System.IdentityModel.Tokens
TOC
Collapse the table of content
Expand the table of content

System.IdentityModel.Tokens Namespace

 

The System.IdentityModel.Tokens namespace contains classes that represent security tokens, security token handlers, key identifier clauses and other artifacts used in token generation and processing. The namespace contains base classes such as SecurityToken, SecurityTokenHandler, and SecurityKeyIdentifierClause, as well as classes that derive from these classes and represent several of the token types, artifacts, and handlers for which the Windows Identity Foundation (WIF) has built in support. This includes classes that contain support for SAML v1.1 and v2.0 tokens, such as: SamlSecurityToken, SamlSecurityTokenHandler, Saml2SecurityToken, and Saml2SecurityTokenHandler.

ClassDescription
System_CAPS_pubclassAggregateTokenResolver

Represents a security token resolver that can wrap multiple token resolvers and resolve tokens across all of the wrapped resolvers.

System_CAPS_pubclassAsymmetricProofDescriptor

This class can be used for issuing the asymmetric key based token.

System_CAPS_pubclassAsymmetricSecurityKey

Base class for asymmetric keys.

System_CAPS_pubclassAudienceRestriction

Defines settings for an AudienceRestriction verification.

System_CAPS_pubclassAudienceUriValidationFailedException

The exception that is thrown when an incoming security token fails Audience URI validation.

System_CAPS_pubclassAuthenticationContext

This class is used to specify the context of an authentication event.

System_CAPS_pubclassAuthenticationMethods

Defines constants for supported well-known authentication methods. Defines constants for SAML authentication methods.

System_CAPS_pubclassBinaryKeyIdentifierClause

Represents a base class for key identifier clauses that are based upon binary data.

System_CAPS_pubclassBootstrapContext

Contains a serialized version of the original token that was used at sign-in time.

System_CAPS_pubclassComputedKeyAlgorithms

Used in the RST to indicate the desired algorithm with which to compute a key based on the combined entropies from both the token requestor and the token issuer.

System_CAPS_pubclassConfigurationBasedIssuerNameRegistry

Represents an issuer name registry that maintains a list of trusted issuers loaded from elements in the application configuration file that associate each issuer name to the X.509 certificate that is needed to verify the signature of tokens produced by the issuer.

System_CAPS_pubclassEmptySecurityKeyIdentifierClause

Represents an empty key identifier clause. This class is used when an <EncryptedData> or a <Signature> element does not contain a <KeyInfo> element, which is used to describe the key required to decrypt the data or check the signature.

System_CAPS_pubclassEncryptedKeyEncryptingCredentials

Represents the encrypted key encrypting credentials. These are usually used as data encrypting credentials to encrypt things like tokens.

System_CAPS_pubclassEncryptedKeyIdentifierClause

Represents a key identifier clause that identifies an encrypted key.

System_CAPS_pubclassEncryptedSecurityToken

A wrapping-token that handles encryption for a token that does not natively support it.

System_CAPS_pubclassEncryptedSecurityTokenHandler

A token handler for encrypted security tokens. Handles tokens of type EncryptedSecurityToken.

System_CAPS_pubclassEncryptedTokenDecryptionFailedException

The exception that is thrown when an error occurs while processing an encrypted security token.

System_CAPS_pubclassEncryptingCredentials

Represents the cryptographic key and encrypting algorithm that are used to encrypt the proof key.

System_CAPS_pubclassGenericXmlSecurityKeyIdentifierClause

Represents a key identifier clause that is based on XML.

System_CAPS_pubclassGenericXmlSecurityToken

Represents a security token that is based upon XML.

System_CAPS_pubclassInMemorySymmetricSecurityKey

Represents keys that are generated using symmetric algorithms and are only stored in the local computer's random access memory.

System_CAPS_pubclassIssuerNameRegistry

The abstract base class for an issuer name registry. An issuer name registry is used to associate a mnemonic name to the cryptographic material that is needed to verify the signatures of tokens produced by the corresponding issuer. The issuer name registry maintains a list of issuers that are trusted by a relying party (RP) application.

System_CAPS_pubclassIssuerTokenResolver

Resolves issuer tokens received from service partners.

System_CAPS_pubclassKerberosReceiverSecurityToken

Represents a security token that is based upon a Kerberos ticket that is received in a SOAP message.

System_CAPS_pubclassKerberosRequestorSecurityToken

Represents a security token that is based upon a Kerberos ticket that is sent in an SOAP request.

System_CAPS_pubclassKerberosSecurityTokenHandler

Represents a security token handler that processes Kerberos tokens. Handles tokens of type KerberosReceiverSecurityToken.

System_CAPS_pubclassKerberosTicketHashKeyIdentifierClause

Represents a key identifier clause that identifies a KerberosRequestorSecurityToken or KerberosReceiverSecurityToken security token.

System_CAPS_pubclassLocalIdKeyIdentifierClause

Represents a key identifier clause that identifies a security tokens specified in the security header of the SOAP message.

System_CAPS_pubclassProofDescriptor

The base class for the SymmetricProofDescriptor and AsymmetricProofDescriptor classes.

System_CAPS_pubclassRsaKeyIdentifierClause

Represents a key identifier clause that identifies a RsaSecurityToken security token.

System_CAPS_pubclassRsaSecurityKey

Represents a security key that is generated using the RSA algorithm. This class cannot be inherited.

System_CAPS_pubclassRsaSecurityToken

Represents a security token that is based upon key that is created using the RSA algorithm.

System_CAPS_pubclassRsaSecurityTokenHandler

Represents a SecurityTokenHandler that processes tokens of type RsaSecurityToken.

System_CAPS_pubclassSaml2Action

Represents a <saml:Action> element defined by SAML 2.0.

System_CAPS_pubclassSaml2Advice

Represents the Advice element specified in [Saml2Core, 2.6.1].

System_CAPS_pubclassSaml2Assertion

Represents the Assertion element specified in [Saml2Core, 2.3.3].

System_CAPS_pubclassSaml2AssertionKeyIdentifierClause

Represents a SecurityKeyIdentifierClause implementation for referencing SAML2-based security tokens.

System_CAPS_pubclassSaml2Attribute

Represents the Attribute element specified in [Saml2Core, 2.7.3.1].

System_CAPS_pubclassSaml2AttributeStatement

Represents the AttributeStatement element specified in [Saml2Core, 2.7.3].

System_CAPS_pubclassSaml2AudienceRestriction

Represents the AudienceRestriction element specified in [Saml2Core, 2.5.1.4].

System_CAPS_pubclassSaml2AuthenticationContext

Represents the AuthnContext element specified in [Saml2Core, 2.7.2.2].

System_CAPS_pubclassSaml2AuthenticationStatement

Represents the AuthnStatement element specified in [Saml2Core, 2.7.2].

System_CAPS_pubclassSaml2AuthorizationDecisionStatement

Represents the <saml:AuthzDecisionStatement> element defined by SAML 2.0.

System_CAPS_pubclassSaml2Conditions

Represents the Conditions element specified in [Saml2Core, 2.5.1].

System_CAPS_pubclassSaml2Evidence

Represents the Evidence element specified in [Saml2Core, 2.7.4.3].

System_CAPS_pubclassSaml2Id

Represents the identifier used for SAML assertions.

System_CAPS_pubclassSaml2NameIdentifier

Represents the NameID element as specified in [Saml2Core, 2.2.3] or the EncryptedID element as specified in [Saml2Core, 2.2.4].

System_CAPS_pubclassSaml2ProxyRestriction

Represents the ProxyRestriction element specified in [Saml2Core, 2.5.1.6].

System_CAPS_pubclassSaml2SecurityKeyIdentifierClause

This class is used when a Saml2Assertion is received without a <ds:KeyInfo> element inside the signature element. The KeyInfo describes the key required to check the signature. When the key is needed this clause will be presented to the current SecurityTokenResolver. It will contain the Saml2Assertion fully read which can be queried to determine the key required.

System_CAPS_pubclassSaml2SecurityToken

Represents a security token that is based upon a SAML assertion.

System_CAPS_pubclassSaml2SecurityTokenHandler

Represents a security token handler that creates security tokens from SAML 2.0 Assertions.

System_CAPS_pubclassSaml2Statement

Represents the StatementAbstractType specified in [Saml2Core, 2.7.1].

System_CAPS_pubclassSaml2Subject

Represents the Subject element specified in [Saml2Core, 2.4.1].

System_CAPS_pubclassSaml2SubjectConfirmation

Represents the SubjectConfirmation element specified in [Saml2Core, 2.4.1.1].

System_CAPS_pubclassSaml2SubjectConfirmationData

Represents the SubjectConfirmationData element and the associated KeyInfoConfirmationDataType defined in [Saml2Core, 2.4.1.2-2.4.1.3].

System_CAPS_pubclassSaml2SubjectLocality

Represents the SubjectLocality element specified in [Saml2Core, 2.7.2.1].

System_CAPS_pubclassSamlAction

Represents the <saml:Action> element within a SAML assertion that contains an action on a specified resource.

System_CAPS_pubclassSamlAdvice

Represents the <saml:Advice> element within a SAML assertion that contains additional information provided by the SAML authority.

System_CAPS_pubclassSamlAssertion

Represents a Security Assertion Markup Language 1.1 (SAML 1.1) assertion.

System_CAPS_pubclassSamlAssertionKeyIdentifierClause

Represents a <KeyIndentifier> element that references a <saml:Assertion> element in a SOAP message.

System_CAPS_pubclassSamlAttribute

Represents an attribute that is associated with the subject of a SamlAttributeStatement.

System_CAPS_pubclassSamlAttributeStatement

Contains a set of attributes associated with a particular SamlSubject.

System_CAPS_pubclassSamlAudienceRestrictionCondition

Specifies that a SAML assertion is addressed to a particular audience.

System_CAPS_pubclassSamlAuthenticationClaimResource

Represents the resource type for a claim that is created from a SamlAuthenticationStatement.

System_CAPS_pubclassSamlAuthenticationStatement

Represents a claim for a SamlSecurityToken security token that asserts that the subject was authenticated by a particular means at a particular time.

System_CAPS_pubclassSamlAuthorityBinding

Specifies how to retrieve additional information about the subject of a SamlSecurityToken security token.

System_CAPS_pubclassSamlAuthorizationDecisionClaimResource

Represents a claim for a SamlSecurityToken security token that asserts an authorization decision regarding access to a specific resource.

System_CAPS_pubclassSamlAuthorizationDecisionStatement

Represents a claim for a SamlSecurityToken security token that asserts that an authorization decision regarding access by the subject to the specified resource has been made.

System_CAPS_pubclassSamlCondition

Represents a condition that must be taken into account when assessing the validity of a SAML assertion.

System_CAPS_pubclassSamlConditions

Represents a set of conditions that must be taken into account when assessing the validity of a SAML assertion.

System_CAPS_pubclassSamlConstants

Represents a set of constants that are used to set properties of a SamlSecurityToken security token. This class cannot be inherited.

System_CAPS_pubclassSamlDoNotCacheCondition

Represents a condition that must be taken into account when assessing the validity of a SAML assertion.

System_CAPS_pubclassSamlEvidence

Represents the evidence used to render an authorization decision for a SamlSecurityToken security token.

System_CAPS_pubclassSamlNameIdentifierClaimResource

Represents a claim for a SAML security token that asserts the subject's name.

System_CAPS_pubclassSamlSecurityKeyIdentifierClause

This class is used when a SamlAssertion is received without a <ds:KeyInfo> element inside the signature element. The KeyInfo describes the key required to check the signature. When the key is needed this clause will be presented to the current SecurityTokenResolver. It will contain the SamlAssertion fully read which can be queried to determine the key required.

System_CAPS_pubclassSamlSecurityToken

Represents a security token that is based upon a SAML assertion.

System_CAPS_pubclassSamlSecurityTokenHandler

Represents a security token handler that creates security tokens from SAML 1.1 Assertions.

System_CAPS_pubclassSamlSecurityTokenRequirement

Extends the SecurityTokenRequirement class by adding new properties that are useful for issued tokens.

System_CAPS_pubclassSamlSerializer

Serializes and deserializes SamlSecurityToken objects into and from XML documents.

System_CAPS_pubclassSamlStatement

Represents a claim for a SamlSecurityToken security token.

System_CAPS_pubclassSamlSubject

Represents the subject of a SAML security token.

System_CAPS_pubclassSamlSubjectStatement

Represents a claim for a SamlSecurityToken security token.

System_CAPS_pubclassSecurityAlgorithms

Defines constants for the URIs that represent the cryptographic algorithms that are used to encrypt XML and compute digital signatures for SOAP messages.

System_CAPS_pubclassSecurityKey

Base class for security keys.

System_CAPS_pubclassSecurityKeyElement

Provides delayed resolution of security keys by resolving the SecurityKeyIdentifierClause or SecurityKeyIdentifier only when cryptographic functions are needed. This allows a key identifier clause or key identifier that is never used by an application to be serialized and deserialzied on and off the wire without issues.

System_CAPS_pubclassSecurityKeyIdentifier

Represents a key identifier.

System_CAPS_pubclassSecurityKeyIdentifierClause

Represents an abstract base class for a key identifier clause.

System_CAPS_pubclassSecurityKeyIdentifierClauseSerializer

Abstract base class for a serializer that can serialize and deserialize key identifier clauses.

System_CAPS_pubclassSecurityToken

Represents a base class used to implement all security tokens.

System_CAPS_pubclassSecurityTokenDescriptor

This is a place holder for all the attributes related to the issued token

System_CAPS_pubclassSecurityTokenElement

Represents a number elements found in a RequestSecurityToken which represent security tokens.

System_CAPS_pubclassSecurityTokenException

The exception that is thrown when a problem occurs while processing a security token.

System_CAPS_pubclassSecurityTokenExpiredException

The exception that is thrown when a security token that has an expiration time in the past is received.

System_CAPS_pubclassSecurityTokenHandler

The abstract base class for security token handlers.

System_CAPS_pubclassSecurityTokenHandlerCollection

Represents a collection of security token handlers.

System_CAPS_pubclassSecurityTokenHandlerCollectionManager

A class that manages multiple, named security token handler collections.

System_CAPS_pubclassSecurityTokenHandlerConfiguration

Configuration common to all security token handlers.

System_CAPS_pubclassSecurityTokenNotYetValidException

The exception that is thrown when a security token that has an effective time in the future is received.

System_CAPS_pubclassSecurityTokenReplayDetectedException

The exception that is thrown when a security token that has been replayed is received.

System_CAPS_pubclassSecurityTokenTypes

Contains a set of static properties that returns strings that represent security token types.

System_CAPS_pubclassSecurityTokenValidationException

The exception that is thrown when a received security token is invalid.

System_CAPS_pubclassSessionSecurityToken

Defines a security token that contains data associated with a session.

System_CAPS_pubclassSessionSecurityTokenCache

Defines an abstract class for a cache of session security tokens.

System_CAPS_pubclassSessionSecurityTokenCacheKey

Represents the key for an entry in a SessionSecurityTokenCache.

System_CAPS_pubclassSessionSecurityTokenHandler

A SecurityTokenHandler that processes security tokens of type SessionSecurityToken.

System_CAPS_pubclassSigningCredentials

Represents the cryptographic key and security algorithms that are used to generate a digital signature.

System_CAPS_pubclassSymmetricProofDescriptor

This class can be used for issuing the symmetric key based token.

System_CAPS_pubclassSymmetricSecurityKey

Represents the abstract base class for all keys that are generated using symmetric algorithms.

System_CAPS_pubclassTokenReplayCache

The abstract base class that defines methods for a cache used to detect replayed tokens.

System_CAPS_pubclassSecurityTokenHandlerCollectionManager.Usage

Defines standard collection names used by the framework.

System_CAPS_pubclassUserNameSecurityToken

Represents a security token that is based upon a user name and password.

System_CAPS_pubclassUserNameSecurityTokenHandler

Defines an abstract base class for a SecurityTokenHandler that processes security tokens of type UserNameSecurityToken.

System_CAPS_pubclassWindowsSecurityToken

Represents a security token that is based on the identity of a Windows domain or user account.

System_CAPS_pubclassWindowsUserNameSecurityTokenHandler

Defines a SecurityTokenHandler that processes Windows Username tokens.

System_CAPS_pubclassX509AsymmetricSecurityKey

Represents an asymmetric key for X.509 certificates.

System_CAPS_pubclassX509CertificateStoreTokenResolver

Represents a token resolver that can resolve tokens of type X509SecurityToken against a specified X.509 certificate store.

System_CAPS_pubclassX509DataSecurityKeyIdentifierClauseSerializer

Represents a SecurityKeyIdentifierClauseSerializer that can process X.509 certificate reference types.

System_CAPS_pubclassX509EncryptingCredentials

Represents an X.509 token used as the encrypting credential. This class is usually used as key wrapping credentials.

System_CAPS_pubclassX509IssuerSerialKeyIdentifierClause

Represents a key identifier clause that identifies a X509SecurityToken security tokens using the distinguished name of the certificate issuer and the X.509 certificate's serial number.

System_CAPS_pubclassX509NTAuthChainTrustValidator

Represents an X.509 certificate validator that will validate a specified X.509 certificate and verify whether the certificate can be mapped to a Windows account and whether the certificate chain is trusted.

System_CAPS_pubclassX509RawDataKeyIdentifierClause

Represents a key identifier clause that identifies a X509SecurityToken security token using the X.509 certificate's raw data.

System_CAPS_pubclassX509SecurityToken

Represents a security token that is based upon an X.509 certificate.

System_CAPS_pubclassX509SecurityTokenHandler

Represents a security token handler that processes tokens of type X509SecurityToken. By default, the handler will perform chain-trust validation of the X.509 certificate.

System_CAPS_pubclassX509SigningCredentials

Represents an X.509 token used as the signing credential.

System_CAPS_pubclassX509SubjectKeyIdentifierClause

Represents a key identifier clause that identifies a X509SecurityToken security token using the X.509 certificate's subject key identifier extension.

System_CAPS_pubclassX509ThumbprintKeyIdentifierClause

Represents a key identifier clause that identifies a X509SecurityToken security tokens using the X.509 certificate's thumbprint.

System_CAPS_pubclassX509WindowsSecurityToken

Represents a security token that is based upon an X.509 certificate and that the certificate is mapped to a Windows domain user or local computer user account.

EnumerationDescription
System_CAPS_pubenumSamlAccessDecision

Specifies whether the subject of a SamlSecurityToken security token is granted access to a given resource.

System_CAPS_pubenumSecurityKeyType

Specifies the type of key that is associated with a security token.

System_CAPS_pubenumSecurityKeyUsage

Specifies how a key that is associated with a security token can be used.

Return to top
Show:
© 2016 Microsoft