search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
added SSCLI 1.0
[windows-sources.git] / sdk / samples / WCFSamples / TechnologySamples / Scenario / Federation / VB / BookStoreSTS / Web.config
blob25130f84d930400245628877c99270bec9c24226
1 <?xml version="1.0" encoding="utf-8" ?>
2 <!--
3 Copyright (c) Microsoft Corporation. All rights reserved.
4 -->
5 <configuration>
6 <appSettings>
7 <add key="bookDB" value="BookDB.txt" />
8 <add key="certDistinguishedName" value="CN=BookStoreSTS.com" />
9 <add key="targetDistinguishedName" value="CN=BookStoreService.com" />
10 <add key="issuerDistinguishedName" value="CN=HomeRealmSTS.com" />
11 </appSettings>
12
13 <system.serviceModel>
14 <behaviors>
15 <serviceBehaviors>
16 <behavior name="BookStoreSTSBehavior">
17 <serviceCredentials>
18 <!--
19 The serviceCredentials behavior allows one to define a service certificate.
20 A service certificate is used by a client to authenticate the STS and provide message protection.
21 This configuration references the "BookStoreSTS.com" certificate installed during setup of the sample.
22 -->
23 <serviceCertificate storeLocation="LocalMachine"
24 storeName="My"
25 x509FindType="FindBySubjectName"
26 findValue="BookStoreSTS.com" />
27 <!--
28 The serviceCredentials behavior allows one to define validation parameters for issued tokens.
29 This configuration adds the "HomeRealmSTS.com" certificate to a list of known certificates. This
30 means that the STS will accept tokens issued by "HomeRealmSTS.com".
31 -->
32 <issuedTokenAuthentication>
33 <knownCertificates>
34 <add storeLocation ='LocalMachine'
35 storeName ='TrustedPeople'
36 x509FindType ='FindBySubjectName'
37 findValue ='HomeRealmSTS.com' />
38 </knownCertificates>
39 </issuedTokenAuthentication>
40 </serviceCredentials>
41 <!--
42 The serviceMetadata behavior allows one to enable metadata (e.g. WSDL, Policy) publishing.
43 This configuration enables publishing of such data over HTTP GET.
44 -->
45 <serviceMetadata httpGetEnabled ="true" />
46 </behavior>
47 </serviceBehaviors>
48 </behaviors>
49
50 <bindings>
51 <wsFederationHttpBinding>
52 <!-- This is the binding for the clients requesting tokens from this STS. It redirects clients to the HomeRealm STS -->
53 <binding name='BookStoreSTSBinding'>
54 <security mode='Message'>
55 <message>
56 <issuerMetadata address='http://localhost/FederationSample/HomeRealmSTS/STS.svc/mex' >
57 <!--
58 The HomeRealm STS will, in all likelyhood, be running on a machine whose domain name
59 is NOT HomeRealmSTS.com, but will identify itself using a certificate containing
60 "HomeRealmSTS.com" as its subject name. The identity configuration element here tells
61 consumers of the service to expect a DNS name of "HomeRealmSTS.com" when talking to
62 the HomeRealm STS.
63 -->
64 <identity>
65 <dns value ='HomeRealmSTS.com' />
66 </identity>
67 </issuerMetadata>
68 </message>
69 </security>
70 </binding>
71 </wsFederationHttpBinding>
72 </bindings>
73
74 <services>
75 <service name="Microsoft.ServiceModel.Samples.Federation.BookStoreSTS"
76 behaviorConfiguration="BookStoreSTSBehavior">
77 <!--
78 This is the HTTP endpoint that supports clients requesing tokens. This endpoint requires that clients
79 authenticate using a token issued by the "HomeRealmSTS.com" STS.
80 -->
81 <endpoint address=""
82 binding="wsFederationHttpBinding"
83 bindingConfiguration='BookStoreSTSBinding'
84 contract="Microsoft.ServiceModel.Samples.Federation.ISecurityTokenService" />
85 <!--
86 This is the HTTP endpoint that supports IMetadataExchange.
87 -->
88 <endpoint address="mex"
89 binding="mexHttpBinding"
90 contract="IMetadataExchange" />
91 </service>
92 </services>
93 </system.serviceModel>
94
95 </configuration>
96
97