SecurityTokenHandler.ReadToken Method (XmlReader, SecurityTokenResolver)

.NET Framework (current version)

When overridden in a derived class, deserializes the XML referenced by the specified XML reader to a token of the type processed by the derived class by using the specified token resolver.

Namespace:   System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

public virtual SecurityToken ReadToken(
	XmlReader reader,
	SecurityTokenResolver tokenResolver


Type: System.Xml.XmlReader

An XML reader positioned at the start element of the token.

Type: System.IdentityModel.Selectors.SecurityTokenResolver

A token resolver that contains out-of-band and cached tokens.

Return Value

Type: System.IdentityModel.Tokens.SecurityToken

The security token that was deserialized from the XML.

System_CAPS_security Security Note

Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Untrusted Data Security Risks.

The default implementation ignores the tokenResolver parameter and delegates the call to the SecurityTokenHandler.ReadToken method.

Override this method to provide the logic to deserialize a security token from XML. If you override this method, you should also override the SecurityTokenHandler.CanReadToken method. Typically, in derived classes, if the method cannot deserialize the token from the referenced XML, it throws an XmlException.

.NET Framework
Available since 4.5
Return to top