Microsoft.IdentityModel.Tokens Namespace
[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]
Classes
| Class | Description |
|---|---|
| AggregateTokenResolver | This class defines a TokenResolver that can wrap multiple Token Resolvers and resolve tokens across all the wrapped token resolvers. |
| AsymmetricProofDescriptor | This class can be used for issuing the asymmetric key based token. |
| AudienceRestriction | Defines settings for a AudienceRestriction verification. |
| AudienceUriValidationFailedException | Throw this exception a received Security token failed Audience Uri validation. |
| AuthenticationContext | This class is used to specify the context of an authentication event. |
| AuthorizationPolicy | Defines an AuthorizationPolicy that carries the IDFx Claims. When IDFx is enabled a new set of Security Token Authenticators are added to the system. These Authenticators will generate the new Claims defined in Microsoft.IdentityModel.Claims. |
| ConfigurationBasedIssuerNameRegistry | Implements a name service that resolves issuer tokens to strings. |
| ConfigureServiceHostServiceBehavior | Provides custom service behavior to the service. It invokes the ConfigureServiceHost(ServiceHostBase) method to configure the service host. |
| DefaultTokenReplayCache | A default implementation of the Token replay cache that is backed by a bounded cache. |
| EncryptedSecurityToken | A pseudo-token which handles encryption for a token which does not natively support it. |
| EncryptedSecurityTokenHandler | Token handler for an encrypted SecurityToken type. |
| EncryptedTokenDecryptionFailedException | The exception that is thrown when an error occurs while processing an encrypted security token |
| EndpointAuthorizationPolicy | Implementation of IAuthorizationPolicy that contains endpoint specific AuthorizationPolicy. |
| FailedAuthenticationException | Throw this exception when the security token could not be authenticated or authorized. |
| FailedAuthenticationFaultException | This class represents the FailedAuthentication fault defined by WS-Security. |
| FailedCheckException | Throw this exception when the signature or decryption was not valid. |
| FailedCheckFaultException | This class represents the FailedCheck fault defined by WS-Security. |
| FederatedSecurityTokenManager | SecurityTokenManager that enables plugging custom tokens easily. The SecurityTokenManager provides methods to register custom token providers, serializers and authenticators. It can wrap another Token Managers and delegate token operation calls to it if required. |
| FederatedServiceCredentials | Helper class that provides mechanism to plug the FederatedSecurityTokenManager to any WCF ServiceHost application. Create an instance of this class and add this as the ServiceCredentials to your ServiceHost. |
| IdentityModelServiceAuthorizationManager | Custom ServiceAuthorizationManager implementation. This class substitues the WCF generated IAuthorizationPolicies with AuthorizationPolicy. These policies do not participate in the EvaluationContext and hence will render an empty WCF AuthorizationConext. Once this AuthorizationManager is substitued to a ServiceHost, only IClaimsPrincipal will be available for Authorization decisions. |
| InvalidSecurityException | Throw this exception when an error was discovered processing the <wsse:Security> header. |
| InvalidSecurityFaultException | This class represents the InvalidSecurity fault defined by WS-Security. |
| InvalidSecurityTokenException | Throw this exception when an invalid security token was provided. |
| InvalidSecurityTokenFaultException | This class represents the InvalidSecurityToken fault defined by WS-Security. |
| IssuerNameRegistry | The abstract base class that represents a name service that returns the issuer name of a specified token. |
| IssuerTokenResolver | Resolves issuer tokens received from service partners. |
| KerberosSecurityTokenHandler | SecurityTokenHandler for KerberosReceiverSecurityToken. |
| MembershipUserNameSecurityTokenHandler | UserNameSecurityTokenHandler that validates the UsernameSecurityToken using a given MembershipProvider. |
| MessageExpiredException | Throw this exception when the message has expired. |
| MessageExpiredFaultException | This class represents the MessageExpired fault defined by WS-Security. |
| ProofDescriptor | Base class for SymmetricProofDescriptor and AsymmetricProofDescriptor |
| RsaSecurityTokenHandler | SecurityTokenHandler for RsaSecurityTokens. |
| SamlSecurityTokenRequirement | Extends SecurityTokenRequirement by adding new properties which are useful for issued tokens. |
| SecurityKeyElement | Provides delayed resolution of security keys by resolving the SecurityKeyIdentifierClause or SecurityKeyIdentifier only when cryptographic functions are needed. This allows a key clause or identifier that is never used by an application to be serialized and deserialzied on and off the wire without issue. |
| SecurityKeyIdentifierClauseSerializer | Abstract class for SecurityKeyIdentifierClause Serializer. |
| SecurityTokenCache | Defines a simple abstract interface to a cache of security tokens. |
| SecurityTokenCacheKey | When caching an SCT there are two indexes required. One is the ContextId that is unique across all SCT and the next is KeyGeneration which is unique within an SCT. When an SCT is issued it has only a ContextId. When the SCT is renewed the KeyGeneration is added as an second index to the SCT. Now the renewed SCT is uniquely identifiable via the ContextId and KeyGeneration. The class SecurityTokenCacheKey is used as the index to the SCT cache. This index will always have a valid ContextId specified but the KeyGeneration may be null. There is also an optional EndpointId which gives the endpoint to which the token is scoped. |
| SecurityTokenDescriptor | This is a place holder for all the attributes related to the issued token |
| SecurityTokenElement | This class represents a number elements found in a RequestSecurityToken which represent security tokens. |
| SecurityTokenExpiredException | Throw this exception when a received Security Token has expiration time in the past. |
| SecurityTokenHandler | Defines the interface for a Custom Security Token Handler. |
| SecurityTokenHandlerCollection | Defines a collection of SecurityTokenHandlers. |
| SecurityTokenHandlerCollectionManager | A class which manages multiple named SecurityTokenHandlerCollection. |
| Usage | Defines standard collection names used by the framework. |
| SecurityTokenHandlerConfiguration | Configuration common to all SecurityTokenHandlers. |
| SecurityTokenNotYetValidException | Throw this exception when a received Security token has an effective time in the future. |
| SecurityTokenReplayDetectedException | Throw this exception when a received Security Token has been replayed. |
| SecurityTokenSerializerAdapter | This class derives from System.ServiceModel.Security.WSSecurityTokenSerializer and wraps a collection of SecurityTokenHandlers. Any call to this serilaizer is delegated to the token handler and delegated to the base class if no token handler is registered to handle this particular token or KeyIdentifier. |
| SecurityTokenTypes | Defines the Security Token Type URI constants. |
| SecurityTokenUnavailableException | Throw this exception when reference security token could not be retrieved. |
| SecurityTokenUnavailableFaultException | This class represents the SecurityTokenUnavailable fault defined by WS-Security. |
| SessionSecurityToken | Defines a SessionSecurityToken that contains data associated with a session. |
| SessionSecurityTokenCookieSerializer | Implements serialization and deserialization of a given SessionSecurityToken into a self-contained cookie. |
| SessionSecurityTokenHandler | A SecurityTokenHandler that processes SessionSecurityToken. |
| SymmetricProofDescriptor | This class can be used for issuing the symmetric key based token |
| TokenReplayCache | This class defines the API for a cache that stores tokens for and purges them on a schedule time interval. |
| UnsupportedAlgorithmException | Throw this exception when an unsupported signature or encryption algorithm was used. |
| UnsupportedAlgorithmFaultException | This class represents the UnsupportedAlgorithm fault defined by WS-Security. |
| UnsupportedSecurityTokenException | Throw this exception when an unsupported token was provided. |
| UnsupportedSecurityTokenFaultException | This class represents the UnsupportedSecurityToken fault defined by WS-Security. |
| UserNameSecurityTokenHandler | Defines a SecurityTokenHandler for Username Password Tokens. |
| WindowsUserNameSecurityTokenHandler | The token handler will validated the Windows Username token. |
| X509CertificateStoreTokenResolver | Token Resolver that can resolve X509SecurityTokens against a given X.509 Certificate Store. |
| X509DataSecurityKeyIdentifierClauseSerializer | Implementation of SecurityKeyIdentifierClauseSerializer that handles X.509 Certificate reference types. |
| X509NTAuthChainTrustValidator | X509CeritificateValidator that will validate a given certificate, and verify if the certificate can be mapped to a Windows account and if the certificate chain is trusted. |
| X509SecurityTokenHandler | SecurityTokenHandler for X509SecurityToken. By default, the handler will do chain-trust validation of the Certificate. |
Delegates
| Delegate | Description |
|---|---|
| OutboundClaimsFilter | Actor that returns true if a claim should be filtered. |
Copyright © 2008 by Microsoft Corporation. All rights reserved.