System.Web.Security.SingleSignOn Namespace
Contains the types that expose the Single Sign-on functionality for Active Directory Federation Services (ADFS).
Class | Description | |
---|---|---|
AccountStore | Represents a service that defines identities and attributes for controlling user access to Web site resources, such as Active Directory Domain Services. |
|
AccountStoreCollection | Defines methods and properties for a collection of AccountStore objects. |
|
ActiveDirectoryAccountStore | An Active Directory account store. |
|
ActiveDirectoryGroupClaim | A type of GroupClaim that has an active directory group object associated with it. If the organizational claims in the token contain an ActiveDirectoryGroupClaim object, that security principal is considered a member of the Active Directory group object associated with it. |
|
ADGroupGeneration | Configures an ActiveDirectoryAccountStore so that the Federation Server generates group claims at run-time for authenticated users. Claims configurations are based on specified attributes, such as the common name (CN) attribute, e-mail addresses, UPNs, group SIDs or custom attributes, such as titles. |
|
ADGroupGenerationCollection | A collection of ADGroupGeneration objects. |
|
BoundedSizeLogFileTraceListener | Directs tracing or debugging output to a Writer. |
|
CertificateChainContext | A managed wrapper for the native CERT_CHAIN_CONTEXT structure. For more information about the CERT_CHAIN_CONTEXT structure, see "CERT_CHAIN_CONTEXT" in security section of the MSDN library. |
|
CertificateContext | A managed wrapper for the native CERT_CONTEXT structure. For more information about the CERT_CONTEXT structure, see "CERT_CONTEXT" in security section of the MSDN library. |
|
CertificateException | The exception thrown when a certificate error occurs. |
|
CertificateHasNoPrivateKeyException | Configured signing certificates should contain private keys that are used to sign data. This exception is thrown if the certificate configured as a signing certificate does not have its private key. |
|
CertificateNotFoundException | The exception thrown when a certificate is not found. |
|
CertInfo | This API supports the product infrastructure and is not intended to be used directly from your code. The CertInfo object supports the AD FS infrastructure and is not intended to be used directly from your code. Used by the X509VerificationMethod to identify a particular certificate in the FederationCertificates certificate store of the TrustPolicy. |
|
CertInfoCollection | A collection of CertInfo objects. |
|
ClaimFactory | Creates different types of claim, claim generation, and claim transformation objects. |
|
ClaimFilteringTransform | A transform for claim filtering on the trusting realm. The claim filtering will apply to the TrustingRealmClaimTransformation object. The application applies the filters while it is processing corporate claims and outgoing claims on the resource side of the Federation Server. The ClaimFilteringTransform object specifies how incoming claims will be filtered for a TrustingRealm or a TrustingApplication object. |
|
ClaimsMappingException | The exception that is thrown if the Federation Service encountered an exception during claims mapping. |
|
ClientCredentialInfo | Contains information about client credentials, such as the authentication method that the client uses, information about the certificate, the client name and password, the account store URI, and so on. |
|
CommonNameClaimTransform | A transform to use for common name (CN) claims. |
|
CorporateClaims | A collection of group claims and custom claims that have relevance in a particular organization. |
|
CorporateClaimUuidCollection | A collection of universal unique identifiers (UUIDs) for corporate claims. |
|
CredentialsVerificationException | The exception that is thrown when credentials verification fails. |
|
CredentialsVerificationInfo | Contains the detailed results of credentials verification. Details include information about the Account Store that verified or failed to verify the credentials, resulting success or failure codes, and other information that could be useful for a detailed audit. |
|
CustomClaim | A custom claim on a trusting or trusted realm. |
|
CustomClaimCollection | A collection of CustomClaim objects. |
|
CustomClaimLdapAttribute | A class that defines a method for mapping LDAP attributes to CustomClaims. |
|
CustomClaimLdapAttributeCollection | A collection of CustomClaimLdapAttribute objects. |
|
CustomClaimTransform | A transform for a custom claim. |
|
CustomClaimTransformCollection | A collection of CustomClaimTransform objects. |
|
CustomModule | Provides a reference to a user provided extensibility class. Custom modules implement interfaces defined in WebSSO. |
|
CustomTransform | The transform to use for the CustomModule. Provides a reference to a user provided extensibility class which implements the IClaimTransform interface. |
|
DebugLogSwitch | This class supports the AD FS infrastructure and is not intended to be used directly from your code. An abstract base class for debug tracing. |
|
FederationCertificates | AD FS token verification certificates in the Federation Service Certificate Store. |
|
FederationServerConfiguration | This class supports the AD FS infrastructure and is not intended to be used directly from your code. Encapsulates the configuration parameters of the federation server from web.config. |
|
FederationServerConfigurationHandler | This class supports the AD FS infrastructure and is not intended to be used directly from your code. Invoked by ASP.NET to load configuration changes made to the web.config. |
|
FederationServerService | This class supports the AD FS infrastructure and is not intended to be used directly from your code. Represents a Federation Server Web service. |
|
FederationServerSoapProxy | This API supports the product infrastructure and is not intended to be used directly from your code. This class supports the AD FS infrastructure and is not meant to be used directly from your code. The AD FS Web Agent and the Federation Service Proxy use this class to communicate with the Federation Server. |
|
FsInformationData | This class supports the AD FS infrastructure and is not meant to be used directly from your code. This class encapsulates the FS trust information that is retrieved by the WS by means of the GetFsTrustInformation web method call. |
|
GroupClaim | A group claim for the trusting or trusted realm. |
|
GroupClaimCollection | A collection of GroupClaim objects. |
|
GroupClaimTransform | A transform for a GroupClaim object. |
|
GroupClaimTransformCollection | A collection of GroupClaimTransform objects. |
|
GroupLdapAttribute | Specifies how to populate a GroupClaim based on the value of an LDAP user attribute, when added to a GroupLdapAttributeCollection as part of an LdapClaimGeneration object for an AccountStore. At authentication time, the LDAP attribute specified in the GroupAttribute property will be queried, and if any of its values match the value specified in GroupAttributeValue it will cause the group claim, identified by CorporateGroupUuid, to be added to the user claims. If using an active scripting language like VBScript, the recommended method for constructing a GroupLdapAttribute object is CreateGroupLdapAttribute. |
|
GroupLdapAttributeCollection | A collection of GroupLdapAttribute objects. |
|
GroupToUpnClaimTransform | Transforms a GroupClaim to a UpnClaim. |
|
GroupToUpnClaimTransformCollection | An ordered list of GroupToUpnClaimTransform objects. |
|
KerberosSigningMethod | Defines a way for the Federation Service to digitally sign an AD FS token for an application (represented in the trust policy by a TrustingApplication object). Such tokens are signed using symmetric keys which are securely shared using the Kerberos security protocol of a Windows forest. A KerberosSigningMethod defined for a particular application overrides the global default X509SigningMethod defined in a Federation Service’s web.config file. Because the KerberosSigningMethod utilizes a cached symmetric session key, it may provide performance benefits over the default asymmetric-key-based signing method. |
|
KerberosVerificationMethod | This class supports the AD FS infrastructure and is not intended to be used directly from your code. The KerberosVerificationMethod class is used by the AD FS web agents to verify AD FS tokens with Kerberos-based digital signatures. |
|
LdapClaimGeneration | Defines a way of populating claims for an LDAP-based account store (represented by an LdapDirectoryAccountStore object in the trust policy). Attributes on user objects can be mapped into email, UPN, common name, group, or custom claims. The UPNAttribute property must be null when the LdapClaimGeneration applies to Active Directory. |
|
LdapDirectoryAccountStore | Specifies properties about connecting to, authenticating users against, and generating claims from an LDAP-based account store. As a top level member of the TrustPolicy’s TrustedAccountStores collection, it represents an ADAM account store. As a property of an ActiveDirectoryAccountStore object it specifies LDAP-related configuration for Active Directory. |
|
LogonServerConfigurationHandler | Reads configuration data for the Logon Server component of AD FS, which runs on the Federation Service and Federation Service Proxy and is responsible for handling protocol requests to the endpoint URL. |
|
LSAuthenticationModule | Implements the Logon Server component of AD FS, which runs on the Federation Service and Federation Service Proxy and is responsible for handling protocol requests to the endpoint URL. |
|
LSAuthenticationObject | Allows web forms (like clientlogon.aspx) to interact with the Federation Service or Federation Service Proxy on which they are running. |
|
LSCleanupFormContext | Provides the information necessary for a Web form to perform state cleanup. |
|
LSCredentialFormContext | Provides the information needed for a Web form to collect credentials. |
|
LSDiscoveryFormContext | Provides the information necessary for a Web form to discover the client home realm. |
|
LSFormContext | Enables the logon server to communicate to ASP.NET Web forms that it invokes. This object may be cast to a more specific context type based on the value in the CurrentAction property. |
|
LSPolicyFormContext | Provides the information needed for the PolicyEnforcement action. |
|
MetabaseHelper | This class supports the AD FS infrastructure and is not intended to be used directly from your code. The MetabaseHelper class exposes configuration functionality through COM to the AD FS Web Agent for Windows NT Token management UI. |
|
Namespaces | This class supports the AD FS infrastructure and is not intended to be used directly from your code. The Namespaces class is used to override the default WS* and claims namespaces used by AD FS when generating WS-Federation Passive Requester Interoperability Profile messages and SAML tokens. |
|
NameSuffixTransform | Configured as part of a TrustingRealmClaimTransformation object to specify how to transform email or UPN suffixes for consumption by a resource partner. |
|
NameSuffixValidationTransform | Configured as part of a TrustedRealmClaimTransformation object to indicate the e-mail or UPN namespaces for which an account partner is trusted to issue tokens. The NameSuffixValidationTransform class is part of the Federation Service’s trust policy configuration. |
|
NoAcceptableCredentialException | The exception that is thrown when no acceptable credential is provided. |
|
ProxyConfigurationInformation | Specifies the configuration information that the Federation Server and any Federation Server proxies use to write cookies. The ProxyConfigurationInformation class is part of the Federation Service’s trust policy configuration. |
|
ProxyInformation | This class supports the AD FS infrastructure and is not intended to be used directly from your code. A ProxyInformation object is retrieved by a Federation Service proxy by calling GetFsTrustInformation, and contains configuration information necessary for the proxy to function. |
|
RSTRResult | This API supports the product infrastructure and is not intended to be used directly from your code. This class supports the AD FS infrastructure and is not intended for public use. An RSTRResult object is used by the Federation Service to return the result of the LsRequestSecurityToken and LsRequestSecurityTokenWithCookie methods. |
|
SigningMethod | This class supports the AD FS infrastructure and is not intended to be used directly from your code. Its derived classes are part of the Federation Service’s trust policy configuration. However, user code should not derive from this class. |
|
SingleSignOnIdentity | Used by the ASP.Net web application to get direct claim information about the authenticated client. The web application can also control the occurrences of redirects to the logon server. |
|
SingleSignOnMembershipProvider | The SingleSignOnMembershipProvider class is intended for use by the Windows Sharepoint Services (WSS) version 3 scenario. |
|
SingleSignOnRoleProvider | The SingleSignOnRoleProvider class is intended to be used for the Windows SharePoint Services version 3 scenario. |
|
TrustConfigurationData | This API supports the product infrastructure and is not intended to be used directly from your code. The TrustConfigurationData class supports the AD FS infrastructure and is not intended to be used directly from your code. |
|
TrustedRealm | The trusted realm which represents a trusted account partner. |
|
TrustedRealmClaimTransformation | Defines the claim transformations used in the trust policy. These objects will be used for incoming corporate claim transformations from the TrustedRealm (account partner) this transformation is defined on. |
|
TrustedRealmCollection | A collection of TrustedRealm objects. |
|
TrustedWindowsDomains | Represents Windows domains that are allowed from this account partner, assuming this realm is a Windows realm. For example, this partner is in a forest which is trusted by the forest to which this Federation Server is joined. |
|
TrustingApplication | Gets or sets a TrustingRealmClaimTransformation to use for transforming claims for this trusting application. |
|
TrustingApplicationCollection | A collection of TrustingApplication objects. |
|
TrustingRealm | The trusting realm represents a trusting resource partner. |
|
TrustingRealmClaimTransformation | Defines the claim transformations used in the trust policy. The TrustingRealmClaimTransformation objects will be used for outgoing corporate claim transformations to the TrustingRealm (resource partner) that this transformation is defined on. |
|
TrustingRealmCollection | A collection of TrustingRealm objects. |
|
TrustPolicy | Administers the trust policy. |
|
TrustPolicyEntry | This class supports the AD FS infrastructure and is not meant to be used directly from your code. Represents an entry in a TrustPolicy object. |
|
TrustPolicyEntryBase | This class supports the AD FS infrastructure and is not meant to be used directly from your code. The base entry for a trust policy. |
|
TrustPolicyEntryCollection | A collection of TrustPolicyEntry objects. |
|
TrustPolicyFactory | Creates trust policies. If you are using an active scripting language like VBScript, this is the recommended class for constructing or loading a TrustPolicy object. |
|
TrustPolicyStringCollection | This class supports the AD FS infrastructure and is not meant to be used directly from your code. A collection of strings used for a trust policy. |
|
TrustRealm | The trust realm. This serves as the base class for trust entities like realms and applications in the Trust policy. |
|
UpnClaim | Represents a claim that has a user principal name (UPN) in a Kerberos format. For example, user@contoso.com. |
|
UserValidationInfo | Defines information returned by an account store after validating user credentials. |
|
VerificationMethod | Contains the certificates and SPNS used by the Federation Server to sign tokens. This class is abstract. |
|
VersionInformation | Version information for a software application. Use VersionInformation when retrieving trust information. |
|
WebSsoAuthenticationEventArgs | This class supports the AD FS infrastructure and is not intended for public use. |
|
WebSsoAuthenticationModule | Acts as the resource Web Server HttpModule. Enables ASP.NET applications to use AD FS for authentication. |
|
WebSsoConfigurationException | Thrown by AD FS for configuration errors either in the web.config or the trust policy. |
|
WebSsoConfigurationHandler | This API supports the product infrastructure and is not intended to be used directly from your code. This class supports the AD FS infrastructure and is not intended to be used directly from your code. A WebSSO configuration handler object. |
|
WebSsoTokenVerifier | This API supports the product infrastructure and is not intended to be used directly from your code. This class supports the AD FS infrastructure and is not intended to be used directly from your code. Verifies incoming tokens when called by the authentication service. |
|
WrongPrincipalException | An exception thrown if the security token, based on collected credentials, pertains to a different principal than the current accelerator token. |
|
X509SigningMethod | This API supports the product infrastructure and is not intended to be used directly from your code. This class supports the AD FS infrastructure and is not intended to be used directly from your code. The X509SigningMethod class describes a method of signing tokens using an X509 certificate and its associated private key. |
|
X509VerificationMethod | Manages the list of certificates used by the Federation Server and is used by the TrustedRealm object. The RevocationFlags enumeration passed to the TrustedRealm object is used by the X509VerificationMethod Class. This is a helper object that is used in coding modifications to trust policies. |
Interface | Description | |
---|---|---|
IAccountStore | This class supports the AD FS infrastructure and is not meant to be used directly from your code. |
|
IClaimTransform | Extends the options for how claim transformations are handled by the Federation Server. Use this interface to customize claim transformations and write code to implement those customized transformations. You must register the class that implements this interface by using the CustomTransformation property of the TrustPolicy class, or by specifying it in the Federation Server Administration snap-in. |
|
IFederationServer | This interface supports the AD FS infrastructure and is not intended to be used directly from your code. The IFederationServer interface provides a layer of abstraction to allow the LSAuthenticationObject to function in the same way regardless of whether the FederationServerService object is located in the same process. |
|
IMetabaseHelper | This API supports the product infrastructure and is not intended to be used directly from your code. This interface supports the AD FS infrastructure and is not intended to be used directly from your code. The IMetabaseHelper interface exposes configuration functionality through COM to the AD FS Web Agent for Windows NT Token management UI. |
|
IWebSsoTokenVerifier | This interface supports the AD FS infrastructure and is not intended to be used directly from your code. The IWebSsoTokenVerifier interface exposes token verification functionality through COM to the AD FS Web Agent Authentication Service. |
Delegate | Description | |
---|---|---|
WebSsoAuthenticationEventHandler | The WebSsoAuthenticationEventHandler field supports the AD FS infrastructure and is not intended to be used directly from your code. |
Enumeration | Description | |
---|---|---|
AccountStore.AccountStoreType | Specifies the type of account store to which the AccountStore object belongs. |
|
ClaimTransformStage | Identifies the point at which a CustomClaimTransform class is called. A CustomClaimTransform class will be called twice, once before the built-in transforms are evaluated, and once after. |
|
ClaimType | The ClaimType enumeration identifies the claim type to choose. |
|
IdentityClaimType | This enumeration supports the AD FS infrastructure and is not meant to be used directly from your code. Identifies the type of identity claim that is being used. Claim configurations are based on specified attributes, such as the common name (CN) attribute, e-mail addresses, UPNs, group SIDs or custom attributes, such as titles. |
|
LSFormAction | Indicates the requested operation to an AD FS Web form. |
|
RevocationFlags | Indicates what revocation checking activities should be performed by AD FS, when configured on an X509VerificationMethod object. These flags will eventually be passed to the cryptography CertGetCertificateChain function. The RevocationFlags enumeration is part of the Federation Service’s trust policy configuration. |
|
RSTRStatus | This enumeration supports the AD FS infrastructure and is not intended for public use. An RSTRStatus enumeration is set on an RSTRResult object to indicate the result of the LsRequestSecurityToken and LsRequestSecurityTokenWithCookie methods. |
|
ShadowAccountExistance | Indicates whether shadow accounts are known to exist for users from a particular account partner. The ShadowAccountExistance enumeration is part of the Federation Service’s trust policy configuration. |
|
SingleSignOnEventLogLevel | Define the types of event logs and audit events written by AD FS components. The SingleSignOnEventLogLevel enumeration is part of the Federation Service’s trust policy configuration. It is also used in the configuration of the Federation Service proxy and claims-based web agent. |
|
TrustTypes | This enumeration supports the AD FS infrastructure and is not intended for public use. |
|
WebSsoClaimType | Identifies the type of WebSSO claim being used. |
Return to top