System.IdentityModel.Tokens Namespace

The System.IdentityModel.Tokens namespace contains classes that represent security tokens, security token handlers, key identifier clauses and other artifacts used in token generation and processing. The namespace contains base classes such as SecurityToken, SecurityTokenHandler, and SecurityKeyIdentifierClause, as well as classes that derive from these classes and represent several of the token types, artifacts, and handlers for which the Windows Identity Foundation (WIF) has built in support. This includes classes that contain support for SAML v1.1 and v2.0 tokens, such as: SamlSecurityToken, SamlSecurityTokenHandler, Saml2SecurityToken, and Saml2SecurityTokenHandler.

Classes

AggregateTokenResolver

Represents a security token resolver that can wrap multiple token resolvers and resolve tokens across all of the wrapped resolvers.

AsymmetricProofDescriptor

This class can be used for issuing the asymmetric key based token.

AsymmetricSecurityKey

Base class for asymmetric keys.

AudienceRestriction

Defines settings for an AudienceRestriction verification.

AudienceUriValidationFailedException

The exception that is thrown when an incoming security token fails Audience URI validation.

AuthenticationContext

This class is used to specify the context of an authentication event.

AuthenticationMethods

Defines constants for supported well-known authentication methods. Defines constants for SAML authentication methods.

BinaryKeyIdentifierClause

Represents a base class for key identifier clauses that are based upon binary data.

BootstrapContext

Contains a serialized version of the original token that was used at sign-in time.

ComputedKeyAlgorithms

Used in the RST to indicate the desired algorithm with which to compute a key based on the combined entropies from both the token requestor and the token issuer.

ConfigurationBasedIssuerNameRegistry

Represents an issuer name registry that maintains a list of trusted issuers loaded from elements in the application configuration file that associate each issuer name to the X.509 certificate that is needed to verify the signature of tokens produced by the issuer.

EmptySecurityKeyIdentifierClause

Represents an empty key identifier clause. This class is used when an <EncryptedData> or a <Signature> element does not contain a <KeyInfo> element, which is used to describe the key required to decrypt the data or check the signature.

EncryptedKeyEncryptingCredentials

Represents the encrypted key encrypting credentials. These are usually used as data encrypting credentials to encrypt things like tokens.

EncryptedKeyIdentifierClause

Represents a key identifier clause that identifies an encrypted key.

EncryptedSecurityToken

A wrapping-token that handles encryption for a token that does not natively support it.

EncryptedSecurityTokenHandler

A token handler for encrypted security tokens. Handles tokens of type EncryptedSecurityToken.

EncryptedTokenDecryptionFailedException

The exception that is thrown when an error occurs while processing an encrypted security token.

EncryptingCredentials

Represents the cryptographic key and encrypting algorithm that are used to encrypt the proof key.

GenericXmlSecurityKeyIdentifierClause

Represents a key identifier clause that is based on XML.

GenericXmlSecurityToken

Represents a security token that is based upon XML.

InMemorySymmetricSecurityKey

Represents keys that are generated using symmetric algorithms and are only stored in the local computer's random access memory.

IssuerNameRegistry

The abstract base class for an issuer name registry. An issuer name registry is used to associate a mnemonic name to the cryptographic material that is needed to verify the signatures of tokens produced by the corresponding issuer. The issuer name registry maintains a list of issuers that are trusted by a relying party (RP) application.

IssuerTokenResolver

Resolves issuer tokens received from service partners.

KerberosReceiverSecurityToken

Represents a security token that is based upon a Kerberos ticket that is received in a SOAP message.

KerberosRequestorSecurityToken

Represents a security token that is based upon a Kerberos ticket that is sent in an SOAP request.

KerberosSecurityTokenHandler

Represents a security token handler that processes Kerberos tokens. Handles tokens of type KerberosReceiverSecurityToken.

KerberosTicketHashKeyIdentifierClause

Represents a key identifier clause that identifies a KerberosRequestorSecurityToken or KerberosReceiverSecurityToken security token.

LocalIdKeyIdentifierClause

Represents a key identifier clause that identifies a security tokens specified in the security header of the SOAP message.

ProofDescriptor

The base class for the SymmetricProofDescriptor and AsymmetricProofDescriptor classes.

RsaKeyIdentifierClause

Represents a key identifier clause that identifies a RsaSecurityToken security token.

RsaSecurityKey

Represents a security key that is generated using the RSA algorithm. This class cannot be inherited.

RsaSecurityToken

Represents a security token that is based upon key that is created using the RSA algorithm.

RsaSecurityTokenHandler

Represents a SecurityTokenHandler that processes tokens of type RsaSecurityToken.

Saml2Action

Represents a <saml:Action> element defined by SAML 2.0.

Saml2Advice

Represents the Advice element specified in [Saml2Core, 2.6.1].

Saml2Assertion

Represents the Assertion element specified in [Saml2Core, 2.3.3].

Saml2AssertionKeyIdentifierClause

Represents a SecurityKeyIdentifierClause implementation for referencing SAML2-based security tokens.

Saml2Attribute

Represents the Attribute element specified in [Saml2Core, 2.7.3.1].

Saml2AttributeStatement

Represents the AttributeStatement element specified in [Saml2Core, 2.7.3].

Saml2AudienceRestriction

Represents the AudienceRestriction element specified in [Saml2Core, 2.5.1.4].

Saml2AuthenticationContext

Represents the AuthnContext element specified in [Saml2Core, 2.7.2.2].

Saml2AuthenticationStatement

Represents the AuthnStatement element specified in [Saml2Core, 2.7.2].

Saml2AuthorizationDecisionStatement

Represents the <saml:AuthzDecisionStatement> element defined by SAML 2.0.

Saml2Conditions

Represents the Conditions element specified in [Saml2Core, 2.5.1].

Saml2Evidence

Represents the Evidence element specified in [Saml2Core, 2.7.4.3].

Saml2Id

Represents the identifier used for SAML assertions.

Saml2NameIdentifier

Represents the NameID element as specified in [Saml2Core, 2.2.3] or the EncryptedID element as specified in [Saml2Core, 2.2.4].

Saml2ProxyRestriction

Represents the ProxyRestriction element specified in [Saml2Core, 2.5.1.6].

Saml2SecurityKeyIdentifierClause

This class is used when a Saml2Assertion is received without a <ds:KeyInfo> element inside the signature element. The KeyInfo describes the key required to check the signature. When the key is needed this clause will be presented to the current SecurityTokenResolver. It will contain the Saml2Assertion fully read which can be queried to determine the key required.

Saml2SecurityToken

Represents a security token that is based upon a SAML assertion.

Saml2SecurityTokenHandler

Represents a security token handler that creates security tokens from SAML 2.0 Assertions.

Saml2Statement

Represents the StatementAbstractType specified in [Saml2Core, 2.7.1].

Saml2Subject

Represents the Subject element specified in [Saml2Core, 2.4.1].

Saml2SubjectConfirmation

Represents the SubjectConfirmation element specified in [Saml2Core, 2.4.1.1].

Saml2SubjectConfirmationData

Represents the SubjectConfirmationData element and the associated KeyInfoConfirmationDataType defined in [Saml2Core, 2.4.1.2-2.4.1.3].

Saml2SubjectLocality

Represents the SubjectLocality element specified in [Saml2Core, 2.7.2.1].

SamlAction

Represents the <saml:Action> element within a SAML assertion that contains an action on a specified resource.

SamlAdvice

Represents the <saml:Advice> element within a SAML assertion that contains additional information provided by the SAML authority.

SamlAssertion

Represents a Security Assertion Markup Language 1.1 (SAML 1.1) assertion.

SamlAssertionKeyIdentifierClause

Represents a <KeyIndentifier> element that references a <saml:Assertion> element in a SOAP message.

SamlAttribute

Represents an attribute that is associated with the subject of a SamlAttributeStatement.

SamlAttributeStatement

Contains a set of attributes associated with a particular SamlSubject.

SamlAudienceRestrictionCondition

Specifies that a SAML assertion is addressed to a particular audience.

SamlAuthenticationClaimResource

Represents the resource type for a claim that is created from a SamlAuthenticationStatement.

SamlAuthenticationStatement

Represents a claim for a SamlSecurityToken security token that asserts that the subject was authenticated by a particular means at a particular time.

SamlAuthorityBinding

Specifies how to retrieve additional information about the subject of a SamlSecurityToken security token.

SamlAuthorizationDecisionClaimResource

Represents a claim for a SamlSecurityToken security token that asserts an authorization decision regarding access to a specific resource.

SamlAuthorizationDecisionStatement

Represents a claim for a SamlSecurityToken security token that asserts that an authorization decision regarding access by the subject to the specified resource has been made.

SamlCondition

Represents a condition that must be taken into account when assessing the validity of a SAML assertion.

SamlConditions

Represents a set of conditions that must be taken into account when assessing the validity of a SAML assertion.

SamlConstants

Represents a set of constants that are used to set properties of a SamlSecurityToken security token. This class cannot be inherited.

SamlDoNotCacheCondition

Represents a condition that must be taken into account when assessing the validity of a SAML assertion.

SamlEvidence

Represents the evidence used to render an authorization decision for a SamlSecurityToken security token.

SamlNameIdentifierClaimResource

Represents a claim for a SAML security token that asserts the subject's name.

SamlSecurityKeyIdentifierClause

This class is used when a SamlAssertion is received without a <ds:KeyInfo> element inside the signature element. The KeyInfo describes the key required to check the signature. When the key is needed this clause will be presented to the current SecurityTokenResolver. It will contain the SamlAssertion fully read which can be queried to determine the key required.

SamlSecurityToken

Represents a security token that is based upon a SAML assertion.

SamlSecurityTokenHandler

Represents a security token handler that creates security tokens from SAML 1.1 Assertions.

SamlSecurityTokenRequirement

Extends the SecurityTokenRequirement class by adding new properties that are useful for issued tokens.

SamlSerializer

Serializes and deserializes SamlSecurityToken objects into and from XML documents.

SamlStatement

Represents a claim for a SamlSecurityToken security token.

SamlSubject

Represents the subject of a SAML security token.

SamlSubjectStatement

Represents a claim for a SamlSecurityToken security token.

SecurityAlgorithms

Defines constants for the URIs that represent the cryptographic algorithms that are used to encrypt XML and compute digital signatures for SOAP messages.

SecurityKey

Base class for security keys.

SecurityKeyElement

Provides delayed resolution of security keys by resolving the SecurityKeyIdentifierClause or SecurityKeyIdentifier only when cryptographic functions are needed. This allows a key identifier clause or key identifier that is never used by an application to be serialized and deserialzied on and off the wire without issues.

SecurityKeyIdentifier

Represents a key identifier.

SecurityKeyIdentifierClause

Represents an abstract base class for a key identifier clause.

SecurityKeyIdentifierClauseSerializer

Abstract base class for a serializer that can serialize and deserialize key identifier clauses.

SecurityToken

Represents a base class used to implement all security tokens.

SecurityTokenDescriptor

This is a place holder for all the attributes related to the issued token

SecurityTokenElement

Represents a number elements found in a RequestSecurityToken which represent security tokens.

SecurityTokenException

The exception that is thrown when a problem occurs while processing a security token.

SecurityTokenExpiredException

The exception that is thrown when a security token that has an expiration time in the past is received.

SecurityTokenHandler

The abstract base class for security token handlers.

SecurityTokenHandlerCollection

Represents a collection of security token handlers.

SecurityTokenHandlerCollectionManager

A class that manages multiple, named security token handler collections.

SecurityTokenHandlerCollectionManager.Usage

Defines standard collection names used by the framework.

SecurityTokenHandlerConfiguration

Configuration common to all security token handlers.

SecurityTokenNotYetValidException

The exception that is thrown when a security token that has an effective time in the future is received.

SecurityTokenReplayDetectedException

The exception that is thrown when a security token that has been replayed is received.

SecurityTokenTypes

Contains a set of static properties that returns strings that represent security token types.

SecurityTokenValidationException

The exception that is thrown when a received security token is invalid.

SessionSecurityToken

Defines a security token that contains data associated with a session.

SessionSecurityTokenCache

Defines an abstract class for a cache of session security tokens.

SessionSecurityTokenCacheKey

Represents the key for an entry in a SessionSecurityTokenCache.

SessionSecurityTokenHandler

A SecurityTokenHandler that processes security tokens of type SessionSecurityToken.

SigningCredentials

Represents the cryptographic key and security algorithms that are used to generate a digital signature.

SymmetricProofDescriptor

This class can be used for issuing the symmetric key based token.

SymmetricSecurityKey

Represents the abstract base class for all keys that are generated using symmetric algorithms.

TokenReplayCache

The abstract base class that defines methods for a cache used to detect replayed tokens.

UserNameSecurityToken

Represents a security token that is based upon a user name and password.

UserNameSecurityTokenHandler

Defines an abstract base class for a SecurityTokenHandler that processes security tokens of type UserNameSecurityToken.

WindowsSecurityToken

Represents a security token that is based on the identity of a Windows domain or user account.

WindowsUserNameSecurityTokenHandler

Defines a SecurityTokenHandler that processes Windows Username tokens.

X509AsymmetricSecurityKey

Represents an asymmetric key for X.509 certificates.

X509CertificateStoreTokenResolver

Represents a token resolver that can resolve tokens of type X509SecurityToken against a specified X.509 certificate store.

X509DataSecurityKeyIdentifierClauseSerializer

Represents a SecurityKeyIdentifierClauseSerializer that can process X.509 certificate reference types.

X509EncryptingCredentials

Represents an X.509 token used as the encrypting credential. This class is usually used as key wrapping credentials.

X509IssuerSerialKeyIdentifierClause

Represents a key identifier clause that identifies a X509SecurityToken security tokens using the distinguished name of the certificate issuer and the X.509 certificate's serial number.

X509NTAuthChainTrustValidator

Represents an X.509 certificate validator that will validate a specified X.509 certificate and verify whether the certificate can be mapped to a Windows account and whether the certificate chain is trusted.

X509RawDataKeyIdentifierClause

Represents a key identifier clause that identifies a X509SecurityToken security token using the X.509 certificate's raw data.

X509SecurityToken

Represents a security token that is based upon an X.509 certificate.

X509SecurityTokenHandler

Represents a security token handler that processes tokens of type X509SecurityToken. By default, the handler will perform chain-trust validation of the X.509 certificate.

X509SigningCredentials

Represents an X.509 token used as the signing credential.

X509SubjectKeyIdentifierClause

Represents a key identifier clause that identifies a X509SecurityToken security token using the X.509 certificate's subject key identifier extension.

X509ThumbprintKeyIdentifierClause

Represents a key identifier clause that identifies a X509SecurityToken security tokens using the X.509 certificate's thumbprint.

X509WindowsSecurityToken

Represents a security token that is based upon an X.509 certificate and that the certificate is mapped to a Windows domain user or local computer user account.

Enums

SamlAccessDecision

Specifies whether the subject of a SamlSecurityToken security token is granted access to a given resource.

SecurityKeyType

Specifies the type of key that is associated with a security token.

SecurityKeyUsage

Specifies how a key that is associated with a security token can be used.