SecurityTokenHandler.CreateSecurityTokenReference Method


When overridden in a derived class, creates the security token reference for tokens processed by that class. This method is typically called by a security token service (STS).

 virtual System::IdentityModel::Tokens::SecurityKeyIdentifierClause ^ CreateSecurityTokenReference(System::IdentityModel::Tokens::SecurityToken ^ token, bool attached);
public virtual System.IdentityModel.Tokens.SecurityKeyIdentifierClause CreateSecurityTokenReference (System.IdentityModel.Tokens.SecurityToken token, bool attached);
abstract member CreateSecurityTokenReference : System.IdentityModel.Tokens.SecurityToken * bool -> System.IdentityModel.Tokens.SecurityKeyIdentifierClause
override this.CreateSecurityTokenReference : System.IdentityModel.Tokens.SecurityToken * bool -> System.IdentityModel.Tokens.SecurityKeyIdentifierClause
Public Overridable Function CreateSecurityTokenReference (token As SecurityToken, attached As Boolean) As SecurityKeyIdentifierClause



The token for which the reference is to be created.


true if an attached reference should be created; false if an unattached reference should be created.


A key identifier clause that references the specified token.


The following code shows how to override the CreateSecurityTokenReference method to create a key identifier clause from the specified token. The code is taken from the Custom Token sample. This sample provides custom classes that enable processing of Simple Web Tokens (SWT). For information about this sample and other samples available for WIF and where to download them, see WIF Code Sample Index.

public override SecurityKeyIdentifierClause CreateSecurityTokenReference(SecurityToken token, bool attached)
    return token.CreateKeyIdentifierClause<LocalIdKeyIdentifierClause>();           


By default this method throws a NotImplementedException exception.

Derived classes override this method to return a key identifier clause (SecurityKeyIdentifierClause) that can be used to create a <wsse:SecurityTokenReference> element for the specified token.

Called from implementations of the SecurityTokenService class.

Typically, a SecurityKeyIdentifierClause does not need to be used, other than when a custom security token service is created. When a security token service returns a security token, the issued security token contains references to attached and unattached security tokens. Attached references refer to security tokens that are contained within the security header of a SOAP message and unattached references reference security tokens that are not included within the security header of a SOAP message. These references typically affirm the authenticity of the issued security token.

Applies to