Freigeben über


SecurityTokenHandler Class

Defines the interface for a Custom Security Token Handler.

Namespace: Microsoft.IdentityModel.Tokens
Assembly: Microsoft.IdentityModel (in microsoft.identitymodel.dll)

Verwendung

    Dim instance As SecurityTokenHandler

Syntax

'Declaration
Public MustInherit Class SecurityTokenHandler
public abstract class SecurityTokenHandler
public ref class SecurityTokenHandler abstract
public abstract class SecurityTokenHandler
public abstract class SecurityTokenHandler

Beispiel


using (ServiceHost host = new ServiceHost(typeof(ClaimsAwareWebService), new Uri("https://localhost:6020/ClaimsAwareWebService")))
  {
     // Update the service credentials so that it can deserialize 
     // the custom token 
      ExtensibleServiceCredentials creds = new ExtensibleServiceCredentials();

CustomTokenHandler handler = new CustomTokenHandler();

// Add the custom token handler
      creds.TokenHandlers.Add( handler );

host.Description.Behaviors.Remove<ServiceCredentials>();
      host.Description.Behaviors.Add(creds);

      host.Open();

      Console.WriteLine(“Service is ready, press ENTER to close ...”);
      Console.ReadLine();

      host.Close()
   }


// Class that implements a custom security token handler

// This class derives from the SecurityTokenHandler class so that 
// the STS can issue a custom token.

    class CustomTokenHandler : SecurityTokenHandler
    {
        public const string TokenName = "MyDecisionToken";
        public const string Decision = "Decision";
        public const string TokenNamespace = "https://localhost/TokenNamespace";
        public const string Id = "Id";
        public const string Key = "Key";
        public const string DecisionClaimType = "https://localhost/DecisionClaimType";

// Define any necessary configurations 

        public CustomTokenHandler()
            : base()
        {
        }

// Implement the methods needed to handle validate/create of custom tokens

        /// <summary>
        /// This gets called by the STS to issue a token
        /// </summary>
        /// <param name="tokenDescriptor">The token descriptor.</param>
        /// <returns>The security token.</returns>
        public override SecurityToken CreateToken( SecurityTokenDescriptor tokenDescriptor )
        {
// Determine the claims that need to go in the token

// Create an instance of custom security token
// Custom security tokens are created by implementing a 
// class that derives from the SecurityToken class exposed 
// by WIF

SecurityToken token = MySecurityToken(…);
            
return token;
        }
        /// <summary>
        /// Gets the System.Type of the SecurityToken this instance handles.
        /// </summary>
        public override Type TokenType
        {
            get
            {
                return typeof(MySecurityToken);
            }
        }

        /// <summary>
        /// Gets the URI used in requests to identify a token of the type handled
        /// by this instance. 
        /// </summary>
        /// <remarks>
        /// For example, this should be the URI value used 
        /// in the RequestSecurityToken's TokenType element to request this
        /// sort of token.
        /// </remarks>
        public override string TokenTypeIdentifier
        {
            get
            {
                return “Custom Token Type”;
            }
        }

        /// <summary>
        /// This gets called on the STS to serialize the token 
        /// </summary>
        /// <param name="writer"></param>
        /// <param name="token"></param>
        /// <param name="serializer"></param>
        /// <exception cref="ArgumentException">When the token is null.</exception>
        public override void WriteToken( XmlWriter writer, SecurityToken token, SecurityTokenSerializer serializer )
        {
            MySecurityToken decisionToken = token as MySecurityToken;

// Check for valid instance creation for decisionToken


// Create a signature writer to serialize the token
            EnvelopedSignatureWriter envWriter = new EnvelopedSignatureWriter( writer, decisionToken.SigningCredentials, decisionToken.Id, serializer ); 

            // Start the tokenName
            envWriter.WriteStartElement( TokenName, TokenNamespace );
            envWriter.WriteAttributeString( Id, token.Id );
            
            // Write the decision element
            envWriter.WriteElementString( Decision, TokenNamespace, Convert.ToString( decisionToken.Decision ) );

            // Write the key
            envWriter.WriteElementString( Key, TokenNamespace, Convert.ToBase64String( ( (MySecurityToken)token ).RetrieveKeyBytes() ) );
           
            // Close the TokenName element
            envWriter.WriteEndElement();
        }

        /// <summary>
        /// Indicates whether this handler supports validation of tokens 
        /// handled by this instance.
        /// </summary>
        /// <returns>true if the class is capable of SecurityToken
        /// validation.</returns>
        public override bool CanValidateToken
        {
            get { return true; }
        }

        /// <summary>
        /// Validates a token and returns its claims.
        /// </summary>
        /// <param name="token">The security token.</param>
        /// <returns>The collection of claims contained in the token.</returns>
        public override ClaimsIdentityCollection ValidateToken(SecurityToken token)
        {
                //
                // Generate the decision claim based on the decision
                //
                ClaimsIdentityCollection identities = new ClaimsIdentityCollection();

// Add necessary claims that need to be added in the 
// token

                return identities;
        }
    }

Hinweise

SecurityTokenHandler defines an interface for plugging custom token handling functionality. Using the SecurityTokenHandler you can add functionality to serialize, de-serialize, authenticate and create the token. The framework maintains a single copy of the SecurityTokenHandler for each token type. So custom token handlers should not have any state information associated with the handler.

Custom token handler can be registered in application configuration inside the <tokenHandlers> element or by adding it to the ExtensibleServiceCredentials.TokenHandlers collection programmatically.

Vererbungshierarchie

System.Object
  Microsoft.IdentityModel.Tokens.SecurityTokenHandler
     Abgeleitete Klassen

Threadsicherheit

Beliebige öffentliche, statische (Freigegebene in Visual Basic) Member dieses Typs sind threadsicher. Bei Instanzmembern ist die Threadsicherheit nicht gewährleistet.

Plattformen

Entwicklungsplattformen

Windows Server 2003, Windows Vista

Target Platforms

Windows Server 2008, Windows Vista, Not tested on Windows XP

Change History

Siehe auch

Referenz

SecurityTokenHandler Members
Microsoft.IdentityModel.Tokens Namespace