TokenValidationParameters Class

Definition

Contains a set of parameters that are used by a SecurityTokenHandler when validating a SecurityToken.

public class TokenValidationParameters
type TokenValidationParameters = class
Public Class TokenValidationParameters
Inheritance
TokenValidationParameters

Constructors

TokenValidationParameters()

Initializes a new instance of the TokenValidationParameters class.

TokenValidationParameters(TokenValidationParameters)

Copy constructor for TokenValidationParameters.

Fields

DefaultAuthenticationType

This is the fallback authenticationtype that a ISecurityTokenValidator will use if nothing is set.

DefaultClockSkew

Default for the clock skew.

DefaultMaximumTokenSizeInBytes

Default for the maximm token size.

Properties

ActorValidationParameters

Gets or sets TokenValidationParameters.

AudienceValidator

Gets or sets a delegate that will be used to validate the audience.

AuthenticationType

Gets or sets the AuthenticationType when creating a ClaimsIdentity.

ClockSkew

Gets or sets the clock skew to apply when validating a time.

CryptoProviderFactory

Users can override the default CryptoProviderFactory with this property. This factory will be used for creating signature providers.

IssuerSigningKey

Gets or sets the SecurityKey that is to be used for signature validation.

IssuerSigningKeyResolver

Gets or sets a delegate that will be called to retrieve a SecurityKey used for signature validation.

IssuerSigningKeys

Gets or sets an IEnumerable<T> used for signature validation.

IssuerSigningKeyValidator

Gets or sets a delegate for validating the SecurityKey that signed the token.

IssuerValidator

Gets or sets a delegate that will be used to validate the issuer of the token.

LifetimeValidator

Gets or sets a delegate that will be used to validate the lifetime of the token

NameClaimType

Gets or sets a String that defines the NameClaimType.

NameClaimTypeRetriever

Gets or sets a delegate that will be called to obtain the NameClaimType to use when creating a ClaimsIdentity after validating a token.

PropertyBag

Gets or sets the IDictionary<TKey,TValue> that contains a collection of custom key/value pairs. This allows addition of parameters that could be used in custom token validation scenarios.

RequireAudience

Gets or sets a value indicating whether SAML tokens must have at least one AudienceRestriction.

RequireExpirationTime

Gets or sets a value indicating whether tokens must have an 'expiration' value.

RequireSignedTokens

Gets or sets a value indicating whether a SecurityToken can be considered valid if not signed.

RoleClaimType

Gets or sets the String that defines the RoleClaimType.

RoleClaimTypeRetriever

Gets or sets a delegate that will be called to obtain the RoleClaimType to use when creating a ClaimsIdentity after validating a token.

SaveSigninToken

Gets or sets a boolean to control if the original token should be saved after the security token is validated.

SignatureValidator

Gets or sets a delegate that will be used to validate the signature of the token.

TokenDecryptionKey

Gets or sets the SecurityKey that is to be used for decryption.

TokenDecryptionKeyResolver

Gets or sets a delegate that will be called to retreive a SecurityKey used for decryption.

TokenDecryptionKeys

Gets or sets the IEnumerable<T> that is to be used for decrypting inbound tokens.

TokenReader

Gets or sets a delegate that will be used to read the token.

TokenReplayCache

Gets or set the ITokenReplayCache that store tokens that can be checked to help detect token replay.

TokenReplayValidator

Gets or sets a delegate that will be used to validate the token replay of the token

ValidateActor

Gets or sets a value indicating if an actor token is detected, whether it should be validated.

ValidateAudience

Gets or sets a boolean to control if the audience will be validated during token validation.

ValidateIssuer

Gets or sets a boolean to control if the issuer will be validated during token validation.

ValidateIssuerSigningKey

Gets or sets a boolean that controls if validation of the SecurityKey that signed the securityToken is called.

ValidateLifetime

Gets or sets a boolean to control if the lifetime will be validated during token validation.

ValidateTokenReplay

Gets or sets a boolean to control if the token replay will be validated during token validation.

ValidAudience

Gets or sets a string that represents a valid audience that will be used to check against the token's audience.

ValidAudiences

Gets or sets the IEnumerable<T> that contains valid audiences that will be used to check against the token's audience.

ValidIssuer

Gets or sets a String that represents a valid issuer that will be used to check against the token's issuer.

ValidIssuers

Gets or sets the IEnumerable<T> that contains valid issuers that will be used to check against the token's issuer.

ValidTypes

Gets or sets the IEnumerable<T> that contains valid types that will be used to check against the JWT header's 'typ' claim. If this property is not set, the 'typ' header claim will not be validated and all types will be accepted. In the case of a JWE, this property will ONLY apply to the inner token header.

Methods

Clone()

Returns a new instance of TokenValidationParameters with values copied from this object.

CreateClaimsIdentity(SecurityToken, String)

Creates a ClaimsIdentity using:

AuthenticationType

'NameClaimType': If NameClaimTypeRetriever is set, call delegate, else call NameClaimType. If the result is a null or empty string, use DefaultNameClaimType

.

'RoleClaimType': If RoleClaimTypeRetriever is set, call delegate, else call RoleClaimType. If the result is a null or empty string, use DefaultRoleClaimType

.

Applies to