Edit

Share via


SessionSecurityTokenHandler.ReadToken Method

Definition

Overloads

ReadToken(XmlReader)

Reads the SessionSecurityToken using the specified XML reader.

ReadToken(Byte[], SecurityTokenResolver)

Reads the SessionSecurityToken from a stream of bytes by using the specified token resolver.

ReadToken(XmlReader, SecurityTokenResolver)

Reads the SessionSecurityToken using the specified XML reader and token resolver.

Remarks

Important

Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Validate All Inputs.

The default implementation deserializes the token from either a WS-Secure Conversation Feb2005 or WS-Secure Conversation 1.3 <wsc:SecurityContextToken> element.

ReadToken(XmlReader)

Reads the SessionSecurityToken using the specified XML reader.

public:
 override System::IdentityModel::Tokens::SecurityToken ^ ReadToken(System::Xml::XmlReader ^ reader);
public override System.IdentityModel.Tokens.SecurityToken ReadToken (System.Xml.XmlReader reader);
override this.ReadToken : System.Xml.XmlReader -> System.IdentityModel.Tokens.SecurityToken
Public Overrides Function ReadToken (reader As XmlReader) As SecurityToken

Parameters

reader
XmlReader

The XmlReader over the incoming SecurityToken.

Returns

The session security token that was read, an instance of SessionSecurityToken.

Exceptions

reader is null.

The reader is not positioned at a SessionSecurityToken or the SessionSecurityToken cannot be read.

Remarks

Important

Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Validate All Inputs.

The reader must be positioned at either a WS-Secure Conversation Feb2005 or a WS-Secure Conversation 1.3 <wsc:SecurityContextToken> element.

The default implementation invokes the SessionSecurityTokenHandler.ReadToken(XmlReader, SecurityTokenResolver) method using a default token resolver.

Applies to

ReadToken(Byte[], SecurityTokenResolver)

Reads the SessionSecurityToken from a stream of bytes by using the specified token resolver.

public:
 virtual System::IdentityModel::Tokens::SecurityToken ^ ReadToken(cli::array <System::Byte> ^ token, System::IdentityModel::Selectors::SecurityTokenResolver ^ tokenResolver);
public virtual System.IdentityModel.Tokens.SecurityToken ReadToken (byte[] token, System.IdentityModel.Selectors.SecurityTokenResolver tokenResolver);
override this.ReadToken : byte[] * System.IdentityModel.Selectors.SecurityTokenResolver -> System.IdentityModel.Tokens.SecurityToken
Public Overridable Function ReadToken (token As Byte(), tokenResolver As SecurityTokenResolver) As SecurityToken

Parameters

token
Byte[]

The stream of bytes that contains the token.

tokenResolver
SecurityTokenResolver

The token resolver to use.

Returns

The SessionSecurityToken that was read.

Remarks

Important

Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Validate All Inputs.

The default implementation creates an XmlDictionaryReader over the token and invokes the SessionSecurityTokenHandler.ReadToken(XmlReader, SecurityTokenResolver) method.

Applies to

ReadToken(XmlReader, SecurityTokenResolver)

Reads the SessionSecurityToken using the specified XML reader and token resolver.

public:
 override System::IdentityModel::Tokens::SecurityToken ^ ReadToken(System::Xml::XmlReader ^ reader, System::IdentityModel::Selectors::SecurityTokenResolver ^ tokenResolver);
public override System.IdentityModel.Tokens.SecurityToken ReadToken (System.Xml.XmlReader reader, System.IdentityModel.Selectors.SecurityTokenResolver tokenResolver);
override this.ReadToken : System.Xml.XmlReader * System.IdentityModel.Selectors.SecurityTokenResolver -> System.IdentityModel.Tokens.SecurityToken
Public Overrides Function ReadToken (reader As XmlReader, tokenResolver As SecurityTokenResolver) As SecurityToken

Parameters

reader
XmlReader

The XmlReader over the incoming SecurityToken.

tokenResolver
SecurityTokenResolver

A SecurityTokenResolver that can used to resolve the SessionSecurityToken.

Returns

The session security token that was read, an instance of SessionSecurityToken.

Exceptions

reader is null.

-or-

tokenResolver is null.

The reader is not positioned at a SessionSecurityToken or the SessionSecurityToken cannot be read.

Remarks

Important

Calling this method with untrusted data is a security risk. Call this method only with trusted data. For more information, see Validate All Inputs.

The reader must be positioned at either a WS-Secure Conversation Feb2005 or a WS-Secure Conversation 1.3 <wsc:SecurityContextToken> element.

If the token material is cached, it is read from the token cache, which is an instance of the SessionSecurityTokenCache class. Otherwise, the token material is read from the child element of the <wsc:SecurityContextToken> element that is specified by the CookieElementName and CookieNamespace properties and the ApplyTransforms method is invoked to decode the cookie.

For more information about how session tokens are serialized into a <SecurityContextToken element, see the SessionSecurityTokenHandler.WriteToken(XmlWriter, SecurityToken) method.

Applies to