# Application Identity Provider `IApplicationIdentityProviderService` in assembly SanteDB.Core.Api version 3.0.1980.0 ## Summary Represents a service which retrieves [IApplicationIdentity](http://santesuite.org/assets/doc/net/html/T_SanteDB_Core_Security_Principal_IApplicationIdentity.htm) and can authenticate to an [IPrincipal](https://docs.microsoft.com/en-us/dotnet/api/system.security.principal.iprincipal) for applications. ### Description In SanteDB, a security session is comprised of up to three security identities/principals: * (Optional) User identity representing the human using the application * (Optional) Device identity representing the device running the application, and * An [IApplicationIdentity](http://santesuite.org/assets/doc/net/html/T_SanteDB_Core_Security_Principal_IApplicationIdentity.htm) representing the application This service is what is used to authenticate the application identity from a central credential store of registered applications. See: [SanteDB authentication architecture](https://help.santesuite.org/santedb/security-architecture#principals-and-identities) ## Events | Event | Type | Description | | -------------- | -------------------------------------- | ---------------------------------------------------- | | Authenticated | EventHandler\ | Fired after an authentication request has been made. | | Authenticating | EventHandler\ | Fired prior to an authentication request being made. | ## Operations | Operation | Response/Return | Input/Parameter | Description | | -------------- | -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | | Authenticate | IPrincipal |

String applicationName
String applicationSecret

| Authenticate the application identity. | | Authenticate | IPrincipal |

String applicationName
IPrincipal authenticationContext

| Authenticate the application identity. | | CreateIdentity | IApplicationIdentity |

String applicationName
String password
IPrincipal principal
Nullable\ withSid

| Create a basic identity in the provider | | GetIdentity | IApplicationIdentity | *String* **applicationName** | Gets the specified identity for an application. | | GetIdentity | IApplicationIdentity | *Guid* **sid** | Gets the specified identity for an application. | | GetSid | Guid | *String* **name** | Gets the SID for the specified identity | | SetLockout | void |

String applicationName
Boolean lockoutState
IPrincipal principal

| Set the lockout status | | ChangeSecret | void |

String applicationName
String secret
IPrincipal principal

| Change the specified application identity's secret | | AddClaim | void |

String applicationName
IClaim claim
IPrincipal principal
Nullable\ expiry

| Add a to | | GetClaims | IEnumerable\ | *String* **applicationName** | Get all active claims for the specified application | | RemoveClaim | void |

String applicationName
String claimType
IPrincipal principal

| Removes a claim from the specified device account | ## Implementations ### BridgedApplicationIdentityProvider - (SanteDB.Client) Application identity provider service that bridges between local and upstream #### Service Registration ```markup ...
... ... ``` ### UpstreamApplicationIdentityProvider - (SanteDB.Client) Represents an implementation of a [IApplicationIdentityProviderService](http://santesuite.org/assets/doc/net/html/T_SanteDB_Core_Security_Services_IApplicationIdentityProviderService.htm) which uses OAUTH #### Service Registration ```markup ...
... ... ``` ### AdoApplicationIdentityProvider - (SanteDB.Persistence.Data) Application identity provider that uses the database to authenticate applications #### Service Registration ```markup ...
... ... ``` ## Example Implementation ```csharp /// Example Implementation using SanteDB.Core.Security.Services; /// Other usings here public class MyApplicationIdentityProviderService : SanteDB.Core.Security.Services.IApplicationIdentityProviderService { public String ServiceName => "My own IApplicationIdentityProviderService service"; /// /// Fired after an authentication request has been made. /// public event EventHandler Authenticated; /// /// Fired prior to an authentication request being made. /// public event EventHandler Authenticating; /// /// Authenticate the application identity. /// public IPrincipal Authenticate(String applicationName,String applicationSecret){ throw new System.NotImplementedException(); } /// /// Authenticate the application identity. /// public IPrincipal Authenticate(String applicationName,IPrincipal authenticationContext){ throw new System.NotImplementedException(); } /// /// Create a basic identity in the provider /// public IApplicationIdentity CreateIdentity(String applicationName,String password,IPrincipal principal,Nullable withSid){ throw new System.NotImplementedException(); } /// /// Gets the specified identity for an application. /// public IApplicationIdentity GetIdentity(String applicationName){ throw new System.NotImplementedException(); } /// /// Gets the specified identity for an application. /// public IApplicationIdentity GetIdentity(Guid sid){ throw new System.NotImplementedException(); } /// /// Gets the SID for the specified identity /// public Guid GetSid(String name){ throw new System.NotImplementedException(); } /// /// Set the lockout status /// public void SetLockout(String applicationName,Boolean lockoutState,IPrincipal principal){ throw new System.NotImplementedException(); } /// /// Change the specified application identity's secret /// public void ChangeSecret(String applicationName,String secret,IPrincipal principal){ throw new System.NotImplementedException(); } /// /// Add a to /// public void AddClaim(String applicationName,IClaim claim,IPrincipal principal,Nullable expiry){ throw new System.NotImplementedException(); } /// /// Get all active claims for the specified application /// public IEnumerable GetClaims(String applicationName){ throw new System.NotImplementedException(); } /// /// Removes a claim from the specified device account /// public void RemoveClaim(String applicationName,String claimType,IPrincipal principal){ throw new System.NotImplementedException(); } } ``` ## References * [IApplicationIdentityProviderService C# Documentation](http://santesuite.org/assets/doc/net/html/T_SanteDB_Core_Security_Services_IApplicationIdentityProviderService.htm) * [BridgedApplicationIdentityProvider C# Documentation](http://santesuite.org/assets/doc/net/html/T_SanteDB_Client_Upstream_Security_BridgedApplicationIdentityProvider.htm) * [UpstreamApplicationIdentityProvider C# Documentation](http://santesuite.org/assets/doc/net/html/T_SanteDB_Client_Upstream_Security_UpstreamApplicationIdentityProvider.htm) * [AdoApplicationIdentityProvider C# Documentation](http://santesuite.org/assets/doc/net/html/T_SanteDB_Persistence_Data_Services_AdoApplicationIdentityProvider.htm) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.santesuite.org/developers/server-plugins/implementing-.net-features/service-definitions/application-identity-provider.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.