System.IdentityModel.Tokens Namespace
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Contains base classes such as SecurityToken, SecurityTokenHandler, and SecurityKeyIdentifierClause, as well as classes that derive from these classes and represent several of the token types, artifacts, and handlers for which the Windows Identity Foundation (WIF) has built in support. This includes classes that contain support for SAML v1.1 and v2.0 tokens, such as: SamlSecurityToken, SamlSecurityTokenHandler, Saml2SecurityToken, and Saml2SecurityTokenHandler.
Classes
| AggregateTokenResolver |
Represents a security token resolver that can wrap multiple token resolvers and resolve tokens across all of the wrapped resolvers. |
| AsymmetricProofDescriptor |
This class can be used for issuing the asymmetric key based token. |
| AsymmetricSecurityKey |
Base class for asymmetric keys. |
| AudienceRestriction |
Defines settings for an AudienceRestriction verification. |
| AudienceUriValidationFailedException |
The exception that is thrown when an incoming security token fails Audience URI validation. |
| AuthenticationContext |
This class is used to specify the context of an authentication event. |
| AuthenticationMethods |
Defines constants for supported well-known authentication methods. Defines constants for SAML authentication methods. |
| BinaryKeyIdentifierClause |
Represents a base class for key identifier clauses that are based upon binary data. |
| BootstrapContext |
Contains a serialized version of the original token that was used at sign-in time. |
| ComputedKeyAlgorithms |
Used in the RST to indicate the desired algorithm with which to compute a key based on the combined entropies from both the token requestor and the token issuer. |
| ConfigurationBasedIssuerNameRegistry |
Represents an issuer name registry that maintains a list of trusted issuers loaded from elements in the application configuration file that associate each issuer name to the X.509 certificate that is needed to verify the signature of tokens produced by the issuer. |
| EmptySecurityKeyIdentifierClause |
Represents an empty key identifier clause. This class is used when an |
| EncryptedKeyEncryptingCredentials |
Represents the encrypted key encrypting credentials. These are usually used as data encrypting credentials to encrypt things like tokens. |
| EncryptedKeyIdentifierClause |
Represents a key identifier clause that identifies an encrypted key. |
| EncryptedSecurityToken |
A wrapping-token that handles encryption for a token that does not natively support it. |
| EncryptedSecurityTokenHandler |
A token handler for encrypted security tokens. Handles tokens of type EncryptedSecurityToken. |
| EncryptedTokenDecryptionFailedException |
The exception that is thrown when an error occurs while processing an encrypted security token. |
| EncryptingCredentials |
Represents the cryptographic key and encrypting algorithm that are used to encrypt the proof key. |
| GenericXmlSecurityKeyIdentifierClause |
Represents a key identifier clause that is based on XML. |
| GenericXmlSecurityToken |
Represents a security token that is based upon XML. |
| InMemorySymmetricSecurityKey |
Represents keys that are generated using symmetric algorithms and are only stored in the local computer's random access memory. |
| IssuerNameRegistry |
The abstract base class for an issuer name registry. An issuer name registry is used to associate a mnemonic name to the cryptographic material that is needed to verify the signatures of tokens produced by the corresponding issuer. The issuer name registry maintains a list of issuers that are trusted by a relying party (RP) application. |
| IssuerTokenResolver |
Resolves issuer tokens received from service partners. |
| KerberosReceiverSecurityToken |
Represents a security token that is based upon a Kerberos ticket that is received in a SOAP message. |
| KerberosRequestorSecurityToken |
Represents a security token that is based upon a Kerberos ticket that is sent in an SOAP request. |
| KerberosSecurityTokenHandler |
Represents a security token handler that processes Kerberos tokens. Handles tokens of type KerberosReceiverSecurityToken. |
| KerberosTicketHashKeyIdentifierClause |
Represents a key identifier clause that identifies a KerberosRequestorSecurityToken or KerberosReceiverSecurityToken security token. |
| LocalIdKeyIdentifierClause |
Represents a key identifier clause that identifies a security tokens specified in the security header of the SOAP message. |
| ProofDescriptor |
The base class for the SymmetricProofDescriptor and AsymmetricProofDescriptor classes. |
| RsaKeyIdentifierClause |
Represents a key identifier clause that identifies a RsaSecurityToken security token. |
| RsaSecurityKey |
Represents a security key that is generated using the RSA algorithm. This class cannot be inherited. |
| RsaSecurityToken |
Represents a security token that is based upon key that is created using the RSA algorithm. |
| RsaSecurityTokenHandler |
Represents a SecurityTokenHandler that processes tokens of type RsaSecurityToken. |
| Saml2Action |
Represents a |
| Saml2Advice |
Represents the Advice element specified in [Saml2Core, 2.6.1]. |
| Saml2Assertion |
Represents the Assertion element specified in [Saml2Core, 2.3.3]. |
| Saml2AssertionKeyIdentifierClause |
Represents a SecurityKeyIdentifierClause implementation for referencing SAML2-based security tokens. |
| Saml2Attribute |
Represents the Attribute element specified in [Saml2Core, 2.7.3.1]. |
| Saml2AttributeStatement |
Represents the AttributeStatement element specified in [Saml2Core, 2.7.3]. |
| Saml2AudienceRestriction |
Represents the AudienceRestriction element specified in [Saml2Core, 2.5.1.4]. |
| Saml2AuthenticationContext |
Represents the AuthnContext element specified in [Saml2Core, 2.7.2.2]. |
| Saml2AuthenticationStatement |
Represents the AuthnStatement element specified in [Saml2Core, 2.7.2]. |
| Saml2AuthorizationDecisionStatement |
Represents the |
| Saml2Conditions |
Represents the Conditions element specified in [Saml2Core, 2.5.1]. |
| Saml2Evidence |
Represents the Evidence element specified in [Saml2Core, 2.7.4.3]. |
| Saml2Id |
Represents the identifier used for SAML assertions. |
| Saml2NameIdentifier |
Represents the NameID element as specified in [Saml2Core, 2.2.3] or the EncryptedID element as specified in [Saml2Core, 2.2.4]. |
| Saml2ProxyRestriction |
Represents the ProxyRestriction element specified in [Saml2Core, 2.5.1.6]. |
| Saml2SecurityKeyIdentifierClause |
This class is used when a Saml2Assertion is received without a <ds:KeyInfo> element inside the signature element. The KeyInfo describes the key required to check the signature. When the key is needed this clause will be presented to the current SecurityTokenResolver. It will contain the Saml2Assertion fully read which can be queried to determine the key required. |
| Saml2SecurityToken |
Represents a security token that is based upon a SAML assertion. |
| Saml2SecurityTokenHandler |
Represents a security token handler that creates security tokens from SAML 2.0 Assertions. |
| Saml2Statement |
Represents the StatementAbstractType specified in [Saml2Core, 2.7.1]. |
| Saml2Subject |
Represents the Subject element specified in [Saml2Core, 2.4.1]. |
| Saml2SubjectConfirmation |
Represents the SubjectConfirmation element specified in [Saml2Core, 2.4.1.1]. |
| Saml2SubjectConfirmationData |
Represents the SubjectConfirmationData element and the associated KeyInfoConfirmationDataType defined in [Saml2Core, 2.4.1.2-2.4.1.3]. |
| Saml2SubjectLocality |
Represents the SubjectLocality element specified in [Saml2Core, 2.7.2.1]. |
| SamlAction |
Represents the |
| SamlAdvice |
Represents the |
| SamlAssertion |
Represents a Security Assertion Markup Language 1.1 (SAML 1.1) assertion. |
| SamlAssertionKeyIdentifierClause |
Represents a |
| SamlAttribute |
Represents an attribute that is associated with the subject of a SamlAttributeStatement. |
| SamlAttributeStatement |
Contains a set of attributes associated with a particular SamlSubject. |
| SamlAudienceRestrictionCondition |
Specifies that a SAML assertion is addressed to a particular audience. |
| SamlAuthenticationClaimResource |
Represents the resource type for a claim that is created from a SamlAuthenticationStatement. |
| SamlAuthenticationStatement |
Represents a claim for a SamlSecurityToken security token that asserts that the subject was authenticated by a particular means at a particular time. |
| SamlAuthorityBinding |
Specifies how to retrieve additional information about the subject of a SamlSecurityToken security token. |
| SamlAuthorizationDecisionClaimResource |
Represents a claim for a SamlSecurityToken security token that asserts an authorization decision regarding access to a specific resource. |
| SamlAuthorizationDecisionStatement |
Represents a claim for a SamlSecurityToken security token that asserts that an authorization decision regarding access by the subject to the specified resource has been made. |
| SamlCondition |
Represents a condition that must be taken into account when assessing the validity of a SAML assertion. |
| SamlConditions |
Represents a set of conditions that must be taken into account when assessing the validity of a SAML assertion. |
| SamlConstants |
Represents a set of constants that are used to set properties of a SamlSecurityToken security token. This class cannot be inherited. |
| SamlDoNotCacheCondition |
Represents a condition that must be taken into account when assessing the validity of a SAML assertion. |
| SamlEvidence |
Represents the evidence used to render an authorization decision for a SamlSecurityToken security token. |
| SamlNameIdentifierClaimResource |
Represents a claim for a SAML security token that asserts the subject's name. |
| SamlSecurityKeyIdentifierClause |
This class is used when a SamlAssertion is received without a <ds:KeyInfo> element inside the signature element. The KeyInfo describes the key required to check the signature. When the key is needed this clause will be presented to the current SecurityTokenResolver. It will contain the SamlAssertion fully read which can be queried to determine the key required. |
| SamlSecurityToken |
Represents a security token that is based upon a SAML assertion. |
| SamlSecurityTokenHandler |
Represents a security token handler that creates security tokens from SAML 1.1 Assertions. |
| SamlSecurityTokenRequirement |
Extends the SecurityTokenRequirement class by adding new properties that are useful for issued tokens. |
| SamlSerializer |
Serializes and deserializes SamlSecurityToken objects into and from XML documents. |
| SamlStatement |
Represents a claim for a SamlSecurityToken security token. |
| SamlSubject |
Represents the subject of a SAML security token. |
| SamlSubjectStatement |
Represents a claim for a SamlSecurityToken security token. |
| SecurityAlgorithms |
Defines constants for the URIs that represent the cryptographic algorithms that are used to encrypt XML and compute digital signatures for SOAP messages. |
| SecurityKey |
Base class for security keys. |
| SecurityKeyElement |
Provides delayed resolution of security keys by resolving the SecurityKeyIdentifierClause or SecurityKeyIdentifier only when cryptographic functions are needed. This allows a key identifier clause or key identifier that is never used by an application to be serialized and deserialized on and off the wire without issues. |
| SecurityKeyIdentifier |
Represents a key identifier. |
| SecurityKeyIdentifierClause |
Represents an abstract base class for a key identifier clause. |
| SecurityKeyIdentifierClauseSerializer |
Abstract base class for a serializer that can serialize and deserialize key identifier clauses. |
| SecurityToken |
Represents a base class used to implement all security tokens. |
| SecurityTokenDescriptor |
This is a place holder for all the attributes related to the issued token. |
| SecurityTokenElement |
Represents a number elements found in a RequestSecurityToken which represent security tokens. |
| SecurityTokenException |
The exception that is thrown when a problem occurs while processing a security token. |
| SecurityTokenExpiredException |
The exception that is thrown when a security token that has an expiration time in the past is received. |
| SecurityTokenHandler |
The abstract base class for security token handlers. |
| SecurityTokenHandlerCollection |
Represents a collection of security token handlers. |
| SecurityTokenHandlerCollectionManager |
A class that manages multiple, named security token handler collections. |
| SecurityTokenHandlerCollectionManager.Usage |
Defines standard collection names used by the framework. |
| SecurityTokenHandlerConfiguration |
Configuration common to all security token handlers. |
| SecurityTokenNotYetValidException |
The exception that is thrown when a security token that has an effective time in the future is received. |
| SecurityTokenReplayDetectedException |
The exception that is thrown when a security token that has been replayed is received. |
| SecurityTokenTypes |
Contains a set of static properties that returns strings that represent security token types. |
| SecurityTokenValidationException |
The exception that is thrown when a received security token is invalid. |
| SessionSecurityToken |
Defines a security token that contains data associated with a session. |
| SessionSecurityTokenCache |
Defines an abstract class for a cache of session security tokens. |
| SessionSecurityTokenCacheKey |
Represents the key for an entry in a SessionSecurityTokenCache. |
| SessionSecurityTokenHandler |
A SecurityTokenHandler that processes security tokens of type SessionSecurityToken. |
| SigningCredentials |
Represents the cryptographic key and security algorithms that are used to generate a digital signature. |
| SymmetricProofDescriptor |
This class can be used for issuing the symmetric key based token. |
| SymmetricSecurityKey |
Represents the abstract base class for all keys that are generated using symmetric algorithms. |
| TokenReplayCache |
The abstract base class that defines methods for a cache used to detect replayed tokens. |
| UserNameSecurityToken |
Represents a security token that is based upon a user name and password. |
| UserNameSecurityTokenHandler |
Defines an abstract base class for a SecurityTokenHandler that processes security tokens of type UserNameSecurityToken. |
| WindowsSecurityToken |
Represents a security token that is based on the identity of a Windows domain or user account. |
| WindowsUserNameSecurityTokenHandler |
Defines a SecurityTokenHandler that processes Windows Username tokens. |
| X509AsymmetricSecurityKey |
Represents an asymmetric key for X.509 certificates. |
| X509CertificateStoreTokenResolver |
Represents a token resolver that can resolve tokens of type X509SecurityToken against a specified X.509 certificate store. |
| X509DataSecurityKeyIdentifierClauseSerializer |
Represents a SecurityKeyIdentifierClauseSerializer that can process X.509 certificate reference types. |
| X509EncryptingCredentials |
Represents an X.509 token used as the encrypting credential. This class is usually used as key wrapping credentials. |
| X509IssuerSerialKeyIdentifierClause |
Represents a key identifier clause that identifies a X509SecurityToken security tokens using the distinguished name of the certificate issuer and the X.509 certificate's serial number. |
| X509NTAuthChainTrustValidator |
Represents an X.509 certificate validator that will validate a specified X.509 certificate and verify whether the certificate can be mapped to a Windows account and whether the certificate chain is trusted. |
| X509RawDataKeyIdentifierClause |
Represents a key identifier clause that identifies a X509SecurityToken security token using the X.509 certificate's raw data. |
| X509SecurityToken |
Represents a security token that is based upon an X.509 certificate. |
| X509SecurityTokenHandler |
Represents a security token handler that processes tokens of type X509SecurityToken. By default, the handler will perform chain-trust validation of the X.509 certificate. |
| X509SigningCredentials |
Represents an X.509 token used as the signing credential. |
| X509SubjectKeyIdentifierClause |
Represents a key identifier clause that identifies a X509SecurityToken security token using the X.509 certificate's subject key identifier extension. |
| X509ThumbprintKeyIdentifierClause |
Represents a key identifier clause that identifies a X509SecurityToken security tokens using the X.509 certificate's thumbprint. |
| X509WindowsSecurityToken |
Represents a security token that is based upon an X.509 certificate and that the certificate is mapped to a Windows domain user or local computer user account. |
Enums
| SamlAccessDecision |
Specifies whether the subject of a SamlSecurityToken security token is granted access to a given resource. |
| SecurityKeyType |
Specifies the type of key that is associated with a security token. |
| SecurityKeyUsage |
Specifies how a key that is associated with a security token can be used. |
