Share via

Saml2SecurityTokenHandler.CreateConditions Method

  • Article

[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

Creates the conditions for the assertion.

Namespace: Microsoft.IdentityModel.Tokens.Saml2
Assembly: Microsoft.IdentityModel (in Microsoft.IdentityModel.dll)

Usage

'Usage
Dim tokenLifetime As Lifetime
Dim relyingPartyAddress As String
Dim tokenDescriptor As SecurityTokenDescriptor
Dim returnValue As Saml2Conditions

returnValue = Me.CreateConditions(tokenLifetime, relyingPartyAddress, tokenDescriptor)

Syntax

'Declaration
Protected Overridable Function CreateConditions ( _
    tokenLifetime As Lifetime, _
    relyingPartyAddress As String, _
    tokenDescriptor As SecurityTokenDescriptor _
) As Saml2Conditions

protected virtual Saml2Conditions CreateConditions (
    Lifetime tokenLifetime,
    string relyingPartyAddress,
    SecurityTokenDescriptor tokenDescriptor
)

protected:
virtual Saml2Conditions^ CreateConditions (
    Lifetime^ tokenLifetime, 
    String^ relyingPartyAddress, 
    SecurityTokenDescriptor^ tokenDescriptor
)

protected Saml2Conditions CreateConditions (
    Lifetime tokenLifetime, 
    String relyingPartyAddress, 
    SecurityTokenDescriptor tokenDescriptor
)

protected function CreateConditions (
    tokenLifetime : Lifetime, 
    relyingPartyAddress : String, 
    tokenDescriptor : SecurityTokenDescriptor
) : Saml2Conditions

Parameters

  • tokenLifetime
    The lifetime of the token.
  • relyingPartyAddress
    The endpoint address for which the token is created. The address is modeled as an AudienceRestriction condition.
  • tokenDescriptor
    The token descriptor.

Return Value

A Saml2Conditions object that contains the conditions for the assertion.

Remarks

Generally, conditions should be included in assertions to limit the impact of misuse of the assertion. Specifying the NotBefore and NotOnOrAfter conditions can limit the period of vulnerability in the case of a compromised assertion. The AudienceRestrictionCondition can be used to explicitly state the intended relying party or parties of the assertion, which coupled with appropriate audience restriction enforcement at relying parties can help to mitigate spoofing attacks between relying parties.

The default implementation creates NotBefore and NotOnOrAfter conditions based on the Lifetime property of the tokenDescriptor. It will also generate an AudienceRestrictionCondition limiting consumption of the assertion to the AppliesToAddress property of the tokenDescriptor.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Target Platforms

Windows 7, Windows Server 2008 R2, Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2003 SP2 (32-bit or 64-bit)

See Also

Reference

Saml2SecurityTokenHandler Class
Saml2SecurityTokenHandler Members
Microsoft.IdentityModel.Tokens.Saml2 Namespace

Copyright © 2008 by Microsoft Corporation. All rights reserved.