SecurityTokenHandler.ReadToken Method (XmlReader, SecurityTokenResolver)
When overridden in a derived class, deserializes the XML referenced by the specified XML reader to a token of the type processed by the derived class by using the specified token resolver.
Assembly: System.IdentityModel (in System.IdentityModel.dll)
public virtual SecurityToken ReadToken( XmlReader reader, SecurityTokenResolver tokenResolver )
An XML reader positioned at the start element of the token.
A token resolver that contains out-of-band and cached tokens.
Return ValueType: System.IdentityModel.Tokens.SecurityToken
The security token that was deserialized from the XML.
Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Untrusted Data Security Risks.
The default implementation ignores the tokenResolver parameter and delegates the call to the SecurityTokenHandler.ReadToken method.
Override this method to provide the logic to deserialize a security token from XML. If you override this method, you should also override the SecurityTokenHandler.CanReadToken method. Typically, in derived classes, if the method cannot deserialize the token from the referenced XML, it throws an XmlException.
Available since 4.5