Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

SecurityTokenProvider Class

Represents a security token provider that handles security tokens for a SOAP message sender.

Namespace:  System.IdentityModel.Selectors
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

public abstract class SecurityTokenProvider

The SecurityTokenProvider type exposes the following members.

Protected methodSecurityTokenProviderInitializes a new instance of the SecurityTokenProvider class.

Public propertySupportsTokenCancellationGets a value that indicates whether the security token can be cancelled.
Public propertySupportsTokenRenewalGets a value that indicates whether the security token is renewable.

Public methodBeginCancelTokenBegins an asynchronous operation to cancel a security token.
Protected methodBeginCancelTokenCoreBegins an asynchronous operation to cancel a security token.
Public methodBeginGetTokenBegins an asynchronous operation to get a security token.
Protected methodBeginGetTokenCoreBegins an asynchronous operation to get a security token.
Public methodBeginRenewTokenBegins an asynchronous operation that renews a security token.
Protected methodBeginRenewTokenCoreBegins an asynchronous operation that renews a security token.
Public methodCancelTokenCancels a security token.
Protected methodCancelTokenCoreCancels a security token.
Public methodEndCancelTokenCompletes an asynchronous operation to cancel a security token.
Protected methodEndCancelTokenCoreCompletes an asynchronous operation to cancel a security token.
Public methodEndGetTokenCompletes an asynchronous operation to get a security token.
Protected methodEndGetTokenCoreCompletes an asynchronous operation to get a security token.
Public methodEndRenewTokenCompletes an asynchronous operation to renew a security token.
Protected methodEndRenewTokenCoreCompletes an asynchronous operation to renew the security token.
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTokenGets a security token.
Protected methodGetTokenCoreGets a security token.
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodRenewTokenRenews a security token.
Protected methodRenewTokenCoreRenews a security token.
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)

Use the SecurityTokenProvider class when custom security tokens are required. The role of a security token provider is to get a security token when a SOAP message is sent by a client and a security token is used to authenticate the client or to protect the SOAP message. Specifically, the GetToken method is called to get a security token. The security token provider can also be called to cancel and renew a security using the CancelToken and RenewToken methods.

Classes that derive from the SecurityTokenManager class implement the CreateSecurityTokenProvider method to determine which security token provider is required for a given security token.

The ClientCredentialsSecurityTokenManager and ServiceCredentialsSecurityTokenManager classes provide the default implementations for built-in security token types. For custom security token scenarios, you must derive a class from one of the SecurityTokenManager, ClientCredentialsSecurityTokenManager, or ServiceCredentialsSecurityTokenManager classes and provide the functionality to create the security token provider, security token authenticator, and security token serializer for the custom security token. For more information about creating a custom token, see How to: Create a Custom Token.

using System;

using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;

using System.IO;

using System.ServiceModel.Security;

using System.Xml;

namespace Microsoft.ServiceModel.Samples
    /// <summary> 
    /// class that derives from SecurityTokenProvider and returns a SecurityToken representing a SAML assertion 
    /// </summary> 
    public class SamlSecurityTokenProvider : SecurityTokenProvider
        /// <summary> 
        /// The SAML assertion that the SamlSecurityTokenProvider will return as a SecurityToken 
        /// </summary>
        SamlAssertion assertion;

        /// <summary> 
        /// The proof token associated with the SAML assertion 
        /// </summary>
        SecurityToken proofToken;

        /// <summary> 
        /// Constructor 
        /// </summary> 
        /// <param name="assertion">The SAML assertion that the SamlSecurityTokenProvider will return as a SecurityToken</param>
        /// <param name="proofToken">The proof token associated with the SAML assertion</param>
        public SamlSecurityTokenProvider(SamlAssertion assertion, SecurityToken proofToken )
            this.assertion = assertion;
            this.proofToken = proofToken;

        /// <summary> 
        /// Creates the security token 
        /// </summary> 
        /// <param name="timeout">Maximum amount of time the method is supposed to take. Ignored in this implementation.</param>
        /// <returns>A SecurityToken corresponding the SAML assertion and proof key specified at construction time</returns> 
        protected override SecurityToken GetTokenCore(TimeSpan timeout)
            // Create a SamlSecurityToken from the provided assertion
            SamlSecurityToken samlToken = new SamlSecurityToken(assertion);

            // Create a SecurityTokenSerializer that will be used to serialize the SamlSecurityToken
            WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer();

            // Create a memory stream to write the serialized token into 
            // Use an initial size of 64Kb
            MemoryStream s = new MemoryStream(UInt16.MaxValue);

            // Create an XmlWriter over the stream
            XmlWriter xw = XmlWriter.Create(s);

            // Write the SamlSecurityToken into the stream
            ser.WriteToken(xw, samlToken);

            // Seek back to the beginning of the stream
            s.Seek(0, SeekOrigin.Begin);

            // Load the serialized token into a DOM
            XmlDocument dom = new XmlDocument();

            // Create a KeyIdentifierClause for the SamlSecurityToken
            SamlAssertionKeyIdentifierClause samlKeyIdentifierClause = samlToken.CreateKeyIdentifierClause<SamlAssertionKeyIdentifierClause>();

            // Return a GenericXmlToken from the XML for the SamlSecurityToken, the proof token, the valid from  
            // and valid until times from the assertion and the key identifier clause created above             
            return new GenericXmlSecurityToken(dom.DocumentElement, proofToken, assertion.Conditions.NotBefore, assertion.Conditions.NotOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, null);

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
© 2015 Microsoft