KerberosRequestorSecurityToken Constructor (String, TokenImpersonationLevel, NetworkCredential, String)


Initializes a new instance of the KerberosRequestorSecurityToken class.

Namespace:   System.IdentityModel.Tokens
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

public KerberosRequestorSecurityToken(
	string servicePrincipalName,
	TokenImpersonationLevel tokenImpersonationLevel,
	NetworkCredential networkCredential,
	string id


Type: System.String

The service principal name for the KerberosRequestorSecurityToken security token. Sets the ServicePrincipalName property.

Type: System.Security.Principal.TokenImpersonationLevel

One of the TokenImpersonationLevel values that specifies how the client allows the KerberosRequestorSecurityToken security token to be impersonated.

Type: System.Net.NetworkCredential

A NetworkCredential that specifies the user to get a KerberosRequestorSecurityToken security token for.

Type: System.String

A unique identifier of the security token. Sets the value of the Id property.

Exception Condition

servicePrincipalName is null.


id is null.


networkCredential is not null, not equal to DefaultNetworkCredentials and the UserName property is empty or null.


A Kerberos ticket cannot be obtained for the specified user.


tokenImpersonationLevel is not Impersonation or Identity.

The service principal name must be in one of the following formats: host/<hostname>@<domain> or <hostname>, where hostname is the name of the computer hosting the target Web service and domain is the fully-qualified domain name of the Kerberos realm in which the host computer resides. The service principal name is associated with an account that is running the service and this mapping is stored in the Kerberos Domain Controller (KDC).

When null is passed into the networkCredential parameter, a KerberosRequestorSecurityToken security token is obtained for the current user.

.NET Framework
Available since 3.0
Return to top