gets the WS-Federation Authentication Module (WSFAM) used by the web application.

The WS-Federation Authentication Module.

Indicates that the sign-in session should being terminated, and the current request is unauthenticated.

Initializes a new instance of

Initializes a new instance of the class with serialized data.

The that holds the serialized object data about the exception being thrown. The that contains contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The message that describes the error.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

The message that describes the error. The exception that is the cause of the current exception, or if no inner exception is specified.

A utility class that encapsulates the operations typically performed by a Federated Passive Security Token Service.

Processes an incoming WS-Federation Passive Protocol request.

The incoming HTTP request. The principal associated with this request. The security token service (STS) to use to issue tokens. The outgoing HTTP response. is . -or- is . -or- is . -or- is .

Processes an incoming WS-Federation Passive Protocol request by using the specified WS-Federation serializer.

The incoming HTTP request. The principal associated with this request. The security token service (STS) to use to issue tokens. The outgoing HTTP response. The serializer to use for handling WS-Federation Passive Protocol messages. is . -or- is . -or- is . -or- is .

Processes an incoming WS-Federation Passive Protocol SignIn request.

The incoming sign-in request message. The principal associated with the request. The security token service (STS) to use to issue tokens. The sign-in response message that results from handling the request. is . -or- is . -or- is .

Processes an incoming WS-Federation Passive Protocol SignIn request by using the specified WS-Federation serializer.

The incoming sign-in request message. The principal associated with the request. The security token service (STS) to use to issue tokens. The serializer to use for handling WS-Federation Passive Protocol messages. The sign-in response message that results from handling the request. is . -or- is . -or- is .

Processes a sign-in response message.

The sign-in response message to be processed. The outgoing HTTP response. is . -or- is .

Processes an incoming WS-Federation Passive Protocol SignOut request.

The incoming WS-Federation message representing a sign-out request. By default, this must be an instance of or . The principal associated with the request. The reply URL to be redirected to after sign-out. The outgoing HTTP response. is . -or- is . -or- is . is not an instance of or of .

The exception that is thrown when a session has expired.

Initializes a new instance of the class.

Initializes a new instance of the class that has the specified instant that the session was validated and the instant that it expired.

The time that the session was validated. The time that the session expired.

Initializes a new instance of the class with the specified instant that the session was validated, the instant that the session expired, and a reference to the inner exception that is the cause of this exception.

The time at which the session was validated. The time at which the session expired. The exception that is the cause of the current exception, or if no inner exception is specified.

Initializes a new instance of the class with serialized data.

The that holds the serialized object data about the exception being thrown. The that contains contextual information about the source or destination. is .

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

The error message that explains the reason for the exception. The that is the cause of the current exception. If the parameter is not , the current exception is raised in a block that handles the inner exception.

Gets the time that the session expired.

The time that the session expired.

When overridden in a derived class, sets the object with information about the exception.

The that holds the serialized object data about the exception being thrown. The that contains contextual information about the source or destination.

Gets the time that the session was validated.

The time that the session was validated.

Base class for exceptions raised in WS-Federation support.

Initializes a new instance of the class.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

The error message that explains the reason for the exception. The that is the cause of the current exception. If the parameter is not , the current exception is raised in a block that handles the inner exception.

Defines static methods for creating Federation Metadata documents and for updating application configuration based on Federation Metadata documents.

Creates an XML document that contains Federation Metadata.

The application URI. The X.509 certificate to use to sign the metadata. The claims required by the application. One of the values that specifies the type of application that the metadata describes. This is used to determine the endpoints to create. The collection of acceptable URIs that can be used for this application. An XML reader that contains the metadata document that was created by using the parameters.

Updates the specified application configuration, if needed, based on the specified Federation Metadata document and a value that specifies whether the claims offered list should be updated.

An XML reader that contains the metadata document. An XML reader that contains the configuration. if the claims offered list should be updated; otherwise, . An XML reader that contains the updated configuration or if the configuration could not be updated. is . -or- is .

Updates the specified application configuration, if needed, based on the specified Federation Metadata document and a value that specifies whether the claims offered list should be updated. The serializer with which to read the security token service (STS) metadata is also specified.

An XML reader that contains the metadata document. An XML reader that contains the configuration. if the claims offered list should be updated; otherwise, . The serializer with which to read the STS metadata. An XML reader that contains the updated configuration or if the configuration could not be updated. is . -or- is . -or- is .

Updates the specified application configuration, if needed, based on the specified Federation Metadata document. Returns the configuration elements for the issuer name registry, as well as the configuration elements for the updated list of claims types offered, if it has been updated.

An XML reader that contains the metadata document. An XML reader that contains the configuration. When this method returns, contains an XML node reader that contains the elements that specify the issuer name registry. if there are is no issuer name registry specified. This parameter is treated as uninitialized. When this method returns, if the list of claim types offered has been changed, contains an XML node reader that contains elements that specify new list. If the list has not been changed, returns . This parameter is treated as uninitialized. is . -or- is .

Updates the specified application configuration, if needed, based on the specified Federation Metadata document. Returns configuration elements for the issuer name registry, as well as the configuration elements for the updated list of claims types offered, if it has been updated. The serializer with which to read the security token service (STS) metadata is also specified.

An XML reader that contains the metadata document. An XML reader that contains the configuration. When this method returns, contains an XML node reader that contains the elements that specify the issuer name registry. if there are is no issuer name registry specified. This parameter is treated as uninitialized. When this method returns, if the list of claim types offered has been changed, contains an XML node reader that contains elements that specify new list. If the list has not been changed, returns . This parameter is treated as uninitialized. The serializer with which to read the STS metadata. is . -or- is . -or- is .

Defines the base class from which all federation message classes derive.

Called from constructors in derived classes to initialize the class.

The base URL to which the federation message applies. Initializes the property. is . is not a valid, absolute URI.

Gets or sets the base URL to which the message applies.

A that contains the base URL. An attempt to set a value that is occurs. An attempt to set a value that is not a valid URI occurs.

Helper method that extracts the base URL from the specified URI.

The URI from which to extract the base URL. The base URL that was extracted.

Returns the specified parameter value from the parameters dictionary.

The parameter for which to search. The value of the parameter or if the parameter does not exist. is or an empty string.

Gets the message parameters as a dictionary.

A dictionary that contains the message parameters.

Helper method that parses the query string in the specified URI into a .

The URI to parse. A that contains the parameters in the query string. is .

Removes a parameter from the parameters dictionary.

The name of the parameter to remove. is or an empty string.

Sets the value of a parameter in the parameters dictionary.

The name of the parameter to set. The value to be assigned to the parameter. is or an empty string. -or- is or an empty string.

Sets the value of a parameter in the parameters dictionary. The value must be an absolute URI.

The parameter name. The parameter value. is . -or- is or not an absolute URI.

Validates the message.

The value of the property is or is not an absolute URI.

When overridden in a derived class, writes the message to the output stream.

The text writer to which the message is written out.

Serializes the message as a form post and returns the resulting Form together with its Javascript as a string.

A string representation of the message as a Form together with its associated Javascript.

Returns a string representation of the message in query-string format.

The message in query-string format.

The base class from which HTTP modules that are configurable with the <system.identityModel.services> element () derive.

Initializes a new instance of the class.

Releases the resources (except memory) used by the current instance of the class.

Gets or sets the object that is in effect for the current module.

The object that is in effect for the current module. An attempt to set the property to occurs.

Initializes the HTTP module.

The application object which contains this module.

When overridden in a derived class, initializes the current module and prepares it to handle events from its ASP.NET application object.

The application object which contains this module.

When overridden in a derived class, initializes module properties based on values in the object that is in effect for it.

Protects session tokens with the cryptographic material specified in the section of the web.config or machine.config configuration file.

Initializes a new instance of the class.

Reverses the transform.

The encoded form of the cookie. The decoded byte array.

Applies the transform.

The byte array to be encoded. The encoded cookie.

Represents a WS-Federation Pseudonym Request message. This message is created when the received message wa parameter is "wpseudo1.0".

Initializes a new instance of the class with the specified base URL.

The base URL to which this message applies.

Gets or sets the wpseudo parameter of the message.

A string that contains the value of the wpseudo parameter.

Gets or sets the wpseudoptr parameter of the message.

A string that contains the value of the wpseudoptr parameter. An attempt to set a value that is not a valid URI occurs.

Gets or sets the Reply parameter of the message.

A string that contains the value of the wreply parameter. This is the URL to which the reply should be sent. An attempt to set a value that is not a valid URI occurs.

Gets or sets the wresult parameter of the message.

A string that contains the value of the wresult parameter.

Gets or sets the wresultptr parameter of the message.

A string that contains the value of the wresultptr parameter. This is a URI. An attempt to set a value that is not a valid URI occurs.

No validation is performed by the framework. Users of this class should validate externally.

Writes this message in a query string form to the specified text writer.

The text writer to which to write the message. is .

Provides data for the event.

Initializes an instance of the class by using the specified WS-Federation Passive Sign-in message.

The WS-Federation Passive Sign-in message that will be used to redirect the user to the Identity Provider. is .

Gets or sets the WS-Federation Passive Sign-in message that will be used to redirect the user to the identity provider.

The WS-Federation Sign-in message that will be used to redirect the user to the identity provider. An attempt to set the property to occurs.

Provides data for the event.

Initializes a new instance of the class by using the specified security token.

The issued security token. is .

Initializes a new instance of the class by using the specified security token and sign-in context.

The issued security token. The sign-in context specified in the control. is .

Gets or sets the issued security token.

The issued security token.

Gets the sign-in context specified in the control.

The sign-in context.

Provides data for the event.

Initializes a new instance of the class.

The claims principal resulting from validation of the received . is .

Gets or sets the that results from token validation.

The claims principal that results from token validation.

Represents the element in a configuration file.

Initializes a new instance of the class.

Gets or sets the child element for this element.

The element.

Implements an ASP.NET module that processes session cookies in WS-Federation scenarios.

Initializes a new instance of the class.

Authenticates the incoming request by validating the incoming session token. Upon successful validation, it updates the current HTTP context and thread principal with the specified .

The session security token to use to authenticate the incoming HTTP request. to write the session cookie; otherwise, .

Determines whether a session cookie is in the specified cookie collection.

The collection of cookies in which to search. if a session cookie is found; otherwise, . is .

Gets the active for the current .

The active session security token.

Gets the cookie handler that is used to read, write, and delete session cookies.

The cookie handler.

Creates a from the specified parameters by using the configured session token handler.

The principal to be captured in the token. An application-defined context string. The first instant in which this token is valid. The last instant in which this token is valid. if the value should be persisted by the user agent; otherwise, . The session token. There is not a valid session token handler configured. (There is no configured in the property.)

Deletes the session cookie and removes it from the cache.

Initializes the module and prepares it to handle events from the module's ASP.NET application object.

The HTTP application object that contains this module.

Initializes the module properties based on definitions in the configuration file.

Gets or sets a value that specifies whether the session information (claim values, etc.) should be stored in the session cookie or whether the session content should be stored on the server side, using the cookie to store just a reference.

if issued cookies are in reference mode; otherwise, . The default is , which specifies that issued cookies are not in reference mode.

Handles the event from the ASP.NET pipeline.

The source for the event. This will be an object. The data for the event. There is not a valid session token handler configured. (There is no configured in the property.)

Handles the event from the ASP.NET pipeline.

The source for the event. This will be an object. The data for the event.

Raises the event.

The data for the event.

Raises the event.

The data for the event.

Raises the event.

The data for the event.

Raises the event.

The data for the event.

Raises the event.

The data for the event.

Reads a from the specified session cookie.

The cookie, in raw form, that contains the session token. The session token that was read from the cookie. There is not a valid session token handler configured. (There is no configured in the property.)

Occurs when a session security token has been created.

Occurs when a session security token has been read from a cookie.

Sets the principal on the and to the principal that is contained in the specified session token.

The session token from which to set the principal.

Occurs after the user is signed out.

Occurs before deleting the sign-in session.

Signs the current user out and raises the associated events.

Occurs when there is an error during sign-out.

Attempts to read a from a session cookie and returns a value that indicates whether the session cookie was successfully read.

When this method returns, contains the session security token that was read from the session cookie. if the session cookie was successfully read from the request; otherwise, .

Validates the specified and returns its identities.

The token to validate. The collection of identities that are contained in the token. The token has expired. The token start time is not yet valid. There is not a valid session token handler configured. (There is no configured in the property.)

Writes the specified to a session cookie.

The session security token to write. is . There is not a valid session token handler configured. (There is no configured in the property.)

Provides data for the event and for the event.

Initializes a new instance of the class by using the specified session security token.

The session security token that was created. is .

Gets or sets the session security token that was created.

The session token that was created.

Gets or sets a value that indicates whether a cookie should be written in the response.

to write a cookie in the response; otherwise, . The default is , the cookie is not written in the response.

Provides data for the event.

Initializes a new instance of the class that has the specified session token.

The session security token that was received. is .

Gets or sets a value that specifies whether to reissue the session cookie with the response.

to reissue the session cookie with the response; otherwise, . The default is , the session cookie is not reissued with the response.

Gets or sets the session security token that was received.

The session token that was received.

Resolves session security tokens from the current cache.

Initializes a new instance of the class.

The token cache. The identifier of the endpoint.

Attempts to resolve the security key core, given a specified key identifier clause.

The security key identifier clause. When this method returns, contains the resolved key core. This parameter is passed uninitialized. if the key core was successfully resolved; otherwise, .

Attempts to resolve the token from the specified key identifier.

The key identifier. When this method returns, contains the resolved key core. This parameter is passed uninitialized. if the key token was successfully resolved; otherwise, .

Attempts to resolve the token from the specified key identifier clause.

The key identifier clause. When this method returns, contains the resolved key core. This parameter is passed uninitialized. if the key token was successfully resolved; otherwise, .

Provides data for the event.

Initializes a new instance of the class by using a value that specifies whether sign-out was requested by the identity provider (IP).

if sign-out was requested by the IP; otherwise, .

Gets a that indicates sign-out was initiated by the identity provider (IP).

A that has its property set .

Gets a value that indicates whether sign-out was initiated by the identity provider (IP) via a WS-Federation sign-out clean-up message ("wsignoutcleanup1.0").

if sign-out was initiated by the IP; otherwise, .

Gets a that indicates sign-out was initiated by the relying party (RP).

A that has its property set .

Represents a WS-Federation Sign-In Request message.

Initializes a new instance of the class with the specified base URL and wtrealm parameter.

The base URL to which the sign-in message applies. The value of the wtrealm message parameter. Sets the property. is or an empty string.

Initializes a new instance of the class using the specified base URI, wtrealm parameter, and wreply parameter. Supports non-standard message creation for backward compatibility.

The Base URL to which the sign-in message applies. The value of the wtrealm message parameter. If not or empty, sets the property. The URI to which to reply. (The value of the wreply message parameter.) If not null or empty, sets the property. Both and are or an empty string.

Gets or sets the wauth parameter of the message.

The authentication type. This is specified as a URI. An attempt to set a value that is not a valid, absolute URI occurs.

Gets or sets the wct parameter of the message.

The value of the wct parameter specified as a datetime string in UTC. An attempt to set a value that is not a valid datetime string occurs.

Gets or sets the wfed parameter of the message.

The value of the wfed parameter. This is specified as a URI.

Gets or sets the wfresh parameter of the message.

The value of the wfresh parameter. This should be an integer represented as a string. It specifies the maximum age in minutes that the authentication is valid. Zero indicates that the user should be prompted before the token is issued. An attempt to set a value that is not a string representation of an integer.

Gets or sets the whr parameter of the message.

The value of the whr parameter. This is specified as a URI.

Gets or sets the wp parameter of the message.

The value of the wp parameter. This is specified as a URI. An attempt to set a value that is not a valid, absolute URI occurs.

Gets or sets the wtrealm parameter of the message.

The value of the wtrealm parameter. This is specified as a URI. An attempt to set a value that is not a valid, absolute URI occurs.

Gets or sets the wreply parameter of the message.

The value of the wreply parameter. This is specified as a URI. An attempt to set a value that is not a valid, absolute URI occurs.

Gets or sets the wreq parameter of the message.

The value of the wreq parameter.

Gets or sets the wreqptr parameter of the message.

The value of the wreqptr parameter. An attempt to set a value that is not a valid, absolute URI occurs.

Gets a string representation of the URL that corresponds to this message.

A URL serialized from the current instance.

Gets or sets the wres parameter of the message.

The value of the wres parameter. An attempt to set a value that is not a valid, absolute URI occurs.

Validates the current instance.

The wa parameter (the property) is not set to "wsignin1.0". Neither the wtrealm parameter nor the wreply parameter is present. (The property and the property are or empty.) -or- Both the wreq parameter and the wreqptr parameter are present. (The property and the property are both set.)

Writes this message in query string form to the specified text writer.

The to which to write the message. is .

Represents a WS-Federation Sign-In Response message.

Initializes a new instance of the class by using the specified base URL, response message object, federation serializer, and serialization context.

The base URL to which the sign-in response message applies. The to be returned. The to use to serialize the response. The that contains the context for the serialization. is . -or- is . -or- is . -or- is .

Initializes a new instance of the class with the specified base URL and wresult parameter.

The base URL to which the Sign-In Response message applies. The wresult parameter in the message. is or empty.

Initializes an instance of the class using the specified base URL and wresultptr parameter.

The base URL to which the Sign-In Response message applies. The wresultptr parameter in the message. is .

Gets or sets the wresult parameter of the message.

The value of the wresult parameter.

Gets or sets the wresultptr parameter of the message.

The value of the wresultptr parameter. An attempt to set a value that is not a valid, absolute URI occurs. Can be or empty.

Validates the current instance.

The action parameter (wa) is not "wsignin1.0". Neither the wresult parameter nor the wresultptr parameter is specified -or- Both the wresult parameter and the wresultptr parameter are specified.

Writes this message in a form post format to the specified text writer.

The text writer to which to write the message. is .

Represents a WS-Federation Sign-Out Cleanup message. The message is created when the received message has the action parameter (wa) set to "wsignoutcleanup1.0".

Initializes a new instance of the class with the specified base URL.

The base URL to which this message applies.

Initializes a new instance of the class with the specified base URL and wreply parameter.

The base URL to which this message applies. The value of the wreply parameter. The URL to which the reply should be sent. is either empty or . -or- is not a valid URI.

Gets or sets the wreply parameter of the message.

The value of the wreply parameter. This is the URL to which the reply should be sent. An attempt to set a value that is not a valid, absolute URI occurs.

Validates the current instance.

The wa parameter (the property) is not set to "wsignoutcleanup1.0".

Writes the message in query string form to the specified text writer.

The writer to which to write the message. is .

Represents a WS-Federation sign-out message. This message is created when the received message has the action parameter (wa) set to "wsignout1.0".

Initializes a new instance of the class with the specified base URL.

The base URL to which this message applies. is . is not a valid, absolute URI.

Initializes a new instance of the class with the specified base URL and wreply parameter.

The base URL to which this message applies. The value of the wreply parameter. The URL to which the reply should be sent. is either empty or . -or- is not a valid, absolute URI. is . is not a valid, absolute URI.

Gets or sets the wreply parameter of the message.

The value of the wreply parameter. This is the URL to which the browser should be redirected. An attempt to set a value that is not a valid, absolute URI occurs.

Validates the current instance.

The wa parameter (the property) is not set to "wsignout1.0".

Writes the message in query string form to the specified text writer.

The writer to which to write the message. is .

Processes session tokens by using signing and encryption keys specified in the ASP.NET element in a configuration file.

Initializes a new instance of the class.

Initializes a new instance of the class that has the specified default token lifetime.

The default lifetime for a token. is shorter than or equal to

A that validates a by using a configured .

Initializes a new instance of the class that uses the default membership provider that is configured for the application.

No default membership provider is configured for the application.

Initializes a new instance of the class that uses the specified membership provider.

The membership provider to use to validate tokens.

Gets a value that indicates whether the current instance can validate security tokens of type . Always .

if the token handler can validate user name security tokens; otherwise, . Always .

Loads custom configuration from XML.

The custom XML elements.

Gets the that is configured for the current instance.

The configured membership provider.

Validates the specified security token by using the configured .

The security token to be validated. The identities that are contained in the token. is . is not an instance of . failed validation with the configured .

The is an HTTP module which is used to secure an ASP.NET application by enforcing federated authentication settings on incoming requests. The is the main module that WIF offers out of the box for handling claims-based identity access in ASP.NET applications. The raises several events, which allows ASP.NET developers to change the default behavior and control the details of how authentication and claims processing take place. The functionality is divided into task-specific methods.

Called by constructors in derived classes to initialize the class.

Gets or sets the value of the wauth parameter to use in WS-Federation sign-in requests ("wsignin1.0").

A URI that specifies the authentication type.

Occurs when the module is determining whether it should redirect the user to the configured issuer to authenticate.

Returns a value that indicates whether the specified HTTP request is a WS-Federation sign-in response message. If the message is a WS-Federation sign-out clean-up message ("wsignoutcleanup1.0"), this method processes the request.

The incoming HTTP request. if the specified HTTP request contains a form POST in which the wa parameter is set to "wsignout1.0" and the wresult parameter is not empty; otherwise, . is .

Returns a value that indicates whether the specified HTTP request is a WS-Federation sign-in response message. If the message is a WS-Federation sign-out clean-up message ("wsignoutcleanup1.0"), this method processes the request.

The incoming HTTP request. if the call originates while processing a page request. if the caller is an HTTP module. This parameter determines how to terminate processing or send redirects if the incoming message is a WS-Federation sign-out cleanup message ("wsignoutcleanup1.0"). if the specified HTTP request contains a FORM post in which the wa parameter is set to "wsignout1.0" and the wresult parameter is not empty; otherwise, . is .

Creates a WS-Federation sign in request message by using the WS-Federation parameters configured on the module.

The WSFAM saves this value in the wctx parameter in the WS-Federation sign in request; however, the module does not use it when processing sign-in requests or sign-in responses. You can set it to any value. It does not have to be unique. The URL to which the module should return upon authentication. The WSFAM saves this value in the wctx parameter in the WS-Federation sign in request; however, the module does not use it when processing sign-in requests or sign-in responses. You can set it either or . The WS-Federation sign-in request message. The property is or an empty string. -or- The property is or an empty string.

Signs out at the specified security token service (STS) by using the WS-Federation protocol.

The URL of the STS to receive the WS-Federation sign-out request message. Cannot be . The URL to be sent as the wreply value in the sign-out request message. is not and is not an absolute URI. -or- is not and is not an absolute URI. is .

Gets or sets the value of the wfresh parameter to use in WS-Federation sign-in requests ("wsignin1.0").

The desired maximum age of authentication requests, in minutes.

Returns a URL that represents a WS-Federation sign-out request addressed to the specified issuer and that contains the specified wreply parameter and the specified additional parameters.

The issuer address. The address of the security token service (STS) to which to direct the request. A URL that specifies the address to return to after sign-out. This sets the wreply parameter in the sign-out request. Can be or empty if no wreply parameter should be included in the generated sign-out request. This should be an absolute URI. Additional query string parameters to be included in the sign-out request. Can be or empty if no additional to be parameters included in the generated sign-out request. This should be a relative URI. A URL that contains a WS-Federation passive sign-out request that is built by using the specified parameters. is .

Gets the issuance result (typically the issued token) from the specified URL. Resolves the URL specified in the wresultptr parameter in a sign-in response message.

The URL that specifies the address of the issuance result. The issuance result that was referenced by the URL. This method is not supported in the base class. You must override it in a derived class.

Extracts the URL of the page that was originally requested from the sign-in response.

The HTTP request that contains a form POST, which contains the WS-Federation sign-in response message. The URL of the page that was originally requested by the client. This is the URL (at the relying party) to which the client should be redirected following successful sign-in. is .

Reads a security token from the specified WS Federation sign-in response message.

The sign-in response message from which to read the token. The security token that was read from the message. is .

Reads a security token from the specified HTTP request.

The HTTP request from which to read the token. The security token that was read. is .

Gets a string that should be persisted with the session cookie in the property.

The string to persist in the session cookie. The property is .

Reads a object from the form POST represented by the specified HTTP request.

The HTTP request from which to read the sign-in response message. The request should represent a form POST. The sign-in response message that was created. is . A sign-in response message could not be read from the specified request.

Determines the URL to which to redirect when processing a WS-Federation sign-out clean-up request (wsignoutcleanup1.0) that contains a wreply parameter.

The sign-out clean-up request. The URL to redirect to. has a property that is or empty. is .

Extracts the issued token from the specified WS-Federation sign-in response message.

The sign-in response message to extract the token from. The sign-in response contains the token issued by the STS. A string that contains the XML that represents the issued token. This is a element. is . does not contain a token. (It does not contain a valid wresult or wresultptr parameter.)

Extracts the issued token from the specified WS-Federation sign-in response message by using the specified WS-Federation serializer.

The sign-in response message to extract the token from. The sign-in response contains the token issued by the STS. The WS-Federation serializer to use to de-serialize the sign-in response message. A string that contains the XML that represents the issued token. This is a element. is .

Gets or sets the value of the whr parameter to use in WS-Federation sign-in requests ("wsignin1.0").

The address of the identity provider.

Initializes the module and prepares it to handle events from the module's ASP.NET application object.

The HTTP application object that contains this module. is .

Initializes the module properties based on the configuration specified by the property of the module.

Gets a value that indicates whether the specified request is a WS-Federation sign-in response message.

The incoming HTTP request. if the request is a WS-Federation sign-in response message; otherwise, . is .

Gets or sets a URI that identifies the intended issuer of the security token.

The URI that identifies the security token service (STS). An attempt to set the property to or an empty string occurs. -or- An attempt to set the property to a value that is not a valid, absolute URI occurs.

Handles the event from the ASP.NET pipeline.

The source for the event. This will be an object. The data for the event.

Raises the event.

The data for the event.

Handles the event from the ASP.NET pipeline.

The source for the event. This will be an object. The data for the event.

Handles the event from the ASP.NET pipeline.

The source for the event. This will be an object. The data for the event.

Raises the event.

The data for the event.

Raises the event.

The data for the event.

Raises the event.

The data for the event.

Raises the event.

The data for the event.

Raises the event.

The data for the event.

Raises the event.

The data for the event.

Raises the event.

The data for the event.

Gets or sets a value that specifies whether the module is enabled to initiate WS-Federation protocol redirects.

to enable redirects; otherwise, .

Gets or sets a value that specifies whether a persistent session cookie is issued on successful authentication.

to issue a persistent session cookie; otherwise, .

Gets or sets the value of the wp parameter to be used in WS-Federation sign-in requests ("wsignin1.0").

A URL that identifies the policy to use.

Gets or sets the value of the wtrealm parameter to be used for WS-Federation sign-in requests ("wsignin1.0").

A URI that identifies the relying party (RP) to the security token service (STS). An attempt to set the property to or an empty string occurs. -or- An attempt to set the property to a value that is not a valid, absolute URI occurs.

Occurs when the module is going to redirect the user to the identity provider.

Redirects the user to the security token service (STS) specified by the property to obtain a security token using the WS-Federation protocol.

The WSFAM saves this value in the wctx parameter in the WS-Federation sign in request; however, the module does not use it when processing sign-in requests or sign-in responses. You can set it to any value. It does not have to be unique. For more information, see the method. The URL to which the module should return upon authentication. The WSFAM saves this value in the wctx parameter in the WS-Federation sign in request; however, the module does not use it when processing sign-in requests or sign-in responses. You can set it either or . is or an empty string. -or- is or an empty string. -or- The property is or empty. -or- The property of the context returned by is or empty.

Gets or sets the value of the wreply parameter to use in WS-Federation sign-in requests ("wsignin1.0").

A URL that identifies the address at which the relying party (RP) application would like to receive replies from the Security Token Service (STS). An attempt to set the property to a value that is not a valid, absolute URI occurs.

Gets or sets the value of the wreq parameter to use in WS-Federation sign-in requests ("wsignin1.0").

The token issuance request expressed as a element.

Gets or sets the value of the wreqptr parameter to use in WS-Federation sign-in requests ("wsignin1.0").

A URL that specifies the location of the token issuance request expressed as a element An attempt to set the property to a value that is not a valid, absolute URI occurs.

Gets or sets a value that specifies whether communication with the security token service (STS) must use HTTPS protocol.

if communication with the STS must be secured using HTTPS; otherwise, .

Gets or sets the value of the wres parameter to use in WS-Federation sign-in requests ("wsignin1.0").

A URI that identifies the resource being accessed, the relying party (RP), to the to the security token service (STS).

Occurs when a security token has been received from a security token service (STS).

Occurs after a security token that was received from the security token service (STS) has been validated but before the session security token is created.

Occurs when a session security token has been created from the security token received from a security token service (STS).

Sets the thread principal and optionally writes the session cookie.

The session security token that was created from the WS-Federation sign-in response message from the STS. to write a cookie that represents the session included with the response; otherwise, . is .

Occurs after the user is signed in.

Occurs just after deleting the session during sign-out.

Performs sign-in to a security token service (STS) through the WS-Federation protocol.

The WSFAM saves this value in the wctx parameter in the WS-Federation sign in request; however, the module does not use it when processing sign-in requests or sign-in responses. You can set it to any value. It does not have to be unique. For more information, see the method.

Gest or sets an application specific context value to be included in the wctx parameter in WS-Federation sign-in requests.

The application specific context value to be included in the wctx parameter for sign-in requests.

Raised when an error during sign-in occurs.

Occurs before deleting the session during sign-out.

Gets or sets a query string that contains any additional parameters to be sent in WS-Federation sign-in requests ("wsignin1.0").

A URL fragment that contains the additional message parameters in the following format: param1=value1&param2=value2&paramN=valueN. The default is an empty string. An attempt to set the property to occurs.

Signs out of the current session and requests a redirect back to the URL specified in the current HTTP request.

Signs out of the current session and raises the appropriate events.

if the request was initiated by the IP-STS via a WS-Federation sign-out cleanup request message ("wsignoutcleanup1.0"); otherwise, .

Signs out of the current session and requests a redirect back to the specified URL.

The URL to which the browser should be redirected after the session is deleted. is not a valid URI.

Signs out of the current session and requests a redirect back to the specified URL.

The URL to which the browser should be redirected after sign-out. Always set . Setting this parameter to is not supported. is not a valid URI. The class throws this exception if is . Do not set this parameter to .

Raised when an error occurs during sign-out.

Gets or sets a query string that contains any additional parameters to be sent in WS-Federation sign-out requests ("wsignout1.0").

A URL fragment that contains the additional message parameters in the following format: param1=value1&param2=value2&paramN=valueN. The default is an empty string. An attempt to set the property to occurs.

Gets or sets the value of the wreply parameter to use during WS-Federation sign-out requests ("wsignout1.0").

The URL to which the client should be redirected by the security token service (STS) following sign-out through the WS-Federation protocol.

Verifies that the and properties are non-empty, and, that, if the property is , that the URIs specified for and are HTTPS-compliant.

is or an empty string. -or- is or an empty string. -or- is and not HTTPS-compliant. -or- is and not HTTPS-compliant.

Gets or sets the object to use when deserializing WS-Federation sign-in response messages to get the token issued by the security token service (STS).

The object to use when deserializing WS-Federation sign-in response messages to get the token issued by the security token service (STS). An attempt to set the property to occurs.

Represents a WS-Federation message and defines the base class from which more specialized WS-Federation message classes derive.

Initializes a new instance of the class from the base URL to which the message applies and the action to be performed (the wa message parameter).

The base URL to which the WS-Federation message applies. This is the URL without any query parameters. Sets the property. The wa parameter of the message. Specifies the action to be performed; for example "wsignin1.0" for a WS-Federation sign-in request. Sets the property. is . is or an empty string. is not a valid, absolute URI.

Gets or sets the wa parameter of the message.

The value of the wa parameter. An attempt to set a value that is or empty occurs.

Gets or sets the wctx parameter of the message.

The value of the wctx parameter.

Creates a WS-Federation message from the form post received in the specified request.

The request that contains the form post. The message that was created or if a message cannot be created. is .

Creates a WS-Federation message from a of parameters.

The base URL to which the message is intended. The that contains the parameters for the message. The message that was created or if a message cannot be created. is . -or- is . The wa parameter in the parameter collection is not recognized. A sign-in response message has both the wresult and wresultptr parameter in the parameter collection. (A valid sign-in response message has the wa parameter equal to "wsignin1.0" and either the wresult or the wresultptr parameter, but not both.)

Creates a WS-Federation message from the specified URI. The parameters are assumed to be specified in the query string.

The URI from which to create the message. Message parameters are specified in the query string. The wa parameter must be present. The message that was created. is . A message cannot be created from the specified URI.

Gets or sets the wencoding parameter of the message.

The value of the wencoding parameter.

Attempts to create a WS-Federation message from the specified URI. The parameters are assumed to be specified as a query string.

The URI from which to create the message. Message parameters are specified in the query string. The wa parameter must be present. When this method returns, contains the message that was created or if a message could not be created. This parameter is treated as uninitialized. if a message was successfully created; otherwise, . is .

The exception that is thrown when an error occurs while serializing or deserializing a WS-Federation message.

Initializes a new instance of the class.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

The error message that explains the reason for the exception. The that is the cause of the current exception. If the innerException parameter is not , the current exception is raised in a block that handles the inner exception.

Provides methods to convert a WS-Federation message to and objects, which are WS-Trust protocol specific.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified request and response serializers.

The WS-Trust Serializer to use to read the request (RST). The WS-Trust Serializer to use to write the response (RSTR). is . -or- is .

Initializes a new instance of the class based on the namespace of the response XML.

An opened on the response XML. is .

Checks whether the specified string is a wst:RequestSecurityToken message with a namespace that is recognized by the wrapped .

The WS-Trust message to check. if the message is a valid wst:RequestSecurityToken message with a namespace that matches the WS-Trust protocol that this supports; otherwise, .

Checks whether the specified string is a wst:RequestSecurityTokenResponse message with a namespace that is recognized by the wrapped .

The WS-Trust message to check. if the message is a valid wst:RequestSecurityTokenResponse message with a namespace that matches the WS-Trust protocol that this supports; otherwise .

Converts a WS-Federation Sign-In Request message to a object that the security token service (the class) can consume.

The message to convert. This should be an instance of . The current serialization context. A object that represents the converted Sign-In Request message. is null. -or- is . The message is not of type . -or- The object is missing required information to construct a valid object.

Converts a WS-Federation Sign-In Response message object to a object.

The message to convert. This should be an instance of . The current serialization context. A object that represents the converted Sign-In Response message. is . -or- is . The message is not of type . -or- The object is missing required information to construct a valid object.

Gets the wreq string from a referenced URL.

The URL of the request data. The request data from the URL. Thrown by the default implementation.

Gets the wresult string from a referenced URL.

The URL of the result data. The request data from the URL. Thrown by the default implementation.

Serializes the specified object into a string.

The object to serialize. The current serialization context. A serialized string representation of the object. is . -or- is .

Serializes the specified object into a string.

The object to serialize. The current serialization context. A serialized string representation of the object. is . -or- is .