This documentation is archived and is not being maintained.

UserNameSecurityTokenAuthenticator Class

Authenticates a UserNameSecurityToken security token.

Namespace:  System.IdentityModel.Selectors
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

Public MustInherit Class UserNameSecurityTokenAuthenticator _
	Inherits SecurityTokenAuthenticator
Dim instance As UserNameSecurityTokenAuthenticator

Override the UserNameSecurityTokenAuthenticator class to authenticate security tokens based on a user name and password.

The Windows Communication Foundation (WCF) ships with the following classes that provide support for authenticating UserNameSecurityToken security tokens.




Allows an application to provide a custom authentication scheme for user names and passwords. The authentication scheme is provided using a class deriving from the UserNamePasswordValidator class.


Authenticates the user name and password as a Windows account.

Most custom authentication schemes can use the use the CustomUserNameSecurityTokenAuthenticator class and implement a class that derives from the UserNamePasswordValidator class. However, if additional flexibility is needed, you can derive a class from the UserNameSecurityTokenAuthenticator class and override the ValidateUserNamePasswordCore method.

Imports System
Imports System.Collections.Generic
Imports System.Collections.ObjectModel
Imports System.Text
Imports System.IdentityModel.Claims
Imports System.IdentityModel.Policy
Imports System.IdentityModel.Selectors
Imports System.IdentityModel.Tokens
Imports System.Security.Principal
Imports System.ServiceModel.Security
Imports System.Text.RegularExpressions

Class MyTokenAuthenticator
    Inherits UserNameSecurityTokenAuthenticator

    Shared Function IsRogueDomain(ByVal domain As String) As Boolean 
        Return False 

    End Function 'IsRogueDomain

    Shared Function IsEmail(ByVal inputEmail As String) As Boolean 

        Dim strRegex As String = "^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" + "\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" + ".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$" 
        Dim re As New Regex(strRegex)
        If re.IsMatch(inputEmail) Then 
            Return True 
            Return False 
        End If 

    End Function 'IsEmail

    Function ValidateUserNameFormat(ByVal UserName As String) As Boolean 
        If Not IsEmail(UserName) Then
            Console.WriteLine("Not a valid email")
            Return False 
        End If 
        Dim emailAddress As String() = UserName.Split("@"c)
        Dim user As String = emailAddress(0)
        Dim domain As String = emailAddress(1)
        If IsRogueDomain(domain) Then 
            Return False 
        End If 
        Return True 

    End Function 

    Protected Overrides Function ValidateUserNamePasswordCore(ByVal userName As String, ByVal password As String) As ReadOnlyCollection(Of IAuthorizationPolicy)

        If Not ValidateUserNameFormat(userName) Then 
            Throw New SecurityTokenValidationException("Incorrect UserName format")
        End If 
        Dim setOfClaims As New DefaultClaimSet(ClaimSet.System, New Claim(ClaimTypes.Name, userName, Rights.PossessProperty))
        Dim identities As New List(Of IIdentity)(1)

        identities.Add(New GenericIdentity(userName))
        Dim policies As New List(Of IAuthorizationPolicy)(1)
        policies.Add(New UnconditionalPolicy(ClaimSet.System, setOfClaims, DateTime.MaxValue.ToUniversalTime(), identities))
        Return policies.AsReadOnly()

    End Function 'New 
End Class 

Class UnconditionalPolicy
    Implements IAuthorizationPolicy
    Private idValue As String = Guid.NewGuid().ToString()
    Private issuerValue As ClaimSet
    Private issuance As ClaimSet
    Private expirationTimeValue As DateTime
    Private identities As IList(Of IIdentity)
    Public Sub New(ByVal issuer As ClaimSet, ByVal issuance As ClaimSet, ByVal expirationTime As DateTime, ByVal identities As IList(Of IIdentity))

        If issuer Is Nothing Then 
            Throw New ArgumentNullException("issuer")
        End If 
        If issuance Is Nothing Then 
            Throw New ArgumentNullException("issuance")
        End If 
        Me.issuerValue = issuer
        Me.issuance = issuance
        Me.identities = identities
        Me.expirationTimeValue = expirationTime
    End Sub 
    Public ReadOnly Property Id() As String Implements IAuthorizationPolicy.Id
            Return Me.idValue
        End Get 
    End Property 
    Public ReadOnly Property Issuer() As ClaimSet Implements IAuthorizationPolicy.Issuer
            Return Me.issuerValue
        End Get 
    End Property 
    Public ReadOnly Property ExpirationTime() As DateTime
            Return Me.expirationTimeValue
        End Get 
    End Property 
    Public Function Evaluate(ByVal evalContext As evaluationContext, ByRef state As Object) As Boolean Implements IAuthorizationPolicy.Evaluate
        evalContext.AddClaimSet(Me, Me.issuance)

        If Not (Me.identities Is Nothing) Then 
            Dim value As Object = Nothing 
            Dim contextIdentities As IList(Of IIdentity)
            If Not evalContext.Properties.TryGetValue("Identities", value) Then
                contextIdentities = New List(Of IIdentity)(Me.identities.Count) '
                evalContext.Properties.Add("Identities", contextIdentities)
                contextIdentities = CType(value, IList(Of IIdentity))
            End If 
            Dim identity As IIdentity
            For Each identity In Me.identities
            Next identity
        End If

        Return True 

    End Function 
End Class

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0