Edit

Share via


SessionSecurityTokenHandler.ValidateToken Method

Definition

Validates a token and returns its claims.

Overloads

ValidateToken(SecurityToken)

Validates the specified token and returns its claims.

ValidateToken(SessionSecurityToken, String)

Validates the specified session token and returns its claims.

ValidateToken(SecurityToken)

Validates the specified token and returns its claims.

public:
 override System::Collections::ObjectModel::ReadOnlyCollection<System::Security::Claims::ClaimsIdentity ^> ^ ValidateToken(System::IdentityModel::Tokens::SecurityToken ^ token);
public override System.Collections.ObjectModel.ReadOnlyCollection<System.Security.Claims.ClaimsIdentity> ValidateToken (System.IdentityModel.Tokens.SecurityToken token);
override this.ValidateToken : System.IdentityModel.Tokens.SecurityToken -> System.Collections.ObjectModel.ReadOnlyCollection<System.Security.Claims.ClaimsIdentity>
Public Overrides Function ValidateToken (token As SecurityToken) As ReadOnlyCollection(Of ClaimsIdentity)

Parameters

token
SecurityToken

The token to be validated. Must be assignable from SessionSecurityToken.

Returns

The identities that are contained in the token.

Exceptions

token null.

token is not assignable from SessionSecurityToken.

Remarks

Invokes the ValidateSession method to validate the token.

See also

Applies to

ValidateToken(SessionSecurityToken, String)

Validates the specified session token and returns its claims.

public:
 virtual System::Collections::ObjectModel::ReadOnlyCollection<System::Security::Claims::ClaimsIdentity ^> ^ ValidateToken(System::IdentityModel::Tokens::SessionSecurityToken ^ token, System::String ^ endpointId);
public virtual System.Collections.ObjectModel.ReadOnlyCollection<System.Security.Claims.ClaimsIdentity> ValidateToken (System.IdentityModel.Tokens.SessionSecurityToken token, string endpointId);
override this.ValidateToken : System.IdentityModel.Tokens.SessionSecurityToken * string -> System.Collections.ObjectModel.ReadOnlyCollection<System.Security.Claims.ClaimsIdentity>
Public Overridable Function ValidateToken (token As SessionSecurityToken, endpointId As String) As ReadOnlyCollection(Of ClaimsIdentity)

Parameters

token
SessionSecurityToken

The token to be validated. Must be assignable from SessionSecurityToken.

endpointId
String

The identifier of the endpoint to which the token is scoped.

Returns

The identities that are contained in the token.

Exceptions

token is null.

-or-

endpointId is null.

token is not assignable from SessionSecurityToken.

The EndpointId property of the specified token is not null or empty and its value is different than that specified by the endpointId parameter.

Remarks

Performs a check to make sure that the specified token is scoped for the specified endpoint ID and, if so, invokes the SessionSecurityTokenHandler.ValidateToken(SecurityToken) method; otherwise, throws a SecurityTokenException.

Important

Session tokens that have an EndpointId property that is null or empty are considered to be globally scoped. This presents a potential security risk. For this reason you should make sure that the EndpointId property is set in your session tokens.

See also

Applies to