ValidatingIssuerNameRegistry.IsThumbprintValid Method

Can be called as part of a security token validating sequence where it is necessary to validate that the signer of a security token and the issuer of a security token are as expected.

Namespace:  System.IdentityModel.Tokens
Assembly:  System.IdentityModel.Tokens.ValidatingIssuerNameRegistry (in System.IdentityModel.Tokens.ValidatingIssuerNameRegistry.dll)


Protected Overridable Function IsThumbprintValid ( _
    thumbprint As String, _
    issuer As String _
) As Boolean
protected virtual bool IsThumbprintValid(
    string thumbprint,
    string issuer
virtual bool IsThumbprintValid(
    String^ thumbprint, 
    String^ issuer
abstract IsThumbprintValid : 
        thumbprint:string * 
        issuer:string -> bool  
override IsThumbprintValid : 
        thumbprint:string * 
        issuer:string -> bool
protected function IsThumbprintValid(
    thumbprint : String, 
    issuer : String
) : boolean


  • thumbprint
    Type: System.String

    string represententing the thumbprint. Normally this is case insensitive.

Return Value

Type: System.Boolean
true if the pair is valid, false otherwise


Any IssuingAuthority in [IssuingAuthorities] that contains both the thumbprint in [Thumbprints] and issuer in [Issuers] will be considered a valid pair.

This method returns when the first valid pair is found.

If you choose to override this method please be aware of the need to use the appropriate case when comparing keys. X509Thumbprints are case insensitive. Comparing keys using as case sensitive could lead to security issues.

.NET Framework Security

See Also


ValidatingIssuerNameRegistry Class

System.IdentityModel.Tokens Namespace