SecurityStateEncoder Class


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

An abstract class that can be implemented to encode the security state.

Namespace:   System.ServiceModel.Security
Assembly:  System.ServiceModel (in System.ServiceModel.dll)


public abstract class SecurityStateEncoder


Initializes a new instance of the SecurityStateEncoder class.


This API supports the product infrastructure and is not intended to be used directly from your code. Decodes the security state.


This API supports the product infrastructure and is not intended to be used directly from your code. Encodes the security state.


Determines whether the specified object is equal to the current object.(Inherited from Object.)


Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)


Serves as the default hash function. (Inherited from Object.)


Gets the Type of the current instance.(Inherited from Object.)


Creates a shallow copy of the current Object.(Inherited from Object.)


Returns a string that represents the current object.(Inherited from Object.)

This class is used to encode and decode the content of the security context token when a binding with message security that uses a stateful security context token is used. For more information about stateful security context tokens, see How to: Create a Security Context Token for a Secure Session topic.

Microsoft’s version of SecurityStateEncoder is DataProtectionSecurityStateEncoder. It uses Microsoft’s Windows Data Protection (DPAPI) technology to encrypt/decrypt the cookie. You can plug in a different mechanism for encrypting and decrypting cookies by implementing this class.

The encoding of the security state must ensure that the state is signed and encrypted for the service.

This class is used by the server when sending the security state as a cookie in the SecurityContextToken issued to the client.

An example implementation of this class is an X509CertificateSecurityStateEncoder that uses the service's certificate to sign and encrypt the security state.

.NET Framework
Available since 3.0

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top