This documentation is archived and is not being maintained.

Microsoft.IdentityModel.Tokens Namespace

Windows Identity Foundation
[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

AggregateTokenResolverThis class defines a TokenResolver that can wrap multiple Token Resolvers and resolve tokens across all the wrapped token resolvers.
AsymmetricProofDescriptorThis class can be used for issuing the asymmetric key based token.
AudienceRestrictionDefines settings for a AudienceRestriction verification.
AudienceUriValidationFailedExceptionThrow this exception a received Security token failed Audience Uri validation.
AuthenticationContextThis class is used to specify the context of an authentication event.
AuthorizationPolicyDefines an AuthorizationPolicy that carries the IDFx Claims. When IDFx is enabled a new set of Security Token Authenticators are added to the system. These Authenticators will generate the new Claims defined in Microsoft.IdentityModel.Claims.
ConfigurationBasedIssuerNameRegistryImplements a name service that resolves issuer tokens to strings.
ConfigureServiceHostServiceBehaviorProvides custom service behavior to the service. It invokes the ConfigureServiceHost(ServiceHostBase) method to configure the service host.
DefaultTokenReplayCacheA default implementation of the Token replay cache that is backed by a bounded cache.
EncryptedSecurityTokenA pseudo-token which handles encryption for a token which does not natively support it.
EncryptedSecurityTokenHandlerToken handler for an encrypted SecurityToken type.
EncryptedTokenDecryptionFailedExceptionThe exception that is thrown when an error occurs while processing an encrypted security token
EndpointAuthorizationPolicyImplementation of IAuthorizationPolicy that contains endpoint specific AuthorizationPolicy.
FailedAuthenticationExceptionThrow this exception when the security token could not be authenticated or authorized.
FailedAuthenticationFaultExceptionThis class represents the FailedAuthentication fault defined by WS-Security.
FailedCheckExceptionThrow this exception when the signature or decryption was not valid.
FailedCheckFaultExceptionThis class represents the FailedCheck fault defined by WS-Security.
FederatedSecurityTokenManagerSecurityTokenManager that enables plugging custom tokens easily. The SecurityTokenManager provides methods to register custom token providers, serializers and authenticators. It can wrap another Token Managers and delegate token operation calls to it if required.
FederatedServiceCredentialsHelper class that provides mechanism to plug the FederatedSecurityTokenManager to any WCF ServiceHost application. Create an instance of this class and add this as the ServiceCredentials to your ServiceHost.
IdentityModelServiceAuthorizationManagerCustom ServiceAuthorizationManager implementation. This class substitues the WCF generated IAuthorizationPolicies with AuthorizationPolicy. These policies do not participate in the EvaluationContext and hence will render an empty WCF AuthorizationConext. Once this AuthorizationManager is substitued to a ServiceHost, only IClaimsPrincipal will be available for Authorization decisions.
InvalidSecurityExceptionThrow this exception when an error was discovered processing the <wsse:Security> header.
InvalidSecurityFaultExceptionThis class represents the InvalidSecurity fault defined by WS-Security.
InvalidSecurityTokenExceptionThrow this exception when an invalid security token was provided.
InvalidSecurityTokenFaultExceptionThis class represents the InvalidSecurityToken fault defined by WS-Security.
IssuerNameRegistryThe abstract base class that represents a name service that returns the issuer name of a specified token.
IssuerTokenResolverResolves issuer tokens received from service partners.
KerberosSecurityTokenHandlerSecurityTokenHandler for KerberosReceiverSecurityToken.
MembershipUserNameSecurityTokenHandlerUserNameSecurityTokenHandler that validates the UsernameSecurityToken using a given MembershipProvider.
MessageExpiredExceptionThrow this exception when the message has expired.
MessageExpiredFaultExceptionThis class represents the MessageExpired fault defined by WS-Security.
ProofDescriptorBase class for SymmetricProofDescriptor and AsymmetricProofDescriptor
RsaSecurityTokenHandlerSecurityTokenHandler for RsaSecurityTokens.
SamlSecurityTokenRequirementExtends SecurityTokenRequirement by adding new properties which are useful for issued tokens.
SecurityKeyElementProvides delayed resolution of security keys by resolving the SecurityKeyIdentifierClause or SecurityKeyIdentifier only when cryptographic functions are needed. This allows a key clause or identifier that is never used by an application to be serialized and deserialzied on and off the wire without issue.
SecurityKeyIdentifierClauseSerializerAbstract class for SecurityKeyIdentifierClause Serializer.
SecurityTokenCacheDefines a simple abstract interface to a cache of security tokens.
SecurityTokenCacheKeyWhen caching an SCT there are two indexes required. One is the ContextId that is unique across all SCT and the next is KeyGeneration which is unique within an SCT. When an SCT is issued it has only a ContextId. When the SCT is renewed the KeyGeneration is added as an second index to the SCT. Now the renewed SCT is uniquely identifiable via the ContextId and KeyGeneration. The class SecurityTokenCacheKey is used as the index to the SCT cache. This index will always have a valid ContextId specified but the KeyGeneration may be null. There is also an optional EndpointId which gives the endpoint to which the token is scoped.
SecurityTokenDescriptorThis is a place holder for all the attributes related to the issued token
SecurityTokenElementThis class represents a number elements found in a RequestSecurityToken which represent security tokens.
SecurityTokenExpiredExceptionThrow this exception when a received Security Token has expiration time in the past.
SecurityTokenHandlerDefines the interface for a Custom Security Token Handler.
SecurityTokenHandlerCollectionDefines a collection of SecurityTokenHandlers.
SecurityTokenHandlerCollectionManagerA class which manages multiple named SecurityTokenHandlerCollection.
UsageDefines standard collection names used by the framework.
SecurityTokenHandlerConfigurationConfiguration common to all SecurityTokenHandlers.
SecurityTokenNotYetValidExceptionThrow this exception when a received Security token has an effective time in the future.
SecurityTokenReplayDetectedExceptionThrow this exception when a received Security Token has been replayed.
SecurityTokenSerializerAdapterThis class derives from System.ServiceModel.Security.WSSecurityTokenSerializer and wraps a collection of SecurityTokenHandlers. Any call to this serilaizer is delegated to the token handler and delegated to the base class if no token handler is registered to handle this particular token or KeyIdentifier.
SecurityTokenTypesDefines the Security Token Type URI constants.
SecurityTokenUnavailableExceptionThrow this exception when reference security token could not be retrieved.
SecurityTokenUnavailableFaultExceptionThis class represents the SecurityTokenUnavailable fault defined by WS-Security.
SessionSecurityTokenDefines a SessionSecurityToken that contains data associated with a session.
SessionSecurityTokenCookieSerializerImplements serialization and deserialization of a given SessionSecurityToken into a self-contained cookie.
SessionSecurityTokenHandlerA SecurityTokenHandler that processes SessionSecurityToken.
SymmetricProofDescriptorThis class can be used for issuing the symmetric key based token
TokenReplayCacheThis class defines the API for a cache that stores tokens for and purges them on a schedule time interval.
UnsupportedAlgorithmExceptionThrow this exception when an unsupported signature or encryption algorithm was used.
UnsupportedAlgorithmFaultExceptionThis class represents the UnsupportedAlgorithm fault defined by WS-Security.
UnsupportedSecurityTokenExceptionThrow this exception when an unsupported token was provided.
UnsupportedSecurityTokenFaultExceptionThis class represents the UnsupportedSecurityToken fault defined by WS-Security.
UserNameSecurityTokenHandlerDefines a SecurityTokenHandler for Username Password Tokens.
WindowsUserNameSecurityTokenHandlerThe token handler will validated the Windows Username token.
X509CertificateStoreTokenResolverToken Resolver that can resolve X509SecurityTokens against a given X.509 Certificate Store.
X509DataSecurityKeyIdentifierClauseSerializerImplementation of SecurityKeyIdentifierClauseSerializer that handles X.509 Certificate reference types.
X509NTAuthChainTrustValidatorX509CeritificateValidator that will validate a given certificate, and verify if the certificate can be mapped to a Windows account and if the certificate chain is trusted.
X509SecurityTokenHandlerSecurityTokenHandler for X509SecurityToken. By default, the handler will do chain-trust validation of the Certificate.

OutboundClaimsFilterActor that returns true if a claim should be filtered.

Copyright © 2008 by Microsoft Corporation. All rights reserved.