<add>

Adds the specified security token handler to the token handler collection.

<configuration>
  <system.identityModel>
    <identityConfiguration>
      <securityTokenHandlers>
        <add>

Syntax

<system.identityModel>  
  <identityConfiguration>  
    <securityTokenHandlers>  
      <add type=xs:string>  
        <optionalConfigurationElement>  
        </optionalConfigurationElement>  
      </add>  
    </securityTokenHandlers>  
  </identityConfiguration>  
</system.identityModel>  

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description
type The CLR type name of the token handler to be added. For more information about how to specify the type attribute, see Custom Type References.

Child Elements

Element Description
<samlSecurityTokenRequirement> Provides configuration for the SamlSecurityTokenHandler class, the Saml2SecurityTokenHandler class, or a derived class of either of these classes.
<sessionTokenRequirement> Provides configuration for the SessionSecurityTokenHandler class or derived classes.
<userNameSecurityTokenHandlerRequirement> Provides configuration for the MembershipUserNameSecurityTokenHandler class or derived classes.
<x509SecurityTokenHandlerRequirement> Provides optional configuration for the X509SecurityTokenHandler class or derived classes.

Parent Elements

Element Description
<securityTokenHandlers> Specifies a collection of security token handlers that are registered with the endpoint.

Remarks

The <add> element can take a single child element that specifies the configuration for the token handler. This is dependent on whether the handler class referenced through the type attribute of the <add> element provides support for this feature. Token handler classes that provide this feature must expose a constructor that takes an XmlElement object.

public class CustomTokenHandler : Microsoft.IdentityModel.Tokens.SecurityTokenHandler  
{  
    public CustomTokenHandler( XmlElement customConfig )  
    {  
    }  
}  

Several of the built-in security token handler classes do provide this functionality. These classes are SamlSecurityTokenHandler, Saml2SecurityTokenHandler, MembershipUserNameSecurityTokenHandler, X509SecurityTokenHandler, and SessionSecurityTokenHandler.

Important

The token handler collection can only contain a single handler of any given type. This means, for example, that if you want to add a handler that is derived from the Saml2SecurityTokenHandler class to the collection, you must first remove the Saml2SecurityTokenHandler, which is present by default, from the collection. You can use the <remove> element to remove a single handler from the collection or use the <clear> element to remove all handlers from the collection.

Settings specified on a handler override equivalent settings specified on the token handler collection under the <securityTokenHandlerConfiguration> element and those specified at the service-level under the <identityConfiguration> element.

Example

The following XML shows the use of the <add> and <remove> elements to replace the default session token handler with a custom session token handler. The XML is taken from the ClaimsAwareWebFarm sample.

<securityTokenHandlers>  
  <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />  
  <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />  
</securityTokenHandlers>