SecurityTokenProvider 类

定义

命名空间:

System.IdentityModel.Selectors

程序集:

System.ServiceModel.Primitives.dll

包:

System.ServiceModel.Primitives v6.2.0

Source:

SecurityTokenProvider.cs

表示为 SOAP 消息发送方处理安全令牌的安全令牌提供程序。

public ref class SecurityTokenProvider abstract

public abstract class SecurityTokenProvider

type SecurityTokenProvider = class

Public MustInherit Class SecurityTokenProvider

继承

Object

SecurityTokenProvider

派生

System.IdentityModel.Selectors.KerberosSecurityTokenProvider

System.IdentityModel.Selectors.UserNameSecurityTokenProvider

System.IdentityModel.Selectors.X509SecurityTokenProvider

System.ServiceModel.Federation.WSTrustChannelSecurityTokenProvider

System.ServiceModel.Security.SimpleSecurityTokenProvider

System.ServiceModel.Security.SspiSecurityTokenProvider

System.ServiceModel.Security.Tokens.IssuedSecurityTokenProvider

示例

using System;

using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;

using System.IO;

using System.ServiceModel.Security;

using System.Xml;

namespace Microsoft.ServiceModel.Samples
{
    /// <summary>
    /// class that derives from SecurityTokenProvider and returns a SecurityToken representing a SAML assertion
    /// </summary>
    public class SamlSecurityTokenProvider : SecurityTokenProvider
    {
        /// <summary>
        /// The SAML assertion that the SamlSecurityTokenProvider will return as a SecurityToken
        /// </summary>
        SamlAssertion assertion;

        /// <summary>
        /// The proof token associated with the SAML assertion
        /// </summary>
        SecurityToken proofToken;

        /// <summary>
        /// Constructor
        /// </summary>
        /// <param name="assertion">The SAML assertion that the SamlSecurityTokenProvider will return as a SecurityToken</param>
        /// <param name="proofToken">The proof token associated with the SAML assertion</param>
        public SamlSecurityTokenProvider(SamlAssertion assertion, SecurityToken proofToken )
        {
            this.assertion = assertion;
            this.proofToken = proofToken;
        }

        /// <summary>
        /// Creates the security token
        /// </summary>
        /// <param name="timeout">Maximum amount of time the method is supposed to take. Ignored in this implementation.</param>
        /// <returns>A SecurityToken corresponding the SAML assertion and proof key specified at construction time</returns>
        protected override SecurityToken GetTokenCore(TimeSpan timeout)
        {
            // Create a SamlSecurityToken from the provided assertion
            SamlSecurityToken samlToken = new SamlSecurityToken(assertion);

            // Create a SecurityTokenSerializer that will be used to serialize the SamlSecurityToken
            WSSecurityTokenSerializer ser = new WSSecurityTokenSerializer();

            // Create a memory stream to write the serialized token into
            // Use an initial size of 64Kb
            MemoryStream s = new MemoryStream(UInt16.MaxValue);

            // Create an XmlWriter over the stream
            XmlWriter xw = XmlWriter.Create(s);

            // Write the SamlSecurityToken into the stream
            ser.WriteToken(xw, samlToken);

            // Seek back to the beginning of the stream
            s.Seek(0, SeekOrigin.Begin);

            // Load the serialized token into a DOM
            XmlDocument dom = new XmlDocument();
            dom.Load(s);

            // Create a KeyIdentifierClause for the SamlSecurityToken
            SamlAssertionKeyIdentifierClause samlKeyIdentifierClause = samlToken.CreateKeyIdentifierClause<SamlAssertionKeyIdentifierClause>();

            // Return a GenericXmlToken from the XML for the SamlSecurityToken, the proof token, the valid from
            // and valid until times from the assertion and the key identifier clause created above
            return new GenericXmlSecurityToken(dom.DocumentElement, proofToken, assertion.Conditions.NotBefore, assertion.Conditions.NotOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, null);
        }
    }
}

Imports System.IdentityModel.Selectors
Imports System.IdentityModel.Tokens

Imports System.IO

Imports System.ServiceModel.Security

Imports System.Xml


'/ <summary>
'/ class that derives from SecurityTokenProvider and returns a SecurityToken representing a SAML assertion
'/ </summary>

Public Class SamlSecurityTokenProvider
    Inherits SecurityTokenProvider
    '/ <summary>
    '/ The SAML assertion that the SamlSecurityTokenProvider will return as a SecurityToken
    '/ </summary>
    Private assertion As SamlAssertion

    '/ <summary>
    '/ The proof token associated with the SAML assertion
    '/ </summary>
    Private proofToken As SecurityToken


    '/ <summary>
    '/ Constructor
    '/ </summary>
    '/ <param name="assertion">The SAML assertion that the SamlSecurityTokenProvider will return as a SecurityToken</param>
    '/ <param name="proofToken">The proof token associated with the SAML assertion</param>
    Public Sub New(ByVal assertion As SamlAssertion, ByVal proofToken As SecurityToken)
        Me.assertion = assertion
        Me.proofToken = proofToken

    End Sub


    '/ <summary>
    '/ Creates the security token
    '/ </summary>
    '/ <param name="timeout">Maximum amount of time the method is supposed to take. Ignored in this implementation.</param>
    '/ <returns>A SecurityToken corresponding the SAML assertion and proof key specified at construction time</returns>
    Protected Overrides Function GetTokenCore(ByVal timeout As TimeSpan) As SecurityToken
        ' Create a SamlSecurityToken from the provided assertion
        Dim samlToken As New SamlSecurityToken(assertion)

        ' Create a SecurityTokenSerializer that will be used to serialize the SamlSecurityToken
        Dim ser As New WSSecurityTokenSerializer()

        ' Create a memory stream to write the serialized token into
        ' Use an initial size of 64Kb
        Dim s As New MemoryStream(UInt16.MaxValue)

        ' Create an XmlWriter over the stream
        Dim xw As XmlWriter = XmlWriter.Create(s)

        ' Write the SamlSecurityToken into the stream
        ser.WriteToken(xw, samlToken)

        ' Seek back to the beginning of the stream
        s.Seek(0, SeekOrigin.Begin)

        ' Load the serialized token into a DOM
        Dim dom As New XmlDocument()
        dom.Load(s)

        ' Create a KeyIdentifierClause for the SamlSecurityToken
        Dim samlKeyIdentifierClause As SamlAssertionKeyIdentifierClause = samlToken.CreateKeyIdentifierClause(Of SamlAssertionKeyIdentifierClause)()
        
        ' Return a GenericXmlToken from the XML for the SamlSecurityToken, the proof token, the valid from 
        ' and valid until times from the assertion and the key identifier clause created above            
        Return New GenericXmlSecurityToken(dom.DocumentElement, proofToken, assertion.Conditions.NotBefore, assertion.Conditions.NotOnOrAfter, samlKeyIdentifierClause, samlKeyIdentifierClause, Nothing)

    End Function 'GetTokenCore
End Class

注解

当需要自定义安全令牌时，使用 SecurityTokenProvider 类。 安全令牌提供程序的任务是：当客户端发送 SOAP 消息，并且使用安全令牌对客户端进行身份验证或保护 SOAP 消息时，获取安全令牌。 具体来说，就是调用 GetToken 方法来获取安全令牌。 也可以调用安全令牌提供程序，使用 CancelToken 和 RenewToken 方法来取消和续订安全令牌。

从 SecurityTokenManager 类派生的类实现 CreateSecurityTokenProvider 方法可以确定对于给定的安全令牌，需要哪个安全令牌提供程序。

ClientCredentialsSecurityTokenManager 和 ServiceCredentialsSecurityTokenManager 类提供了内置安全令牌类型的默认实现。 对于自定义安全令牌方案，必须从 SecurityTokenManager、ClientCredentialsSecurityTokenManager 或 ServiceCredentialsSecurityTokenManager 类之一派生一个类，并提供为自定义安全令牌创建安全令牌提供程序、安全令牌身份验证器和安全令牌序列化程序的功能。 有关创建自定义令牌的详细信息，请参阅 如何：创建自定义令牌。

构造函数

SecurityTokenProvider()

初始化 SecurityTokenProvider 类的新实例。

属性

SupportsTokenCancellation	获取一个值，该值指示是否可以取消安全令牌。
SupportsTokenRenewal	获取一个值，该值指示是否可以续订安全令牌。

方法

BeginCancelToken(TimeSpan, SecurityToken, AsyncCallback, Object)	开始异步操作以取消安全令牌。
BeginCancelTokenCore(TimeSpan, SecurityToken, AsyncCallback, Object)	开始异步操作以取消安全令牌。
BeginGetToken(TimeSpan, AsyncCallback, Object)	开始异步操作以获取安全令牌。
BeginGetTokenCore(TimeSpan, AsyncCallback, Object)	开始异步操作以获取安全令牌。
BeginRenewToken(TimeSpan, SecurityToken, AsyncCallback, Object)	开始异步操作以续订安全令牌。
BeginRenewTokenCore(TimeSpan, SecurityToken, AsyncCallback, Object)	开始异步操作以续订安全令牌。
CancelToken(TimeSpan, SecurityToken)	取消安全令牌。
CancelTokenAsync(TimeSpan, SecurityToken)	取消安全令牌。
CancelTokenCore(TimeSpan, SecurityToken)	取消安全令牌。
CancelTokenCoreAsync(TimeSpan, SecurityToken)	取消安全令牌。
EndCancelToken(IAsyncResult)	完成异步操作以取消安全令牌。
EndCancelTokenCore(IAsyncResult)	完成异步操作以取消安全令牌。
EndGetToken(IAsyncResult)	完成异步操作以获取安全令牌。
EndGetTokenCore(IAsyncResult)	完成异步操作以获取安全令牌。
EndRenewToken(IAsyncResult)	完成异步操作以续订安全令牌。
EndRenewTokenCore(IAsyncResult)	完成异步操作以续订安全令牌。
Equals(Object)	确定指定对象是否等于当前对象。 (继承自 Object)
GetHashCode()	作为默认哈希函数。 (继承自 Object)
GetToken(TimeSpan)	获取安全令牌。
GetTokenAsync(TimeSpan)	获取安全令牌。
GetTokenCore(TimeSpan)	获取安全令牌。
GetTokenCoreAsync(TimeSpan)	获取安全令牌。
GetType()	获取当前实例的 Type。 (继承自 Object)
MemberwiseClone()	创建当前 Object 的浅表副本。 (继承自 Object)
RenewToken(TimeSpan, SecurityToken)	续订安全令牌。
RenewTokenAsync(TimeSpan, SecurityToken)	续订安全令牌。
RenewTokenCore(TimeSpan, SecurityToken)	续订安全令牌。
RenewTokenCoreAsync(TimeSpan, SecurityToken)	续订安全令牌。
ToString()	返回表示当前对象的字符串。 (继承自 Object)

另请参阅

• SecurityTokenManager
• SecurityTokenAuthenticator
• 如何：创建自定义令牌