SecurityTokenHandler.ReadToken Method (XmlReader, SecurityTokenResolver)

.NET Framework 4.5

When overridden in a derived class, deserializes the XML referenced by the specified XML reader to a token of the type processed by the derived class by using the specified token resolver.

Namespace:  System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

public virtual SecurityToken ReadToken(
	XmlReader reader,
	SecurityTokenResolver tokenResolver


Type: System.Xml.XmlReader

An XML reader positioned at the start element of the token.

Type: System.IdentityModel.Selectors.SecurityTokenResolver

A token resolver that contains out-of-band and cached tokens.

Return Value

Type: System.IdentityModel.Tokens.SecurityToken
The security token that was deserialized from the XML.

Security noteSecurity Note

Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Untrusted Data Security Risks.

The default implementation ignores the tokenResolver parameter and delegates the call to the SecurityTokenHandler.ReadToken method.

Override this method to provide the logic to deserialize a security token from XML. If you override this method, you should also override the SecurityTokenHandler.CanReadToken method. Typically, in derived classes, if the method cannot deserialize the token from the referenced XML, it throws an XmlException.

.NET Framework

Supported in: 4.6, 4.5

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft