UserNameSecurityTokenAuthenticator Class


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Authenticates a UserNameSecurityToken security token.

Namespace:   System.IdentityModel.Selectors
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

public abstract class UserNameSecurityTokenAuthenticator : SecurityTokenAuthenticator


Initializes a new instance of the UserNameSecurityTokenAuthenticator class.


Gets a value indicating whether the specified security token can be validated by this security token authenticator. (Inherited from SecurityTokenAuthenticator.)


Gets a value indicating whether the specified security token can be validated by this security token authenticator.(Overrides SecurityTokenAuthenticator.CanValidateTokenCore(SecurityToken).)


Determines whether the specified object is equal to the current object.(Inherited from Object.)


Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)


Serves as the default hash function. (Inherited from Object.)


Gets the Type of the current instance.(Inherited from Object.)


Creates a shallow copy of the current Object.(Inherited from Object.)


Returns a string that represents the current object.(Inherited from Object.)


Authenticates the specified security token and returns the set of authorization policies for the security token. (Inherited from SecurityTokenAuthenticator.)


Authenticates the specified security token and returns the set of authorization policies for the security token.(Overrides SecurityTokenAuthenticator.ValidateTokenCore(SecurityToken).)

System_CAPS_protmethodValidateUserNamePasswordCore(String, String)

When overridden in a derived class, authenticates the specified user name and password and returns the set of authorization policies for UserNameSecurityToken security tokens.

Override the UserNameSecurityTokenAuthenticator class to authenticate security tokens based on a user name and password.

The Windows Communication Foundation (WCF) ships with the following classes that provide support for authenticating UserNameSecurityToken security tokens.




Allows an application to provide a custom authentication scheme for user names and passwords. The authentication scheme is provided using a class deriving from the UserNamePasswordValidator class.


Authenticates the user name and password as a Windows account.

Most custom authentication schemes can use the use the CustomUserNameSecurityTokenAuthenticator class and implement a class that derives from the UserNamePasswordValidator class. However, if additional flexibility is needed, you can derive a class from the UserNameSecurityTokenAuthenticator class and override the ValidateUserNamePasswordCore method.

using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Text;
using System.IdentityModel.Claims;
using System.IdentityModel.Policy;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.Security.Principal;
using System.ServiceModel.Security;
using System.Text.RegularExpressions;

namespace Microsoft.ServiceModel.Samples
    class MyTokenAuthenticator : UserNameSecurityTokenAuthenticator
        static bool IsRogueDomain(string domain)
            return false;
        static bool IsEmail(string inputEmail)

            string strRegex = @"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" +
                  @"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" +
            Regex re = new Regex(strRegex);
            if (re.IsMatch(inputEmail))
                return (true);
                return (false);

        bool ValidateUserNameFormat(string UserName)
            if (!IsEmail(UserName))
                Console.WriteLine("Not a valid email");
                return false;
            string[] emailAddress = UserName.Split('@');
            string user = emailAddress[0];
            string domain = emailAddress[1];
            if (IsRogueDomain(domain))
                return false;
            return true;   
        protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateUserNamePasswordCore(string userName, string password)
            if (!ValidateUserNameFormat(userName))
                throw new SecurityTokenValidationException("Incorrect UserName format");

            ClaimSet claimSet = new DefaultClaimSet(ClaimSet.System, new Claim(ClaimTypes.Name, userName, Rights.PossessProperty));
            List<IIdentity> identities = new List<IIdentity>(1);
            identities.Add(new GenericIdentity(userName));
            List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
            policies.Add(new UnconditionalPolicy(ClaimSet.System, claimSet, DateTime.MaxValue.ToUniversalTime(), identities));
            return policies.AsReadOnly();

    class UnconditionalPolicy : IAuthorizationPolicy
        String id = Guid.NewGuid().ToString();
        ClaimSet issuer;
        ClaimSet issuance;
        DateTime expirationTime;
        IList<IIdentity> identities;

        public UnconditionalPolicy(ClaimSet issuer, ClaimSet issuance, DateTime expirationTime, IList<IIdentity> identities)
            if (issuer == null)
                throw new ArgumentNullException("issuer");
            if (issuance == null)
                throw new ArgumentNullException("issuance");

            this.issuer = issuer;
            this.issuance = issuance;
            this.identities = identities;
            this.expirationTime = expirationTime;

        public string Id
            get { return; }

        public ClaimSet Issuer
            get { return this.issuer; }

        public DateTime ExpirationTime
            get { return this.expirationTime; }

        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
            evaluationContext.AddClaimSet(this, this.issuance);

            if (this.identities != null)
                object value;
                IList<IIdentity> contextIdentities;
                if (!evaluationContext.Properties.TryGetValue("Identities", out value))
                    contextIdentities = new List<IIdentity>(this.identities.Count);
                    evaluationContext.Properties.Add("Identities", contextIdentities);
                    contextIdentities = value as IList<IIdentity>;
                foreach (IIdentity identity in this.identities)

            return true;

.NET Framework
Available since 3.0

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top