RequestSecurityToken Class

.NET Framework (current version)
 

Represents the wst:RequestSecurityToken element (RST), which is used to request a security token.

Namespace:   System.IdentityModel.Protocols.WSTrust
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

System::Object
  System.IdentityModel::OpenObject
    System.IdentityModel.Protocols.WSTrust::WSTrustMessage
      System.IdentityModel.Protocols.WSTrust::RequestSecurityToken

public ref class RequestSecurityToken : WSTrustMessage

NameDescription
System_CAPS_pubmethodRequestSecurityToken()

Initializes a new instance of the RequestSecurityToken class.

System_CAPS_pubmethodRequestSecurityToken(String^)

Initializes a new instance of the RequestSecurityToken class with the specified request type.

System_CAPS_pubmethodRequestSecurityToken(String^, String^)

Initializes a new instance of the RequestSecurityToken class with the specified request type.

NameDescription
System_CAPS_pubpropertyActAs

Gets or sets the security token for the identity that the requestor is attempting to act as.

System_CAPS_pubpropertyAdditionalContext

Gets or sets the additional context information for the request.

System_CAPS_pubpropertyAllowPostdating

Gets or sets the contents of the wst:AllowPostdating element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyAppliesTo

Gets or sets the contents of the wsp:AppliesTo element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyAuthenticationType

Gets or sets the contents of the wst:AuthenticationType element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyBinaryExchange

Gets or sets the contents of the wst:BinaryExchange element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyCancelTarget

Gets or sets the token to be canceled in a WS-Trust cancel request.

System_CAPS_pubpropertyCanonicalizationAlgorithm

Gets or sets the contents of the wst:CanonicalizationAlgorithm element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyClaims

Gets the claim types requested by the client (requestor).

System_CAPS_pubpropertyComputedKeyAlgorithm

Gets a URI that represents the desired algorithm to use when computed keys are used for issued tokens.

System_CAPS_pubpropertyContext

Gets or sets the contents of the Context attribute on the RST or RSTR.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyDelegatable

Gets or sets a value that specifies if the issued token should be marked as delegatable.

System_CAPS_pubpropertyDelegateTo

Gets or sets the identity to which the issued token should be delegated.

System_CAPS_pubpropertyEncryption

Gets or sets information on the token and key to use when encrypting.

System_CAPS_pubpropertyEncryptionAlgorithm

Gets or sets the contents of the wst:EncryptionAlgorithm element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyEncryptWith

Gets or sets the contents of the wst:EncryptWith element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyEntropy

Gets or sets the contents of the wst:Entropy element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyForwardable

Gets or sets a value that specifies if the issued token should be marked forwardable.

System_CAPS_pubpropertyIssuer

Gets or sets the issuer of the wst:OnBehalfOf token.

System_CAPS_pubpropertyKeySizeInBits

Gets or sets the contents of the wst:KeySize element inside a RequestSecurityToken (RST) message.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyKeyType

Gets or sets the contents of the wst:KeyType element inside a RequestSecurityToken (RST) message.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyKeyWrapAlgorithm

Gets or sets the contents of the wst:KeyWrapAlgorithm element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyLifetime

Gets or sets the contents of the wst:Lifetime element inside a RequestSecurityToken (RST) message.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyOnBehalfOf

Gets or sets the token for the identity on behalf of which the request is being made.

System_CAPS_pubpropertyParticipants

Gets or sets the participants that are authorized to use the issued token.

System_CAPS_pubpropertyProofEncryption

Gets or sets the token to be used to encrypt the proof token.

System_CAPS_pubpropertyProperties

Get the properties bag to extend the object.(Inherited from OpenObject.)

System_CAPS_pubpropertyRenewing

Gets or sets the renew semantics for a WS-Trust renew request.

System_CAPS_pubpropertyRenewTarget

Gets or sets the token to be renewed in a WS-Trust renew request.

System_CAPS_pubpropertyReplyTo

Gets or sets the address to be used for replying to the Relying Party.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyRequestType

Gets or sets the wst:RequestType element. (Inherited from WSTrustMessage.)

System_CAPS_pubpropertySecondaryParameters

Gets or sets parameters for which the requestor is not the originator.

System_CAPS_pubpropertySignatureAlgorithm

Gets or sets the contents of the wst:SignatureAlgorithm element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertySignWith

Gets or sets the contents of the wst:SignWith element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyTokenType

Gets or sets the contents of the wst:TokenType element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyUseKey

Gets or sets the contents of the wst:UseKey element.(Inherited from WSTrustMessage.)

System_CAPS_pubpropertyValidateTarget

Gets or sets the token to be validated in a WS-Trust validate request.

NameDescription
System_CAPS_pubmethodEquals(Object^)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

The wst:RequestSecurityToken element (message) contains the parameters and properties used to request a security token from a security token service (STS). The message (or element) is abbreviated as RST. The RequestSecurityToken class contains properties that represent the elements of the RST. An RST can form a request that corresponds to any of the request bindings defined by WS-Trust; for example, the Issuance binding, the Renewal binding, the Validate binding, or the Cancel binding. Many of the properties in the RequestSecurityToken class correspond to elements that are present only in specific kinds of requests as defined by these bindings. Depending on the kind of request a particular RequestSecurityToken object represents or the parameters present in the specific request that it represents, some properties of the object may be null.

The STS returns a response to the request in a message that contains a wst:RequestSecurityTokenResponse element (RSTR). This message is represented by the RequestSecurityTokenResponse class.

For more information about the element that this class represents, see the WS-Trust specification that applies to your scenario: WS-Trust February 2005 (http://go.microsoft.com/fwlink/?LinkID=210149), WS-Trust 1.3 (http://go.microsoft.com/fwlink/?LinkID=210148), or WS-Trust 1.4 (http://go.microsoft.com/fwlink/?LinkID=210229).

The code example that is used in this topic is taken from the Custom Token sample. This sample provides custom classes that enable processing of Simple Web Tokens (SWT) and it includes an implementation of a passive STS that is capable of serving an SWT token. The STS is implemented by a class that is derived from SecurityTokenService. Many of the methods of the SecurityTokenService class that are called from its token issuance pipeline take a RequestSecurityToken object as one if their parameters. For information about this sample and other samples available for WIF and about where to download them, see WIF Code Sample Index.

The following code example shows an implementation of the SecurityTokenService::GetScope method. The method takes a RequestSecurityToken as one of its parameters and properties of this parameter are used to set properties on the Scope object that is returned by the method.

// Certificate Constants
private const string SIGNING_CERTIFICATE_NAME = "CN=localhost";
private const string ENCRYPTING_CERTIFICATE_NAME = "CN=localhost";

private SigningCredentials _signingCreds;
private EncryptingCredentials _encryptingCreds;
// Used for validating applies to address, set to URI used in RP app of application, could also have been done via config
private string _addressExpected = "http://localhost:19851/";
/// <summary>
/// This method returns the configuration for the token issuance request. The configuration
/// is represented by the Scope class. In our case, we are only capable of issuing a token to a
/// single RP identity represented by the _encryptingCreds field.
/// </summary>
/// <param name="principal">The caller's principal</param>
/// <param name="request">The incoming RST</param>
/// <returns></returns>
protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToken request)
{
    // Validate the AppliesTo address
    ValidateAppliesTo( request.AppliesTo );

    // Create the scope using the request AppliesTo address and the RP identity
    Scope scope = new Scope( request.AppliesTo.Uri.AbsoluteUri, _signingCreds );

    if (Uri.IsWellFormedUriString(request.ReplyTo, UriKind.Absolute))
    {
        if (request.AppliesTo.Uri.Host != new Uri(request.ReplyTo).Host)
            scope.ReplyToAddress = request.AppliesTo.Uri.AbsoluteUri;
        else
            scope.ReplyToAddress = request.ReplyTo;
    }
    else
    {
        Uri resultUri = null;
        if (Uri.TryCreate(request.AppliesTo.Uri, request.ReplyTo, out resultUri))
            scope.ReplyToAddress = resultUri.AbsoluteUri;
        else
            scope.ReplyToAddress = request.AppliesTo.Uri.ToString() ;
    }

    // Note: In this sample app only a single RP identity is shown, which is localhost, and the certificate of that RP is 
    // populated as _encryptingCreds
    // If you have multiple RPs for the STS you would select the certificate that is specific to 
    // the RP that requests the token and then use that for _encryptingCreds
    scope.EncryptingCredentials = _encryptingCreds;

    return scope;
}
/// <summary>
/// Validates the appliesTo and throws an exception if the appliesTo is null or appliesTo contains some unexpected address.
/// </summary>
/// <param name="appliesTo">The AppliesTo parameter in the request that came in (RST)</param>
/// <returns></returns>
void ValidateAppliesTo(EndpointReference appliesTo)
{
    if (appliesTo == null)
    {
        throw new InvalidRequestException("The appliesTo is null.");
    }

    if (!appliesTo.Uri.Equals(new Uri(_addressExpected)))
    {
        throw new InvalidRequestException(String.Format("The relying party address is not valid. Expected value is {0}, the actual value is {1}.", _addressExpected, appliesTo.Uri.AbsoluteUri));
    }
}

.NET Framework
Available since 4.5

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: