SecurityTokenProvider Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Represents a security token provider that handles security tokens for a SOAP message sender.
public ref class SecurityTokenProvider abstract
public abstract class SecurityTokenProvider
type SecurityTokenProvider = class
Public MustInherit Class SecurityTokenProvider
- Inheritance
-
SecurityTokenProvider
- Derived
Examples
using System;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.IO;
using System.ServiceModel.Security;
using System.Xml;
namespace Microsoft.ServiceModel.Samples
{
/// <summary>
/// class that derives from SecurityTokenProvider and returns a SecurityToken representing a SAML assertion
/// </summary>
public class SamlSecurityTokenProvider : SecurityTokenProvider
{
/// <summary>
/// The SAML assertion that the SamlSecurityTokenProvider will return as a SecurityToken
/// </summary>
SamlAssertion assertion;
/// <summary>
/// The proof token associated with the SAML assertion
/// </summary>
SecurityToken proofToken;
/// <summary>
/// Constructor
/// </summary>
/// <param name="assertion">The SAML assertion that the SamlSecurityTokenProvider will return as a SecurityToken</param>
/// <param name="proofToken">The proof token associated with the SAML assertion</param>
public SamlSecurityTokenProvider(SamlAssertion assertion, SecurityToken proofToken )
{
this.assertion = assertion;
this.proofToken = proofToken;
}
/// <summary>
/// Creates the security token
/// </summary>
/// <param name="timeout">Maximum amount of time the method is supposed to take. Ignored in this implementation.</param>
/// <returns>A SecurityToken corresponding the SAML assertion and proof key specified at construction time</returns>
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
// Create a SamlSecurityToken from the provided assertion
SamlSecurityToken samlToken = new SamlSecurityToken(assertion);
// Create a SecurityTokenSerializer that will be used to serialize the SamlSecurityToken
WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer();
// Create a memory stream to write the serialized token into
// Use an initial size of 64Kb
MemoryStream s = new MemoryStream(UInt16.MaxValue);
// Create an XmlWriter over the stream
XmlWriter xw = XmlWriter.Create(s);
// Write the SamlSecurityToken into the stream
ser.WriteToken(xw, samlToken);
// Seek back to the beginning of the stream
s.Seek(0, SeekOrigin.Begin);
// Load the serialized token into a DOM
XmlDocument dom = new XmlDocument();
dom.Load(s);
// Create a KeyIdentifierClause for the SamlSecurityToken
SamlAssertionKeyIdentifierClause samlKeyIdentifierClause = samlToken.CreateKeyIdentifierClause<SamlAssertionKeyIdentifierClause>();
// Return a GenericXmlToken from the XML for the SamlSecurityToken, the proof token, the valid from
// and valid until times from the assertion and the key identifier clause created above
return new GenericXmlSecurityToken(dom.DocumentElement, proofToken, assertion.Conditions.NotBefore, assertion.Conditions.NotOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, null);
}
}
}
Imports System.IdentityModel.Selectors
Imports System.IdentityModel.Tokens
Imports System.IO
Imports System.ServiceModel.Security
Imports System.Xml
'/ <summary>
'/ class that derives from SecurityTokenProvider and returns a SecurityToken representing a SAML assertion
'/ </summary>
Public Class SamlSecurityTokenProvider
Inherits SecurityTokenProvider
'/ <summary>
'/ The SAML assertion that the SamlSecurityTokenProvider will return as a SecurityToken
'/ </summary>
Private assertion As SamlAssertion
'/ <summary>
'/ The proof token associated with the SAML assertion
'/ </summary>
Private proofToken As SecurityToken
'/ <summary>
'/ Constructor
'/ </summary>
'/ <param name="assertion">The SAML assertion that the SamlSecurityTokenProvider will return as a SecurityToken</param>
'/ <param name="proofToken">The proof token associated with the SAML assertion</param>
Public Sub New(ByVal assertion As SamlAssertion, ByVal proofToken As SecurityToken)
Me.assertion = assertion
Me.proofToken = proofToken
End Sub
'/ <summary>
'/ Creates the security token
'/ </summary>
'/ <param name="timeout">Maximum amount of time the method is supposed to take. Ignored in this implementation.</param>
'/ <returns>A SecurityToken corresponding the SAML assertion and proof key specified at construction time</returns>
Protected Overrides Function GetTokenCore(ByVal timeout As TimeSpan) As SecurityToken
' Create a SamlSecurityToken from the provided assertion
Dim samlToken As New SamlSecurityToken(assertion)
' Create a SecurityTokenSerializer that will be used to serialize the SamlSecurityToken
Dim ser As New WSSecurityTokenSerializer()
' Create a memory stream to write the serialized token into
' Use an initial size of 64Kb
Dim s As New MemoryStream(UInt16.MaxValue)
' Create an XmlWriter over the stream
Dim xw As XmlWriter = XmlWriter.Create(s)
' Write the SamlSecurityToken into the stream
ser.WriteToken(xw, samlToken)
' Seek back to the beginning of the stream
s.Seek(0, SeekOrigin.Begin)
' Load the serialized token into a DOM
Dim dom As New XmlDocument()
dom.Load(s)
' Create a KeyIdentifierClause for the SamlSecurityToken
Dim samlKeyIdentifierClause As SamlAssertionKeyIdentifierClause = samlToken.CreateKeyIdentifierClause(Of SamlAssertionKeyIdentifierClause)()
' Return a GenericXmlToken from the XML for the SamlSecurityToken, the proof token, the valid from
' and valid until times from the assertion and the key identifier clause created above
Return New GenericXmlSecurityToken(dom.DocumentElement, proofToken, assertion.Conditions.NotBefore, assertion.Conditions.NotOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, Nothing)
End Function 'GetTokenCore
End Class
Remarks
Use the SecurityTokenProvider class when custom security tokens are required. The role of a security token provider is to get a security token when a SOAP message is sent by a client and a security token is used to authenticate the client or to protect the SOAP message. Specifically, the GetToken method is called to get a security token. The security token provider can also be called to cancel and renew a security using the CancelToken and RenewToken methods.
Classes that derive from the SecurityTokenManager class implement the CreateSecurityTokenProvider method to determine which security token provider is required for a given security token.
The ClientCredentialsSecurityTokenManager and ServiceCredentialsSecurityTokenManager classes provide the default implementations for built-in security token types. For custom security token scenarios, you must derive a class from one of the SecurityTokenManager, ClientCredentialsSecurityTokenManager, or ServiceCredentialsSecurityTokenManager classes and provide the functionality to create the security token provider, security token authenticator, and security token serializer for the custom security token. For more information about creating a custom token, see How to: Create a Custom Token.
Constructors
SecurityTokenProvider() |
Initializes a new instance of the SecurityTokenProvider class. |
Properties
SupportsTokenCancellation |
Gets a value that indicates whether the security token can be cancelled. |
SupportsTokenRenewal |
Gets a value that indicates whether the security token is renewable. |
Methods
BeginCancelToken(TimeSpan, SecurityToken, AsyncCallback, Object) |
Begins an asynchronous operation to cancel a security token. |
BeginCancelTokenCore(TimeSpan, SecurityToken, AsyncCallback, Object) |
Begins an asynchronous operation to cancel a security token. |
BeginGetToken(TimeSpan, AsyncCallback, Object) |
Begins an asynchronous operation to get a security token. |
BeginGetTokenCore(TimeSpan, AsyncCallback, Object) |
Begins an asynchronous operation to get a security token. |
BeginRenewToken(TimeSpan, SecurityToken, AsyncCallback, Object) |
Begins an asynchronous operation that renews a security token. |
BeginRenewTokenCore(TimeSpan, SecurityToken, AsyncCallback, Object) |
Begins an asynchronous operation that renews a security token. |
CancelToken(TimeSpan, SecurityToken) |
Cancels a security token. |
CancelTokenAsync(TimeSpan, SecurityToken) |
Cancels a security token. |
CancelTokenCore(TimeSpan, SecurityToken) |
Cancels a security token. |
CancelTokenCoreAsync(TimeSpan, SecurityToken) |
Cancels a security token. |
EndCancelToken(IAsyncResult) |
Completes an asynchronous operation to cancel a security token. |
EndCancelTokenCore(IAsyncResult) |
Completes an asynchronous operation to cancel a security token. |
EndGetToken(IAsyncResult) |
Completes an asynchronous operation to get a security token. |
EndGetTokenCore(IAsyncResult) |
Completes an asynchronous operation to get a security token. |
EndRenewToken(IAsyncResult) |
Completes an asynchronous operation to renew a security token. |
EndRenewTokenCore(IAsyncResult) |
Completes an asynchronous operation to renew the security token. |
Equals(Object) |
Determines whether the specified object is equal to the current object. (Inherited from Object) |
GetHashCode() |
Serves as the default hash function. (Inherited from Object) |
GetToken(TimeSpan) |
Gets a security token. |
GetTokenAsync(TimeSpan) |
Gets a security token. |
GetTokenCore(TimeSpan) |
Gets a security token. |
GetTokenCoreAsync(TimeSpan) |
Gets a security token. |
GetType() |
Gets the Type of the current instance. (Inherited from Object) |
MemberwiseClone() |
Creates a shallow copy of the current Object. (Inherited from Object) |
RenewToken(TimeSpan, SecurityToken) |
Renews a security token. |
RenewTokenAsync(TimeSpan, SecurityToken) |
Renews a security token. |
RenewTokenCore(TimeSpan, SecurityToken) |
Renews a security token. |
RenewTokenCoreAsync(TimeSpan, SecurityToken) |
Renews a security token. |
ToString() |
Returns a string that represents the current object. (Inherited from Object) |