This documentation is archived and is not being maintained.

SecurityStateEncoder Class

An abstract class that can be implemented to encode the security state.

Namespace:  System.ServiceModel.Security
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

Public MustInherit Class SecurityStateEncoder
Dim instance As SecurityStateEncoder

This class is used to encode and decode the content of the security context token when a binding with message security that uses a stateful security context token is used. For more information about stateful security context tokens, see How To: Create a Stateful Security Context Token for a Secure Session topic.

Microsoft’s version of SecurityStateEncoder is DataProtectionSecurityStateEncoder. It uses Microsoft’s Windows Data Protection (DPAPI) technology to encrypt/decrypt the cookie. You can plug in a different mechanism for encrypting and decrypting cookies by implementing this class.

The encoding of the security state must ensure that the state is signed and encrypted for the service.

This class is used by the server when sending the security state as a cookie in the SecurityContextToken issued to the client.

An example implementation of this class is an X509CertificateSecurityStateEncoder that uses the service's certificate to sign and encrypt the security state.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0