SessionSecurityTokenHandler.ReadToken Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Reads a SessionSecurityToken.
Overloads
| ReadToken(XmlReader) |
Reads the SessionSecurityToken using the specified XML reader. |
| ReadToken(Byte[], SecurityTokenResolver) |
Reads the SessionSecurityToken from a stream of bytes by using the specified token resolver. |
| ReadToken(XmlReader, SecurityTokenResolver) |
Reads the SessionSecurityToken using the specified XML reader and token resolver. |
Remarks
Important
Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Validate All Inputs.
The default implementation deserializes the token from either a WS-Secure Conversation Feb2005 or WS-Secure Conversation 1.3 <wsc:SecurityContextToken> element.
ReadToken(XmlReader)
Reads the SessionSecurityToken using the specified XML reader.
public:
override System::IdentityModel::Tokens::SecurityToken ^ ReadToken(System::Xml::XmlReader ^ reader);public override System.IdentityModel.Tokens.SecurityToken ReadToken (System.Xml.XmlReader reader);override this.ReadToken : System.Xml.XmlReader -> System.IdentityModel.Tokens.SecurityTokenPublic Overrides Function ReadToken (reader As XmlReader) As SecurityTokenParameters
- reader
- XmlReader
The XmlReader over the incoming SecurityToken.
Returns
The session security token that was read, an instance of SessionSecurityToken.
Exceptions
reader is null.
The reader is not positioned at a SessionSecurityToken or the SessionSecurityToken cannot be read.
Remarks
Important
Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Validate All Inputs.
The reader must be positioned at either a WS-Secure Conversation Feb2005 or a WS-Secure Conversation 1.3 <wsc:SecurityContextToken> element.
The default implementation invokes the SessionSecurityTokenHandler.ReadToken(XmlReader, SecurityTokenResolver) method using a default token resolver.
Applies to
ReadToken(Byte[], SecurityTokenResolver)
Reads the SessionSecurityToken from a stream of bytes by using the specified token resolver.
public:
virtual System::IdentityModel::Tokens::SecurityToken ^ ReadToken(cli::array <System::Byte> ^ token, System::IdentityModel::Selectors::SecurityTokenResolver ^ tokenResolver);public virtual System.IdentityModel.Tokens.SecurityToken ReadToken (byte[] token, System.IdentityModel.Selectors.SecurityTokenResolver tokenResolver);override this.ReadToken : byte[] * System.IdentityModel.Selectors.SecurityTokenResolver -> System.IdentityModel.Tokens.SecurityTokenPublic Overridable Function ReadToken (token As Byte(), tokenResolver As SecurityTokenResolver) As SecurityTokenParameters
- token
- Byte[]
The stream of bytes that contains the token.
- tokenResolver
- SecurityTokenResolver
The token resolver to use.
Returns
The SessionSecurityToken that was read.
Remarks
Important
Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Validate All Inputs.
The default implementation creates an XmlDictionaryReader over the token and invokes the SessionSecurityTokenHandler.ReadToken(XmlReader, SecurityTokenResolver) method.
Applies to
ReadToken(XmlReader, SecurityTokenResolver)
Reads the SessionSecurityToken using the specified XML reader and token resolver.
public:
override System::IdentityModel::Tokens::SecurityToken ^ ReadToken(System::Xml::XmlReader ^ reader, System::IdentityModel::Selectors::SecurityTokenResolver ^ tokenResolver);public override System.IdentityModel.Tokens.SecurityToken ReadToken (System.Xml.XmlReader reader, System.IdentityModel.Selectors.SecurityTokenResolver tokenResolver);override this.ReadToken : System.Xml.XmlReader * System.IdentityModel.Selectors.SecurityTokenResolver -> System.IdentityModel.Tokens.SecurityTokenPublic Overrides Function ReadToken (reader As XmlReader, tokenResolver As SecurityTokenResolver) As SecurityTokenParameters
- reader
- XmlReader
The XmlReader over the incoming SecurityToken.
- tokenResolver
- SecurityTokenResolver
A SecurityTokenResolver that can used to resolve the SessionSecurityToken.
Returns
The session security token that was read, an instance of SessionSecurityToken.
Exceptions
The reader is not positioned at a SessionSecurityToken or the SessionSecurityToken cannot be read.
Remarks
Important
Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Validate All Inputs.
The reader must be positioned at either a WS-Secure Conversation Feb2005 or a WS-Secure Conversation 1.3 <wsc:SecurityContextToken> element.
If the token material is cached, it is read from the token cache, which is an instance of the SessionSecurityTokenCache class. Otherwise, the token material is read from the child element of the <wsc:SecurityContextToken> element that is specified by the CookieElementName and CookieNamespace properties and the ApplyTransforms method is invoked to decode the cookie.
For more information about how session tokens are serialized into a <SecurityContextToken element, see the SessionSecurityTokenHandler.WriteToken(XmlWriter, SecurityToken) method.
