SessionSecurityTokenHandler.ValidateToken Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Validates a token and returns its claims.
Overloads
| ValidateToken(SecurityToken) |
Validates the specified token and returns its claims. |
| ValidateToken(SessionSecurityToken, String) |
Validates the specified session token and returns its claims. |
ValidateToken(SecurityToken)
Validates the specified token and returns its claims.
public:
override System::Collections::ObjectModel::ReadOnlyCollection<System::Security::Claims::ClaimsIdentity ^> ^ ValidateToken(System::IdentityModel::Tokens::SecurityToken ^ token);public override System.Collections.ObjectModel.ReadOnlyCollection<System.Security.Claims.ClaimsIdentity> ValidateToken (System.IdentityModel.Tokens.SecurityToken token);override this.ValidateToken : System.IdentityModel.Tokens.SecurityToken -> System.Collections.ObjectModel.ReadOnlyCollection<System.Security.Claims.ClaimsIdentity>Public Overrides Function ValidateToken (token As SecurityToken) As ReadOnlyCollection(Of ClaimsIdentity)Parameters
- token
- SecurityToken
The token to be validated. Must be assignable from SessionSecurityToken.
Returns
The identities that are contained in the token.
Exceptions
token
null.
token is not assignable from SessionSecurityToken.
Remarks
Invokes the ValidateSession method to validate the token.
See also
Applies to
ValidateToken(SessionSecurityToken, String)
Validates the specified session token and returns its claims.
public:
virtual System::Collections::ObjectModel::ReadOnlyCollection<System::Security::Claims::ClaimsIdentity ^> ^ ValidateToken(System::IdentityModel::Tokens::SessionSecurityToken ^ token, System::String ^ endpointId);public virtual System.Collections.ObjectModel.ReadOnlyCollection<System.Security.Claims.ClaimsIdentity> ValidateToken (System.IdentityModel.Tokens.SessionSecurityToken token, string endpointId);override this.ValidateToken : System.IdentityModel.Tokens.SessionSecurityToken * string -> System.Collections.ObjectModel.ReadOnlyCollection<System.Security.Claims.ClaimsIdentity>Public Overridable Function ValidateToken (token As SessionSecurityToken, endpointId As String) As ReadOnlyCollection(Of ClaimsIdentity)Parameters
- token
- SessionSecurityToken
The token to be validated. Must be assignable from SessionSecurityToken.
- endpointId
- String
The identifier of the endpoint to which the token is scoped.
Returns
The identities that are contained in the token.
Exceptions
token is not assignable from SessionSecurityToken.
The EndpointId property of the specified token is not null or empty and its value is different than that specified by the endpointId parameter.
Remarks
Performs a check to make sure that the specified token is scoped for the specified endpoint ID and, if so, invokes the SessionSecurityTokenHandler.ValidateToken(SecurityToken) method; otherwise, throws a SecurityTokenException.
Important
Session tokens that have an EndpointId property that is null or empty are considered to be globally scoped. This presents a potential security risk. For this reason you should make sure that the EndpointId property is set in your session tokens.
