UserNameSecurityTokenAuthenticator.ValidateUserNamePasswordCore Method

Reference

Definition

Namespace:: System.IdentityModel.Selectors

Assembly:: System.IdentityModel.dll

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

When overridden in a derived class, authenticates the specified user name and password and returns the set of authorization policies for UserNameSecurityToken security tokens.

protected:
 abstract System::Collections::ObjectModel::ReadOnlyCollection<System::IdentityModel::Policy::IAuthorizationPolicy ^> ^ ValidateUserNamePasswordCore(System::String ^ userName, System::String ^ password);

protected abstract System.Collections.ObjectModel.ReadOnlyCollection<System.IdentityModel.Policy.IAuthorizationPolicy> ValidateUserNamePasswordCore (string userName, string password);

abstract member ValidateUserNamePasswordCore : string * string -> System.Collections.ObjectModel.ReadOnlyCollection<System.IdentityModel.Policy.IAuthorizationPolicy>

Protected MustOverride Function ValidateUserNamePasswordCore (userName As String, password As String) As ReadOnlyCollection(Of IAuthorizationPolicy)

Parameters

userName: String

The user name associated with the security token.

password: String

The password associated with the security token.

Returns

ReadOnlyCollection<IAuthorizationPolicy>

A ReadOnlyCollection<T> of type IAuthorizationPolicy that contains the set of authorization policies in effect for this application.

Examples

protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateUserNamePasswordCore(string userName, string password)
{
    if (!ValidateUserNameFormat(userName))
        throw new SecurityTokenValidationException("Incorrect UserName format");

    ClaimSet claimSet = new DefaultClaimSet(ClaimSet.System, new Claim(ClaimTypes.Name, userName, Rights.PossessProperty));
    List<IIdentity> identities = new List<IIdentity>(1);
    identities.Add(new GenericIdentity(userName));
    List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>(1);
    policies.Add(new UnconditionalPolicy(ClaimSet.System, claimSet, DateTime.MaxValue.ToUniversalTime(), identities));
    return policies.AsReadOnly();
}

    Protected Overrides Function ValidateUserNamePasswordCore(ByVal userName As String, ByVal password As String) As ReadOnlyCollection(Of IAuthorizationPolicy)

        If Not ValidateUserNameFormat(userName) Then
            Throw New SecurityTokenValidationException("Incorrect UserName format")
        End If
        Dim setOfClaims As New DefaultClaimSet(ClaimSet.System, New Claim(ClaimTypes.Name, userName, Rights.PossessProperty))
        Dim identities As New List(Of IIdentity)(1)

        identities.Add(New GenericIdentity(userName))
        Dim policies As New List(Of IAuthorizationPolicy)(1)
        policies.Add(New UnconditionalPolicy(ClaimSet.System, setOfClaims, DateTime.MaxValue.ToUniversalTime(), identities))
        Return policies.AsReadOnly()

    End Function 'New
End Class

Remarks

Override the ValidateUserNamePasswordCore method to authenticate UserNameSecurityToken security tokens.

When the ValidateUserNamePasswordCore method is overridden, follow these guidelines:

When the security token passed into the token parameter cannot be validated, throw the SecurityTokenValidationException exception.
When there are no authorization policies in effect for this application, return an empty ReadOnlyCollection<T> of type IAuthorizationPolicy.

When this method returns null, Windows Communication Foundation throws a SecurityTokenValidationException exception.

Applies to

Share via