Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
57 lines (39 sloc) 5.43 KB
title ms.date dev_langs helpviewer_keywords ms.assetid
How to: Create a Custom Security Token Provider
03/30/2017
csharp
vb
security [WCF], providing credentials
db8cb478-aa43-478b-bf97-c6489ad7c7fd

How to: Create a Custom Security Token Provider

This topic shows how to create new token types with a custom security token provider and how to integrate the provider with a custom security token manager.

[!NOTE] Create a custom token provider if the system-provided tokens found in the xref:System.IdentityModel.Tokens namespace do not match your requirements.

The security token provider creates a security token representation based on information in the client or service credentials. To use the custom security token provider in Windows Communication Foundation (WCF) security, you must create custom credentials and security token manager implementations.

For more information about custom credentials and security token manager see the Walkthrough: Creating Custom Client and Service Credentials.

To create a custom security token provider

  1. Define a new class derived from the xref:System.IdentityModel.Selectors.SecurityTokenProvider class.

  2. Implement the xref:System.IdentityModel.Selectors.SecurityTokenProvider.GetTokenCore%28System.TimeSpan%29 method. The method is responsible for creating and returning an instance of the security token. The following example creates a class named MySecurityTokenProvider, and overrides the xref:System.IdentityModel.Selectors.SecurityTokenProvider.GetTokenCore%28System.TimeSpan%29 method to return an instance of the xref:System.IdentityModel.Tokens.X509SecurityToken class. The class constructor requires an instance of the xref:System.Security.Cryptography.X509Certificates.X509Certificate2 class.

    [!code-csharpc_CustomTokenProvider#1] [!code-vbc_CustomTokenProvider#1]

To integrate a custom security token provider with a custom security token manager

  1. Define a new class derived from the xref:System.IdentityModel.Selectors.SecurityTokenManager class. (The example below derives from the xref:System.ServiceModel.ClientCredentialsSecurityTokenManager class, which derives from the xref:System.IdentityModel.Selectors.SecurityTokenManager class.)

  2. Override the xref:System.IdentityModel.Selectors.SecurityTokenManager.CreateSecurityTokenProvider%28System.IdentityModel.Selectors.SecurityTokenRequirement%29 method if is not already overridden.

    The xref:System.IdentityModel.Selectors.SecurityTokenManager.CreateSecurityTokenProvider%28System.IdentityModel.Selectors.SecurityTokenRequirement%29 method is responsible for returning an instance of the xref:System.IdentityModel.Selectors.SecurityTokenProvider class appropriate to the xref:System.IdentityModel.Selectors.SecurityTokenRequirement parameter passed to the method by the WCF security framework. Modify the method to return the custom security token provider implementation (created in the previous procedure) when the method is called with an appropriate security token parameter. For more information about the security token manager, see the Walkthrough: Creating Custom Client and Service Credentials.

  3. Add custom logic to the method to enable it to return your custom security token provider based on the xref:System.IdentityModel.Selectors.SecurityTokenRequirement parameter. The following sample returns the custom security token provider if the token requirements are met. The requirements include an X.509 security token and the message direction (that the token is used for message output). For all other cases, the code calls the base class to maintain the system-provided behavior for other security token requirements.

[!code-csharpc_CustomTokenProvider#2] [!code-vbc_CustomTokenProvider#2]

Example

The following shows a complete xref:System.IdentityModel.Selectors.SecurityTokenProvider implementation along with a corresponding xref:System.IdentityModel.Selectors.SecurityTokenManager implementation.

[!code-csharpc_CustomTokenProvider#0] [!code-vbc_CustomTokenProvider#0]

See also

You can’t perform that action at this time.