Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Specifies the set of URIs that are acceptable identifiers of the relying party (RP). Tokens will not be accepted unless they are scoped for one of the allowed audience URIs.
<configuration>
  <system.identityModel>
    <identityConfiguration>
      <securityTokenHandlers>
        <securityTokenHandlerConfiguration>
          <audienceUris>
Syntax
<system.identityModel>  
  <identityConfiguration>  
    <securityTokenHandlers>  
      <securityTokenHandlerConfiguration>  
        <audienceUris mode=xs:string>  
          <add value=xs:string />  
          <clear />  
          <remove value=xs:string />  
        </audienceUris>  
      </securityTokenHandlerConfiguration>  
    </securityTokenHandlers>  
  </identityConfiguration>  
</system.identityModel>  
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
| Attribute | Description | 
|---|---|
| mode | An AudienceUriMode value that specifies whether the audience restriction should be applied to an incoming token. The possible values are "Always", "Never", and "BearerKeyOnly". The default is "Always". Optional. | 
Child Elements
| Element | Description | 
|---|---|
| <add value=xs:string> | Adds the URI specified by the valueattribute to the audienceUris collection. Thevalueattribute is required. The URI is case-sensitive. | 
| <clear> | Clears the audienceUris collection. All identifiers are removed from the collection. | 
| <remove value=xs:string> | Removes the URI specified by the valueattribute from the audienceUris collection. Thevalueattribute is required. The URI is case-sensitive. | 
Parent Elements
| Element | Description | 
|---|---|
| <securityTokenHandlerConfiguration> | Provides configuration for a collection of security token handlers. | 
Remarks
By default, the collection is empty; use <add>, <clear>, and <remove> elements to modify the collection. SamlSecurityTokenHandler and Saml2SecurityTokenHandler objects use the values in the audience URI collection to configure any allowed audience URI restrictions in SamlSecurityTokenRequirement objects.
The <audienceUris> element is represented by the AudienceUriElementCollection class. An individual URI added to the collection is represented by the AudienceUriElement class.
Note
The use of the <audienceUris> element as a child element of the <identityConfiguration> element has been deprecated, but is still supported for backward compatibility. Settings on the <securityTokenHandlerConfiguration> element override those on the <identityConfiguration> element.
Example
The following XML shows how to configure the acceptable audience URIs for an application. This example configures a single URI. Tokens scoped for this URI will be accepted, all others will be rejected.
<audienceUris>  
  <add value="http://localhost:19851/"/>  
</audienceUris>