Saml2SecurityTokenHandler 类

定义

表示安全标记处理程序,其可从 SAML 2.0 Assertions 创建安全标记。Represents a security token handler that creates security tokens from SAML 2.0 Assertions.

public ref class Saml2SecurityTokenHandler : System::IdentityModel::Tokens::SecurityTokenHandler
public class Saml2SecurityTokenHandler : System.IdentityModel.Tokens.SecurityTokenHandler
type Saml2SecurityTokenHandler = class
    inherit SecurityTokenHandler
Public Class Saml2SecurityTokenHandler
Inherits SecurityTokenHandler
继承
Saml2SecurityTokenHandler

注解

Saml2SecurityTokenHandler类将 SAML 2.0 断言支持的安全令牌序列化和反序列化为 Saml2SecurityToken 对象。The Saml2SecurityTokenHandler class serializes and deserializes security tokens backed by SAML 2.0 Assertions into Saml2SecurityToken objects. 安全令牌处理程序负责创建、读取、写入和验证令牌。Security token handlers are responsible for creating, reading, writing, and validating tokens.

可以通过将类的实例添加 Saml2SecurityTokenHandler 到为 SecurityTokenHandlerCollection 服务) 或应用程序 (配置的对象,将 SECURITY TOKEN SERVICE (STS) 或信赖方 (RP) 应用程序配置为处理支持 SAML 2.0 断言的安全令牌。You can configure a security token service (STS) or relying party (RP) application to process SAML 2.0 Assertion-backed security tokens by adding an instance of the Saml2SecurityTokenHandler class to the SecurityTokenHandlerCollection object configured for the service (or application). 可以通过编程方式或在配置文件中完成此操作。This can be done either programmatically or in the configuration file. 在将集合的 Configuration 属性添加到集合时,该处理程序本身是从为集合指定的配置中配置的。The handler itself is configured from the configuration specified for the collection through the collection's Configuration property when it is added to the collection. 尽管可以通过设置处理程序的属性来单独配置处理程序 Configuration ,但这通常是不必要的; 但是,如果必须单独配置处理程序,则应在将处理程序添加到集合后设置属性。While it is possible to configure the handler individually by setting its Configuration property, this is not normally necessary; however, if the handler must be configured individually, the property should be set after the handler is added to the collection.

在许多情况下, Saml2SecurityTokenHandler 类可按原样使用; 但是,该类通过其公开的方法提供了许多扩展点。For many scenarios, the Saml2SecurityTokenHandler class can be used as-is; however, the class provides many extension points through the methods it exposes. 通过从 Saml2SecurityTokenHandler 和重写特定方法派生,你可以修改在默认实现中提供的令牌处理的功能,或者可以为扩展添加到在某些自定义方案中可能需要的 SAML 断言规范的处理。By deriving from the Saml2SecurityTokenHandler and overriding specific methods, you can modify the functionality of the token processing provided in the default implementation, or you can add processing for extensions to the SAML Assertion specification that may be needed in some custom scenarios.

构造函数

Saml2SecurityTokenHandler()

使用默认安全标记需求初始化 Saml2SecurityTokenHandler 类的新实例。Initializes a new instance of the Saml2SecurityTokenHandler class with default security token requirements.

Saml2SecurityTokenHandler(SamlSecurityTokenRequirement)

使用指定的安全标记需求初始化 Saml2SecurityTokenHandler 类的新实例。Initializes a new instance of the Saml2SecurityTokenHandler class with the specified security token requirements.

字段

TokenProfile11ValueType

由 OASIS Web Services Security SAML Token Profile 1.1所定义的 SAML 2.0 断言 ID 的密钥标识符值类型。The key identifier value type for SAML 2.0 assertion IDs, as defined by the OASIS Web Services Security SAML Token Profile 1.1. 这是一个 URI。This is a URI.

属性

CanValidateToken

获取指示此处理程序是否能验证类型 Saml2SecurityToken 的标记的值。Gets a value that indicates if this handler can validate tokens of type Saml2SecurityToken.

CanWriteToken

获取指示此处理程序能否序列化 Saml2SecurityToken 类型的标记的值。Gets a value that indicates whether this handler can serialize tokens of type Saml2SecurityToken.

CertificateValidator

获取或设置当前实例用于验证 X.509 证书的 X.509 证书验证程序。Gets or sets the X.509 certificate validator that is used by the current instance to validate X.509 certificates.

Configuration

获取或设置提供配置当前实例的 SecurityTokenHandlerConfiguration 对象。Gets or sets the SecurityTokenHandlerConfiguration object that provides configuration for the current instance.

(继承自 SecurityTokenHandler)
ContainingCollection

获取包含当前实例的标记处理程序集合。Gets the token handler collection that contains the current instance.

(继承自 SecurityTokenHandler)
KeyInfoSerializer

获取或设置用于序列化和反序列化键标识程序的安全令牌序列化程序。Gets or sets the security token serializer that is used to serialize and deserialize key identifiers.

SamlSecurityTokenRequirement

获取或设置此实例的安全令牌要求。Gets or sets the security token requirements for this instance.

TokenType

获取处理程序支持的标记的类型。Gets the token type supported by this handler.

方法

AddDelegateToAttributes(ClaimsIdentity, ICollection<Saml2Attribute>, SecurityTokenDescriptor)

将所有与该主题相关的委托添加到特性集合中。Adds all of the delegates associated with the subject into the attribute collection.

CanReadKeyIdentifierClause(XmlReader)

指示当前 XML 元素是否指向一个可由该事例序列化的密匙标识符子句。Indicates if the current XML element is pointing to a key identifier clause that can be serialized by this instance.

CanReadToken(String)

返回指示指定字符串是否可以作为由此实例处理类型标记的反序列化的值。Returns a value that indicates whether the specified string can be deserialized as a token of the type processed by this instance.

(继承自 SecurityTokenHandler)
CanReadToken(XmlReader)

指示当前 XML 元素是否可以读取为实例掌控的类型标志。Indicates whether the current XML element can be read as a token of the type handled by this instance.

CanWriteKeyIdentifierClause(SecurityKeyIdentifierClause)

指示指定的密匙标识符子句是否可由该事例序列化。Indicates if the specified key identifier clause can be serialized by this instance.

CollectAttributeValues(ICollection<Saml2Attribute>)

使用通常声明类型、声明值类型集合特性,并使用多个值集合颁发者到单个特性。Collects attributes with a common claim type, claim value type, and original issuer into a single attribute with multiple values.

CreateAdvice(SecurityTokenDescriptor)

创建断言的 Saml2Advice 对象。Creates a Saml2Advice object for the assertion.

CreateAttribute(Claim, SecurityTokenDescriptor)

从声明中创建一个 Saml2Attribute 对象。Creates a Saml2Attribute object from a claim.

CreateAttributeStatement(ClaimsIdentity, SecurityTokenDescriptor)

从标记说明符创建 Saml2AttributeStatement 对象。Creates a Saml2AttributeStatement object from a token descriptor.

CreateAuthenticationStatement(AuthenticationInformation, SecurityTokenDescriptor)

创建从指定的身份验证信息中创建 SAML 2.0 身份验证语句。Creates a SAML 2.0 authentication statement from the specified authentication information.

CreateClaims(Saml2SecurityToken)

从 SAML 2.0 标记创建声明。Creates claims from a SAML 2.0 token.

CreateConditions(Lifetime, String, SecurityTokenDescriptor)

创建断言的条件。Creates the conditions for the assertion.

CreateIssuerNameIdentifier(SecurityTokenDescriptor)

创建识别声明颁布者的名称标示符。Creates a name identifier that identifies the assertion issuer.

CreateSamlSubject(SecurityTokenDescriptor)

为此断言创建 SAML 2.0 主题。Creates a SAML 2.0 subject for the assertion.

CreateSecurityTokenReference(SecurityToken, Boolean)

标记没附在消息上时创建安全标记引用。Creates the security token reference when the token is not attached to the message.

CreateStatements(SecurityTokenDescriptor)

创建包含于断言中的 SAML 2.0 语句。Creates SAML 2.0 statements to be included in the assertion.

CreateToken(SecurityTokenDescriptor)

创建基于标记说明符的安全标记。Creates a security token based on a token descriptor.

CreateWindowsIdentity(String)

使用指定用户主名称 (UPN)创建 WindowsIdentity 对象。Creates a WindowsIdentity object using the specified User Principal Name (UPN).

CreateXmlStringFromAttributes(IEnumerable<Saml2Attribute>)

从表示参与者的 SAML 2.0 特性的集合中生成一个 XML 格式的字符串。Builds an XML formatted string from a collection of SAML 2.0 attributes that represent the Actor.

DenormalizeAuthenticationType(String)

返回匹配规范化的值的 Saml2 AuthenticationContext。Returns the Saml2 AuthenticationContext matching a normalized value.

DetectReplayedToken(SecurityToken)

如果指定标记已存在于标记重播缓存中则引发异常;否则该标记将添加到缓存中。Throws an exception if the specified token already exists in the token replay cache; otherwise the token is added to the cache.

Equals(Object)

确定指定对象是否等于当前对象。Determines whether the specified object is equal to the current object.

(继承自 Object)
FindUpn(ClaimsIdentity)

在指定的 ClaimsIdentity 对象中查找 UPN 声明值,目的是为了把其标志映射到 WindowsIdentity 对象。Finds the UPN claim value in the specified ClaimsIdentity object for the purpose of mapping the identity to a WindowsIdentity object.

GetEncryptingCredentials(SecurityTokenDescriptor)

获取标记的加密凭据。Gets the token encrypting credentials. 重写此方法以更改标记的加密凭据。Override this method to change the token encrypting credentials.

GetHashCode()

作为默认哈希函数。Serves as the default hash function.

(继承自 Object)
GetSigningCredentials(SecurityTokenDescriptor)

获取用于对断言进行签名的凭据。Gets the credentials for signing the assertion.

GetTokenReplayCacheEntryExpirationTime(Saml2SecurityToken)

返回直到应在标记重播缓存中保留的标记的时间。Returns the time until which the token should be held in the token replay cache.

GetTokenTypeIdentifiers()

获取处理程序支持的标记的类型标识符。Gets the token type identifier(s) supported by this handler.

GetType()

获取当前实例的 TypeGets the Type of the current instance.

(继承自 Object)
LoadCustomConfiguration(XmlNodeList)

从 XML 加载自定义的配置。Loads custom configuration from XML.

MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(继承自 Object)
NormalizeAuthenticationContextClassReference(String)

返回与 SAML 身份验证上下文类引用匹配的规范化的值。Returns the normalized value matching a SAML authentication context class reference.

ProcessAttributeStatement(Saml2AttributeStatement, ClaimsIdentity, String)

从 SAML 2.0 特性语句中创建声明并将它们添加到指定主题。Creates claims from a SAML 2.0 attribute statement and adds them to the specified subject.

ProcessAuthenticationStatement(Saml2AuthenticationStatement, ClaimsIdentity, String)

从 SAML 2.0 身份验证语句中创建声明并将它们添加到指定主题。Creates claims from a SAML 2.0 authentication statement and adds them to the specified subject.

ProcessAuthorizationDecisionStatement(Saml2AuthorizationDecisionStatement, ClaimsIdentity, String)

从 SAML 2.0 授权决定语句中创建声明并将它们添加到指定主题。Creates claims from a SAML 2.0 authorization decision statement and adds them to the specified subject.

ProcessSamlSubject(Saml2Subject, ClaimsIdentity, String)

从 SAML 2.0 主题中创建声明并将它们添加到指定主题。Creates claims from the SAML 2.0 subject and adds them to the specified subject.

ProcessStatement(Collection<Saml2Statement>, ClaimsIdentity, String)

从 SAML 2.0 语句的集合中创建声明并将它们添加到指定主题。Creates claims from a collection of SAML 2.0 statements and adds them to the specified subject.

ReadAction(XmlReader)

读取 <saml:Action> 元素。Reads the <saml:Action> element.

ReadAdvice(XmlReader)

读取 <saml:Advice> 元素。Reads the <saml:Advice> element.

ReadAssertion(XmlReader)

读取 <saml:Assertion> 元素。Reads the <saml:Assertion> element.

ReadAttribute(XmlReader)

读取 <saml:Attribute> 元素。Reads the <saml:Attribute> element.

ReadAttributeStatement(XmlReader)

读取 <saml:AttributeStatement> 元素或 <saml:Statement> 元素,后者指定 saml:AttributeStatementType 的 xsi:type。Reads the <saml:AttributeStatement> element, or a <saml:Statement> element that specifies an xsi:type of saml:AttributeStatementType.

ReadAttributeValue(XmlReader, Saml2Attribute)

读取特性值。Reads an attribute value.

ReadAudienceRestriction(XmlReader)

读取 <saml:AudienceRestriction> 元素或 <saml:Condition> 元素,后者指定 saml:AudienceRestrictionType 的 xsi: type。Reads the <saml:AudienceRestriction> element or a <saml:Condition> element that specifies an xsi:type of saml:AudienceRestrictionType.

ReadAuthenticationContext(XmlReader)

读取 <saml:AuthnContext> 元素。Reads the <saml:AuthnContext> element.

ReadAuthenticationStatement(XmlReader)

读取 <saml:AuthnStatement> 元素或 <saml:Statement> 元素,后者指定 saml:AuthnStatementType 的 xsi:type。Reads the <saml:AuthnStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthnStatementType.

ReadAuthorizationDecisionStatement(XmlReader)

读取 <saml:AuthzDecisionStatement> 元素或 <saml:Statement> 元素,后者指定 saml:AuthzDecisionStatementType 的 xsi:type。Reads the <saml:AuthzDecisionStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthzDecisionStatementType.

ReadConditions(XmlReader)

读取 <saml:Conditions> 元素。Reads the <saml:Conditions> element.

ReadEncryptedId(XmlReader)

读取 <saml:EncryptedId> 元素。Reads the <saml:EncryptedId> element.

ReadEvidence(XmlReader)

读取 <saml:Evidence> 元素。Reads the <saml:Evidence> element.

ReadIssuer(XmlReader)

读取 <saml:Issuer> 元素。Reads the <saml:Issuer> element.

ReadKeyIdentifierClause(XmlReader)

读取 SecurityKeyIdentifierClause。Reads a SecurityKeyIdentifierClause.

ReadNameId(XmlReader)

读取 <saml:NameID> 元素。Reads the <saml:NameID> element.

ReadNameIdType(XmlReader)

<Issuer> 和 <NameID> 都是 NameIDType。Both <Issuer> and <NameID> are of NameIDType. 此方法读取这些元素之一的内容。This method reads the content of either one of those elements.

ReadProxyRestriction(XmlReader)

读取 <saml:ProxyRestriction> 元素或 <saml:Condition> 元素,后者指定 saml:ProxyRestrictionType 的 xsi: type。Reads the <saml:ProxyRestriction> element, or a <saml:Condition> element that specifies an xsi:type of saml:ProxyRestrictionType.

ReadSigningKeyInfo(XmlReader, Saml2Assertion)

反序列化 SAML Signing KeyInfo。Deserializes the SAML Signing KeyInfo.

ReadStatement(XmlReader)

读取 <saml:Statement> 元素。Reads the <saml:Statement> element.

ReadSubject(XmlReader)

读取 <saml:Subject> 元素。Reads the <saml:Subject> element.

ReadSubjectConfirmation(XmlReader)

读取 <SubjectConfirmation> 元素。Reads the <SubjectConfirmation> element.

ReadSubjectConfirmationData(XmlReader)

读取 <saml:SubjectConfirmationData> 元素。Reads the <saml:SubjectConfirmationData> element.

ReadSubjectId(XmlReader, String)

此方法处理针对 ID 的 <Subject> 和 <SubjectConfirmation> 元素使用的构造。This method handles the construct used in the <Subject> and <SubjectConfirmation> elements for ID.

ReadSubjectKeyInfo(XmlReader)

反序列化 SAML 主题 <ds:KeyInfo> 元素。Deserializes the SAML Subject <ds:KeyInfo> element.

ReadSubjectLocality(XmlReader)

读取 <saml:SubjectLocality> 元素。Reads the <saml:SubjectLocality> element.

ReadToken(String)

当在派生类中重写时,由派生类反序列化类型处理的指定字符串。When overridden in a derived class, deserializes the specified string to a token of the type processed by the derived class.

(继承自 SecurityTokenHandler)
ReadToken(XmlReader)

从指定流中读取 SAML 2.0 标记。Reads a SAML 2.0 token from the specified stream.

ReadToken(XmlReader, SecurityTokenResolver)

当在派生类中重写时,由指定的 XML 读取器使用指定的标记解析器处理派生类类型的标记引用的 XML 进行反序列化。When overridden in a derived class, deserializes the XML referenced by the specified XML reader to a token of the type processed by the derived class by using the specified token resolver.

(继承自 SecurityTokenHandler)
ResolveIssuerToken(Saml2Assertion, SecurityTokenResolver)

将 Signing Key Identifier解析为 SecurityTokenResolves the Signing Key Identifier to a SecurityToken.

ResolveSecurityKeys(Saml2Assertion, SecurityTokenResolver)

解析在 SecurityKey中引用的 Saml2Assertion 集合。Resolves the collection of SecurityKey referenced in a Saml2Assertion.

SetDelegateFromAttribute(Saml2Attribute, ClaimsIdentity, String)

当检测 Saml2Attribute 的特殊类型时调用此方法。This method gets called when a special type of Saml2Attribute is detected. 已传入的 Saml2Attribute 包装一个包含特性值的集合的 Saml2Attribute (特性值在 Values 属性中),每一个特性值将被映射到一个声明。The Saml2Attribute passed in wraps a Saml2Attribute that contains a collection of attribute values (in the Values property), each of which will get mapped to a claim. 所有的声明都将返回到 ClaimsIdentityAll of the claims will be returned in an ClaimsIdentity with the specified issuer.

ToString()

返回表示当前对象的字符串。Returns a string that represents the current object.

(继承自 Object)
TraceTokenValidationFailure(SecurityToken, String)

当启用跟踪时,在安全标记的验证过程跟踪失败事件。Traces the failure event during the validation of security tokens when tracing is enabled.

(继承自 SecurityTokenHandler)
TraceTokenValidationSuccess(SecurityToken)

当启用跟踪时,跟踪安全标记事件的成功验证。Traces the successful validation of security tokens event when tracing is enabled.

(继承自 SecurityTokenHandler)
TryResolveIssuerToken(Saml2Assertion, SecurityTokenResolver, SecurityToken)

将 Signing Key Identifier解析为 SecurityToken。Resolves the Signing Key Identifier to a SecurityToken.

ValidateConditions(Saml2Conditions, Boolean)

验证指定的 Saml2Conditions 对象。Validates the specified Saml2Conditions object.

ValidateConfirmationData(Saml2SubjectConfirmationData)

验证指定的 Saml2SubjectConfirmationData 对象。Validates the specified Saml2SubjectConfirmationData object.

ValidateToken(SecurityToken)

验证标记数据并返回其声明。Validates the token data and returns its claims.

WriteAction(XmlWriter, Saml2Action)

写入 <saml:Action> 元素。Writes the <saml:Action> element.

WriteAdvice(XmlWriter, Saml2Advice)

写入 <saml:Advice> 元素。Writes the <saml:Advice> element.

WriteAssertion(XmlWriter, Saml2Assertion)

序列化指定的 SAML 断言到指定的 XML 编写器。Serializes the specified SAML assertion to the specified XML writer.

WriteAttribute(XmlWriter, Saml2Attribute)

写入 <saml:Attribute> 元素。Writes the <saml:Attribute> element.

WriteAttributeStatement(XmlWriter, Saml2AttributeStatement)

写入 <saml:AttributeStatement> 元素。Writes the <saml:AttributeStatement> element.

WriteAttributeValue(XmlWriter, String, Saml2Attribute)

写入 saml:特性值。Writes the saml:Attribute value.

WriteAudienceRestriction(XmlWriter, Saml2AudienceRestriction)

写入 <saml:AudienceRestriction> 元素。Writes the <saml:AudienceRestriction> element.

WriteAuthenticationContext(XmlWriter, Saml2AuthenticationContext)

写入 <saml:AuthnContext> 元素。Writes the <saml:AuthnContext> element.

WriteAuthenticationStatement(XmlWriter, Saml2AuthenticationStatement)

写入 <saml:AuthnStatement> 元素。Writes the <saml:AuthnStatement> element.

WriteAuthorizationDecisionStatement(XmlWriter, Saml2AuthorizationDecisionStatement)

写入 <saml:AuthzDecisionStatement> 元素。Writes the <saml:AuthzDecisionStatement> element.

WriteConditions(XmlWriter, Saml2Conditions)

写入 <saml:Conditions> 元素。Writes the <saml:Conditions> element.

WriteEvidence(XmlWriter, Saml2Evidence)

写入 <saml:Evidence> 元素。Writes the <saml:Evidence> element.

WriteIssuer(XmlWriter, Saml2NameIdentifier)

写入 <saml:Issuer> 元素。Writes the <saml:Issuer> element.

WriteKeyIdentifierClause(XmlWriter, SecurityKeyIdentifierClause)

Saml2AssertionKeyIdentifierClause 序列化为指定的 XML 编写器。Serializes a Saml2AssertionKeyIdentifierClause to the specified XML writer.

WriteNameId(XmlWriter, Saml2NameIdentifier)

写入 <saml:NameID> 元素。Writes the <saml:NameID> element.

WriteNameIdType(XmlWriter, Saml2NameIdentifier)

<Issuer> 和 <NameID> 都是 NameIDType。Both <Issuer> and <NameID> are of NameIDType. 此方法写入这些元素之一的内容。This method writes the content of either one of those elements.

WriteProxyRestriction(XmlWriter, Saml2ProxyRestriction)

写入 <saml:ProxyRestriction> 元素。Writes the <saml:ProxyRestriction> element.

WriteSigningKeyInfo(XmlWriter, SecurityKeyIdentifier)

使用指定 XML 编写器写入签名 <ds:KeyInfo> 元素。Writes the Signing <ds:KeyInfo> element using the specified XML writer.

WriteStatement(XmlWriter, Saml2Statement)

写入 Saml2Statement。Writes a Saml2Statement.

WriteSubject(XmlWriter, Saml2Subject)

写入 <saml:Subject> 元素。Writes the <saml:Subject> element.

WriteSubjectConfirmation(XmlWriter, Saml2SubjectConfirmation)

写入 <saml:SubjectConfirmation> 元素。Writes the <saml:SubjectConfirmation> element.

WriteSubjectConfirmationData(XmlWriter, Saml2SubjectConfirmationData)

写入 <saml:SubjectConfirmationData> 元素。Writes the <saml:SubjectConfirmationData> element.

WriteSubjectKeyInfo(XmlWriter, SecurityKeyIdentifier)

使用指定的 XML 编写器序列化主题 <ds:KeyInfo> 元素。Serializes the Subject <ds:KeyInfo> element using the specified XML writer.

WriteSubjectLocality(XmlWriter, Saml2SubjectLocality)

写入 <saml:SubjectLocality> 元素。Writes the <saml:SubjectLocality> element.

WriteToken(SecurityToken)

在派生类中重写时,将指定安全标记列化到字符串。When overridden in a derived class, serializes the specified security token to a string. 该标记必须是派生类处理的类型。The token must be of the type processed by the derived class.

(继承自 SecurityTokenHandler)
WriteToken(XmlWriter, SecurityToken)

将 SAML2 令牌写入指定的 XML 写入器。Writes a Saml2 Token to the specified XML writer.

适用于

另请参阅