Windows apps
Collapse the table of content
Expand the table of content
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

WsCreateXmlSecurityToken function

Creates a security token from its specified XML form.


HRESULT WINAPI  WsCreateXmlSecurityToken(
  _In_     WS_XML_BUFFER*                        tokenXml,
  _In_opt_ WS_SECURITY_KEY_HANDLE*               tokenKey,
           const WS_XML_SECURITY_TOKEN_PROPERTY* properties,
  _In_     ULONG                                 propertyCount,
           WS_SECURITY_TOKEN**                   token,
  _In_opt_ WS_ERROR*                             error


tokenXml [in]

Pointer to a WS_XML_BUFFER structure containing the security token in its XML form. The referenced buffer must have exactly one top level XML element.

tokenKey [in, optional]

Pointer to a SECURITY_KEY_HANDLE structure that may or may not contain a cryptographic proof-of-possession key. If present the key can be used to bind this security token to a message. If the value of the tokenKey parameter is not NULL, the token is assumed to have a proof-of-possession key. If the value is NULL, the structure is assumed to be a "bearer token" as defined below.

  • A bearer token also called a basic or keyless token is serialized in a message to demonstrate the message's possession of the token, and to indicate the intention to apply the claims from the token to that message.
  • A proof-of-possession token also called a PoP or cryptographic token has an associated cryptographic key which must be used to "sign" a message in order to demonstrate possession of the token and to indicate the intention to apply the claims from the token to that message. An example is an X.509 certificate: the message must be signed with the private key of the certificate in order for a receiving principal to accept the message as carrying the claims present in the certificate.

An array of WS_XML_SECURITY_TOKEN_PROPERTY structures containing optional properties for the XML security token.

The value of this parameter may be NULL, in which case, the propertyCount parameter must be 0 (zero).

propertyCount [in]

The number of properties in the properties array.


On success, a pointer that receives the address of the WS_SECURITY_TOKEN structure representing the created XML security token. When you no longer need this structure, you must free it by calling WsFreeSecurityToken.

The returned security token may be used with WS_XML_TOKEN_MESSAGE_SECURITY_BINDING if it is to be presented to a service.

error [in, optional]

Pointer to a WS_ERROR structure that receives additional error information if the function fails.

Return value

If the function succeeds, it returns NO_ERROR; otherwise, it returns an HRESULT error code.

Return codeDescription

One or more arguments are invalid.


Insufficient memory to complete the operation.

Other Errors

This function may return other errors not listed above.



Minimum supported client

Windows 7 [desktop apps | UWP apps]

Minimum supported server

Windows Server 2008 R2 [desktop apps | UWP apps]









© 2018 Microsoft