System.IdentityModel

The exception that is thrown when an error occurs during an asynchronous operation.

Initializes a new instance of the class.

Initializes a new instance of the class with a system-supplied error message and a reference to the inner exception that is the cause of this exception.

The that is the cause of the current exception. If the parameter is not , the current exception is raised in a block that handles the inner exception.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

The error message that explains the reason for the exception. The that is the cause of the current exception. If the parameter is not , the current exception is raised in a block that handles the inner exception.

An abstract base class that implements the interface. Serves as a base class from which to derive objects that can be used for common asynchronous programming scenarios.

Called from constructors in derived classes to initialize an instance of the class that does not have a callback delegate or a state object.

Called from constructors in derived classes to initialize an instance of the class that has a callback delegate and a state object.

The method to be called when the asynchronous operation completes. A user-defined object that qualifies or contains information about an asynchronous operation.

Called from constructors in derived classes to initialize an instance of the class that does not have a callback delegate but does have a state object.

A user-defined object that qualifies or contains information about an asynchronous operation.

Gets a user-defined object that qualifies or contains information about an asynchronous operation.

A user-defined object that qualifies or contains information about an asynchronous operation.

Gets a that is used to wait for an asynchronous operation to complete.

A that is used to wait for an asynchronous operation to complete.

Call this version of complete when your asynchronous operation is complete and no exception was encountered. It updates the state of the operation and notifies the callback.

if the asynchronous operation completed synchronously; otherwise .

Call this version of complete if you raise an exception during processing. In addition to notifying the callback, it captures the exception and stores it to be thrown during the call to the method.

if the asynchronous operation completed synchronously; otherwise . The exception that occurred during the processing of the asynchronous operation.

Gets a value that indicates whether the asynchronous operation completed synchronously.

if the asynchronous operation completed synchronously; otherwise, .

Releases the resources used by the current instance of the class.

Called by the and methods to release the managed and unmanaged resources used by the current instance of the class.

to release managed and unmanaged resources; to release only unmanaged resources. indicates that this is an explicit call to Dispose.

Call this method when the End function for the asynchronous operation is complete. It ensures that the asynchronous operation is complete, and does some common validation.

The representing the status of the asynchronous operation.

Allows the object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.

Gets a value that indicates whether the asynchronous operation has completed.

if the operation is complete; otherwise, .

The exception that is thrown when a token request (RST) is not understood by the security token service (STS).

Initializes a new instance of the class.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

Represents a claim that is associated with an entity.

Initializes a new instance of the class with the specified type, resource, and right.

A uniform resource identifier (URI) that represents a claim type. The object with which the new claim is associated. The URI of the right associated with the claim. is . -or- is . is zero length. -or- is zero length.

Gets the type of the claim.

A URI that represents the type of the claim.

Creates a object that represents a deny-only specified security identifier (SID).

A that represents the deny-only SID. A that represents the SID specified in the parameter. is .

Creates a object that represents the specified Domain Name System (DNS) name.

The DNS name of the entity associated with the claim. This parameter must not be . If this parameter is , this method throws a exception. The object this method creates. The parameter is .

Creates a object that represents the specified hash value.

An array of byte values that specifies a hash value. This parameter must not be . If this parameter is , this method throws a exception. The object this method creates. The parameter is .

Creates a object that represents the specified email address.

A that specifies the email address this claim represents. This parameter must not be . If this parameter is , this method throws an exception. The object this method creates. The parameter is .

Creates a object that represents the specified name.

The name of the entity associated with the claim. This parameter must not be . If this parameter is , this method throws an exception. The object this method creates. The parameter is .

Creates a object that represents the specified RSA key.

An object that represents an RSA cryptographic key. This parameter must not be . If this parameter is , this method throws an exception. The object this method creates. The parameter is .

Creates a object that represents the specified Service Principal Name (SPN).

The SPN of the entity associated with this claim. This parameter must not be . If this parameter is , this method throws an exception. The object this method creates. The parameter is .

Creates a object that represents the specified thumbprint.

An array of byte values that specifies the thumbprint of the entity associated with the claim. This parameter must not be . If this parameter is , this method throws an exception. The object this method creates. The parameter is .

Creates a object that represents the specified Universal Principal Name (UPN).

The UPN of the entity associated with this claim. This parameter must not be . If this parameter is , this method throws an exception. The object this method creates. The parameter is .

Creates a object that represents the specified Uniform Resource Locator (URL).

A that represents the URL of the entity associated with this claim. This parameter must not be . If this parameter is , this method throws an exception. The object this method creates. The parameter is .

Creates a object that represents the specified security identifier (SID).

A that represents the SID. A that represents the SID specified in the parameter. is .

Creates a object that represents the specified X.500 distinguished name.

A that specifies the X.500 distinguished name of the entity associated with the claim. This parameter must not be . If this parameter is , this method throws an exception. The object this method creates. The parameter is .

Gets an object that can compare two objects for equality.

A interface implementation that compares two objects.

Determines whether the specified object represents the same claim as the current object.

The object to compare with the current . if represents the same claim as the current ; otherwise .

Returns a hash code for the current claim.

The hash code for the claim.

Gets the resource with which this object is associated.

The resource with which this object is associated.

A string representation of a uniform resource identifier (URI) that specifies the right associated with this object. Pre-defined rights are available as static properties of the class.

A URI that specifies the right associated with this object.

A pre-defined claim that represents the system entity.

A object that represents the system entity. This object has the property values shown in the following table. Property Value

Returns a string representation of this object.

This object.

Represents the collection of claims that are associated with an entity.

Initializes a new instance of the class.

Determines whether the contains the specified .

The for which to search. if the specified claim is contained in the ; otherwise .

Determines whether the contains the specified , by using the specified object.

The for which to search. The object used to make the comparison. if the specified claim is contained in the ; otherwise

When overridden in a derived class, gets the number of claims in this claim set.

The number of claims in this .

When overridden in a derived class, searches for a object that matches the specified claim type and rights in the .

The uniform resource identifier (URI) of a claim type. Several claim types are available as static properties of the class. The URI of the right associated with the new claim. Several rights are available as static properties of the class. A of type that enables you to enumerate the claims that matches the specified criteria.

When overridden in a derived class, gets a that can be used to enumerate the object in the .

A that can be used to enumerate the object in the .

When overridden in a derived class, gets the entity that issued this .

The object that issued this object.

When overridden in a derived class, gets the for the specified index.

The index of the claim to be retrieved. The at the specified index.

Gets a object that represents an application trusted issuer.

The system object.

Gets an that can be used to enumerate the object in the .

A that can be used to enumerate the object in the .

Gets a set of claims that contains Windows security identifiers.

A that contains at least one claim of type .

Represents the pre-defined types of claims that an entity can claim. This class cannot be inherited.

Gets the URI for a claim that specifies the anonymous user.

The URI for a claim that specifies the anonymous user.

Gets the URI for a claim that specifies details about whether an identity is authenticated.

The URI for a claim that specifies details about whether an identity is authenticated.

Gets the URI for a claim that specifies an authorization decision on an entity.

The URI for a claim that specifies an authorization decision on an entity.

Gets the URI for a claim that specifies the country/region in which an entity resides.

The URI for a claim that specifies a country/region in which an entity resides.

Gets the URI for a claim that specifies the date of birth of an entity.

The URI for a claim that specifies the date of birth of an entity.

Gets the URI for a claim that specifies a deny-only security identifier (SID) for an entity.

The URI for a claim that specifies a deny-only SID for an entity.

Gets the URI for a claim that specifies the DNS name associated with the computer name or with the alternative name of either the subject or issuer of an X.509 certificate.

The URI for a claim that specifies the DNS name associated with the computer name or with the alternative name of either the subject or issuer of an X.509 certificate.

Gets the URI for a claim that specifies the email address of an entity.

The URI for a claim that specifies the email address of an entity.

Gets the URI for a claim that specifies the gender of an entity.

The URI for a claim that specifies the gender of an entity.

Gets the URI for a claim that specifies the given name of an entity.

The URI for a claim that specifies the given name of an entity.

Gets the URI for a claim that specifies a hash value.

The URI for a claim that specifies a hash value.

Gets the URI for a claim that specifies the home phone number of an entity.

The URI for a claim that specifies the home phone number of an entity.

Gets the URI for a claim that specifies the locale in which an entity resides.

The URI for a claim that specifies the locale in which an entity resides.

Gets the URI for a claim that specifies the mobile phone number of an entity.

The URI for a claim that specifies the mobile phone number of an entity.

Gets the URI for a claim that specifies the name of an entity.

The URI for a claim that specifies the name of an entity.

Gets the URI for a claim that specifies the name of an entity.

The URI for a claim that specifies the name of an entity.

Gets the URI for a claim that specifies the alternative phone number of an entity.

The URI for a claim that specifies the alternative phone number of an entity.

Gets the URI for a claim that specifies the postal code of an entity.

The URI for a claim that specifies the postal code of an entity.

Gets the URI for a claim that specifies the private personal identifier (PPI) of an entity.

The URI for a claim that specifies the private personal identifier (PPI) of an entity.

Gets the URI for a claim that specifies an RSA key.

The URI for a claim that specifies an RSA key.

Gets the URI for a claim that specifies a security identifier (SID).

The URI for a claim that specifies a security identifier (SID).

Gets the URI for a claim that specifies a service principal name (SPN) claim.

The URI for a claim that specifies a service principal name (SPN) claim.

Gets the URI for a claim that specifies the state or province in which an entity resides.

The URI for a claim that specifies the state or province in which an entity resides.

Gets the URI for a claim that specifies the street address of an entity.

The URI for a claim that specifies the street address of an entity.

Gets the URI for a claim that specifies the surname of an entity.

The URI for a claim that specifies the surname of an entity.

Gets the URI for a claim that identifies the system entity.

The URI for a claim that identifies the system entity.

Gets the URI for a claim that specifies a thumbprint.

The URI for a claim that specifies a thumbprint.

Gets the URI for a claim that specifies a user principal name (UPN).

The URI for a claim that specifies UPN.

Gets the URI for a claim that specifies a URI.

The URI for a claim that specifies a URI.

Gets the URI for a claim that specifies the Web page of an entity.

The URI for a claim that specifies the Web page of an entity.

Gets the string that contains the URI for a distinguished name claim of an X.509 certificate.

The URI for a distinguished name claim of an X.509 certificate.

Provides a default implementation of the class.

Initializes a new instance of the class, using the specified claims.

An of type that contains the claims to add to this claim set. is .

Initializes a new instance of the class, using the specified claims.

An array of that represents the claims to be added to this claim set. is .

Initializes a new instance of the class, using the specified claims.

A object that specifies the issuer of the specified in the parameter. An of type that contains the claims to add to this claim set. is . -or- is .

Initializes a new instance of the class, using the specified claims.

A object that specifies the issuer of the specified in the parameter. An array of that represents the claims to be added to this claim set. is . -or- is .

Determines whether the specified claim is contained within this claim set.

The to determine whether it exists in this collection. if the claim is contained in this claim set; otherwise . is .

Gets the number of objects in this claim set.

The number of objects in this claim set.

Searches for the object that matches the specified claim type and rights in the .

The uniform resource identifier (URI) of a claim type. Several claim types are available as static properties of the class. The URI of the right associated with the new claim. Several rights are available as static properties of the class. An of type that enables you to enumerate the claims that match the specified criteria.

Gets an that can be used to enumerate the object in the .

An that can be used to enumerate the object in the .

Initializes an instance of the class, using the specified claims.

The object that issued the specified in the parameter. The set of objects to be included in this claim set. is . -or- is .

Gets the object that issued this claim set.

The object that issued this claim set.

Gets the for the specified index.

The index of the claim to be retrieved. The specified by the index.

Returns this object.

This object.

Defines the pre-defined types of rights that can be associated with a object.

Gets a string that specifies that the right represents an identity.

The right that represents an identity.

Gets a string that specifies that the right represents a property that the entity associated with a claim possesses.

The right that represents a property that the entity associated with a object possesses.

Represents a collection of Windows claims that are associated with an entity.

Initializes a new instance of the class by using the Windows user identity specified by the object.

A that specifies the Windows identity.

Initializes a new instance of the class by using the Windows user identity specified by the object.

A that specifies the Windows identity. to include the claims representing the Windows groups to which this user belongs; otherwise, .

Initializes a new instance of the class by using the Windows user identity specified by the object.

A that specifies the Windows identity. to include the Windows groups to which this user belongs; otherwise, . A that specifies the expiration time for the claim set.

Initializes a new instance of the class by using the Windows user identity specified by the object.

A that specifies the Windows identity. A that specifies the expiration time for the claim set.

Initializes a new instance of the class by using the Windows user identity specified by the object.

A that specifies the Windows identity. The authentication type for the Windows Identity. to include the Windows groups to which this user belongs; otherwise, . A that specifies the expiration time for the claim set.

Gets the number of claims in this collection.

The number of claims in this collection.

Releases all resources used by the .

Gets the expiration time for this .

The in which this expires.

Searches for the claim that matches the specified claim type and rights in the .

The uniform resource identifier (URI) of a claim type. The URI of the right associated with the new claim. A object that enables you to enumerate the claims that match the specified criteria.

Gets an that can be used to enumerate the Windows claims in the .

An that can be used to enumerate the Windows claims in the .

Gets the issuer for this .

A that represents the issuer of this claim set.

Gets the claim for the specified index.

The index of the Windows claim to be retrieved. The claim for the specified index.

Returns this object.

This object.

Gets the Windows identity for this claim set.

The for this claim set.

Represents a collection of claims extracted from an X.509 certificate that are associated with an entity.

Initializes a new instance of the class by using the specified X.509 certificate.

The X.509 certificate that is added to the claim set.

Gets the number of X.509 certificate claims in this object.

The number of X.509 certificate claims in this object.

Releases all resources used by the .

Gets the expiration time for this .

The expiration time for this .

Searches for the claim that matches the specified claim type and rights in the .

The uniform resource identifier (URI) of a claim type. The URI of the right associated with the new claim. A object that enables you to enumerate the claims that match the specified criteria.

Gets an that can be used to enumerate the Windows claims in the .

An that can be used to enumerate the Windows claims in the .

Gets the issuer for this .

The issuer for this .

Gets the claim for the specified index.

The index of the claim to be retrieved. The claim for the specified index.

Gets the number of X.509 certificate claims in this object.

The number of X.509 certificate claims in this object.

Gets the X.509 certificate associated with this claim set.

The X.509 certificate associated with this claim set.

Represents an audience URI value configured under an element.

Initializes a new instance of the class.

Gets or sets the audience URI.

The audience URI.

Represents an element in a configuration file.

Initializes a new instance of the class.

Gets or sets the audience restriction mode.

The audience restriction mode. The default is .

There are parts of the Windows Identity Foundation (WIF) configuration schema in which users can specify arbitrary elements and attributes; for example, when specifying a custom token handler. The class is implemented to handle these cases.

Initializes a new instance of the class.

Gets the child nodes of this element.

The collection of child nodes. if this element has no child nodes.

Reads XML from the configuration file.

The that reads from the configuration file. to serialize only the collection key properties; otherwise, .

Gets the XML element represented by this instance.

The XML element.

Gets a value that indicates whether an unknown attribute is encountered during deserialization. Always returns .

The name of the unrecognized attribute. The value of the unrecognized attribute. Always returns , which indicates that an unrecognized attribute has been encountered.

Gets a value that indicates whether an unknown element is encountered during deserialization. Always returns .

The name of the unknown subelement. The XML reader that is being used for deserialization. Always returns , which indicates that an unrecognized element has been encountered.

Resets the internal state of the object, including the locks and the properties collections.

The parent node of the configuration element.

Represents an element or attribute that specifies a custom in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Gets a value that indicates whether the element has been configured with non-default values.

if the element has been configured with non-default values; otherwise, .

Attempts to resolve the custom type element to an object of the specified .

The custom type element to resolve. The to which to resolve the custom type element. An object of .

The represented by the current instance.

The type represented by this instance.

Defines methods that enable a class to load custom configuration.

Loads custom configuration from XML. Override this method to provide custom handling of configuration elements.

The XML nodes that contain the custom configuration. Each node in the list is of type .

Defines the collection of configurable properties controlling the behavior of the Windows Identity Foundation.

Initializes a new instance of the class. Settings are loaded from the default configuration, if it exists.

Initializes a new instance of the class by using a value that specifies whether settings should be loaded from the default configuration.

to load settings from the configuration file; otherwise . is , but there is no configuration element.

Initializes a new instance of the class that has the specified service certificate. Settings are optionally loading the default configuration.

to load settings from the configuration file; otherwise . The service certificate. Sets the property. is , but there is no configuration element.

Initializes a new instance of the class that has the specified service certificate.

The service certificate. Sets the property.

Initializes a new instance of the class. Settings are loaded from the named configuration.

The name of the element from which settings are to be loaded. There is no configuration element.

Initializes a new instance of the class that has the specified service certificate, loading the named configuration.

The name of the element from which configuration is to be loaded The service certificate. Sets the property. There is no configuration element

Gets or sets the configured .

The configured .

Gets or sets the configured .

The configured caches.

Gets or sets the certificate validation mode used by handlers to validate issuer certificates.

The certificate validation mode.

Gets or sets the certificate validator used by handlers to validate issuer certificates.

The certificate validator.

Gets or sets the claims authentication manager. The default is an instance of the class.

The claims authentication manager. An attempt to set the property to occurs.

Gets or sets the claims authorization manager.

The claims authorization manager. An attempt to set the property to occurs.

The default X.509 certificate validation mode, .

The default issuer name registry type; the of the class.

The default maximum clock skew; 5 minutes.

The default X.509 revocation mode; .

The default service name; an empty string.

The default trusted store location for certificates; .

Gets or sets a value in the default handler configuration that indicates whether handlers should detect replayed tokens.

if handlers should detect replayed tokens; otherwise .

Updates properties in the objects for the objects contained in the to be consistent with the property values on this instance.

This method is invoked more than once.

Gets or sets a value that indicates whether the method has been called.

if the method has been called; otherwise .

Gets or sets the issuer name registry used to resolve issuer names.

The issuer name registry. An attempt to set the property to occurs.

Gets or sets the issuer token resolver.

The issuer token resolver. An attempt to set the property to occurs.

Loads the settings for this instance from the application or Web configuration file.

The from the configuration file.

Loads a by using the elements directly under the specified .

The element from the configuration file from which to load settings. The loaded from the elements in the configuration file.

Loads configuration elements pertaining to the .

The base from which to inherit default values. The from the configuration file. The loaded from the elements in the configuration file and the .

Loads the defined for the specified service.

The element used to configure this instance. The handler collection manager.

Gets or sets the maximum allowable time difference between the system clocks of the two parties that are communicating.

The maximum clock skew.

Gets the service name of this configuration.

The service name.

Gets or sets the revocation mode used by handlers to validate issuer certificates.

The revocation mode.

Gets or sets a value that indicates whether the object is saved in the and Sessions after token validation.

if bootstrap context is saved; otherwise, .

Gets the containing the set of objects that are used to serialize and validate tokens found in WS-Trust messages.

The handler collection manager.

Gets the collection of objects used to serialize and validate tokens found in WS-Trust messages.

The collection of token handlers.

Gets or sets the service certificate.

The X.509 certificate to use as the service certificate.

Gets or sets the service token resolver.

The service token resolver. An attempt to set the property to occurs.

Gets or sets the expiration period for items placed in the .

The expiration period for items placed in the token replay cache.

Gets or sets the trusted store location used by handlers to validate issuer certificates.

The trusted store location.

Represents an element in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Gets the that is associated with this identity configuration element.

The collection of audience URIs that are configured for this identity configuration element.

Gets or sets the that is associated with this identity configuration element.

The element that configures the token replay cache and the session security token cache for this identity configuration element.

Gets or sets the that is associated with this identity configuration element.

The element that configures the certificate validator and its properties for this identity configuration element.

Gets or sets the claims authentication manager that is associated with this identity configuration element.

A custom type element that specifies the of the claims authentication manager. The type must derive from .

Gets or sets the claims authorization manager that is associated with this identity configuration element.

A custom type element that specifies the of the claims authorization manager. The type must derive from .

Gets or sets the that is associated with this identity configuration element.

The element that configures the issuer name registry for this identity configuration element.

Gets or sets the issuer token resolver that is associated with this identity configuration element.

A custom type element that specifies the of the issuer token resolver. The type must derive from .

Gets or sets the maximum clock skew that is configured for this identity configuration element.

The maximum clock skew.

Gets or sets the name of the identity configuration element.

The name of the identity configuration.

Gets or sets a value that indicates whether to save the bootstrap context in claims identities and session security tokens created by the handlers configured in this identity collection.

to save the ; otherwise, .

Gets or sets the that is associated with this identity configuration element.

The security token handler collections configured for this identity configuration element.

Gets or sets the service token resolver that is associated with this identity configuration element.

A custom type element that specifies the of the service token resolver. The type must derive from .

Gets or sets the that is associated with this identity configuration element.

The element that specifies whether token replay detection is enabled and specifies the maximum expiration period for tokens in the token replay cache.

Represents the collection of elements in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Retrieves the that has the specified name.

The name of the identityConfiguration element to retrieve. This corresponds to the value of the element's property. The element that has the specified name, or if no matching element is found. is . The default configuration was specified in the name parameter and a matching could not be found.

Defines the caches that are configured to detect replayed tokens and to cache session tokens. This class cannot be inherited.

Initializes a new instance of the class.

Gets or sets the that is used to cache the .

The configured session token cache. An attempt to set the property to occurs.

Gets or sets the that is used to determine whether tokens are replayed.

The configured token replay cache. An attempt to set the property to occurs.

Represents a element in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Gets a value that indicates whether this element has been configured.

if the element has been configured; otherwise, .

Gets or sets the of the session token cache.

The type of the session token cache. The type must derive from .

Gets or sets the of the token replay cache.

The type of the token replay cache. The type must derive from .

Represents an element in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Gets or sets a string representation of the of the issuer name registry.

The string representation of the of the issuer name registry. The type must derive from the class.

Represents a element in a configuration file.

Initializes a new instance of the class.

Gets the that is associated with this token handler configuration element.

The collection of audience URIs that are configured for this token handler configuration element.

Gets or sets the that is associated with this token handler configuration element.

The element that configures the token replay cache and the session security token cache for this token handler configuration element.

Gets or sets the that is associated with this token handler configuration element.

The element that configures the certificate validator and its properties for this token handler configuration element.

Gets or sets the that is associated with this token handler configuration element.

The element that configures the issuer name registry for this token handler configuration element.

Gets or sets the issuer token resolver that is associated with this token handler configuration element.

A custom type element that specifies the of the issuer token resolver. The type must derive from .

Gets or sets the maximum clock skew that is configured for this token handler configuration element.

The maximum clock skew.

Gets or sets the name of the token handler configuration element.

The name of the identity configuration.

Gets or sets a value that indicates whether to save the bootstrap context in claims identities and session security tokens created by the handlers configured in this identity collection.

to save the ; otherwise, .

Gets or sets the service token resolver that is associated with this token handler configuration element.

A custom type element that specifies the of the service token resolver. The type must derive from .

Gets or sets the that is associated with this token handler configuration element.

The element that specifies whether token replay detection is enabled and specifies the maximum expiration period for tokens in the token replay cache.

Represents a element in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Gets or sets the name of the collection.

The name of the collection.

Gets or sets the default settings for the handlers in the collection.

The default settings for the handlers in the collection.

Represents the set of all of the elements under an element in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Gets a value that indicates whether this element has been configured with non-default values.

if the element has been configured with non-default values; otherwise, .

Defines the configuration for a security token service (STS). Classes that implement STSs derive from the class.

Initializes a new instance of the class.

Initializes a new instance of the class. Optionally loads settings from the current configuration.

to load settings from the configuration file; otherwise, .

Initializes a new instance of the class that has the specified issuer name.

The issuer name. Sets the property.

Initializes a new instance of the class that has the specified issuer name. Optionally loads settings from the current configuration.

The issuer name. Sets the property. to load settings from the configuration file; otherwise, .

Initializes a new instance of the class that has the specified issuer name and signing credentials.

The issuer name. Sets the property. The signing credentials for the STS. Sets the property.

Initializes a new instance of the class that has the specified issuer name and signing credentials. Optionally loads settings from the current configuration.

The issuer name. Sets the property. The signing credentials for the STS. Sets the property. to load settings from the configuration file; otherwise, .

Initializes a new instance of the class that has the specified issuer name and signing credentials. Settings are loaded from the specified named configuration.

The issuer name. Sets the property. The signing credentials for the STS. Sets the property. The name of the element from which the configuration is to be loaded.

Creates an security token service (STS) instance from the specified in the property.

An instance of the specified in the property.

Gets or sets the default key size limit in bits used check if the KeySize specified in the request is within this limit.

The default key size limit, in bits. The default is 1024.

Gets or sets the default key size in bits used in the issued token.

The key size used in the issued token, in bits. The default is 256.

Gets or sets the default lifetime used in the issued tokens.

The default lifetime to use in issued tokens. The default is 1 day.

Gets or sets the default token type that is used in token issuance.

A string that contains the default token type. The specified value is or empty. The specified value is not defined in the token handlers.

Gets or sets a value that specifies whether WSDL generation should be enabled for the security token service (STS).

to enable WSDL generation for the STS; otherwise, . The default is .

Gets or sets the maximum token lifetime for issued tokens.

The maximum token lifetime for issued tokens. The default is 1 day.

Gets or sets the of the security token service (STS).

The type of the security token service. The type must derive from the class. The specified value is not assignable as . The specified value is .

Gets or sets the signing credentials.

The signing credentials.

Gets or sets the issuer name so that it can be set in the issued token.

The issuer name. An attempt to set the property to or an empty string occurs.

Gets or sets the WS-Trust 1.3 Request (RST) serializer.

The WS-Trust 1.3 Request (RST) serializer. The specified value is .

Gets or sets the WS-Trust 1.3 Response (RSTR) serializer.

The WS-Trust 1.3 Response (RSTR) serializer. The specified value is .

Gets or sets the WS-Trust Feb 2005 Request (RST) serializer.

The WS-Trust Feb 2005 Request (RST) serializer. The specified value is .

Gets or sets the WS-Trust Feb 2005 Response (RSTR) serializer.

The WS-Trust Feb 2005 Response (RSTR) serializer. The specified value is .

Represents the section in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Gets the current reference.

The current reference.

Gets the default (unnamed) from the configuration file.

The default (unnamed) element.

Gets the from the configuration file.

A collection that contains all of the elements in the section.

The name of the configuration section as defined by Windows Identity Foundation (WIF); system.identityModel.

Represents a element in a configuration file. This class cannot be inherited.

Initializes a new instance of the class

Gets or sets a value that indicates if replay detection should be performed.

to perform replay detection; otherwise, .

Gets or sets the maximum amount of time before an item is considered expired and removed from the cache.

The maximum amount of time before an item is considered expired and removed from the cache.

Represents the element in a configuration file. This class cannot be inherited.

Initializes a new instance of the class.

Gets or sets the certificate validation mode.

The certificate validation mode. The default is .

Gets or sets the type of the X.509 certificate validator.

An element that wraps the type of the X.509 certificate validator.

Gets or sets the revocation mode.

The revocation mode. The default is .

Gets or sets the trusted store location for X.509 certificates.

The store location for X.509 certificates. The default is .

The abstract base class for classes that apply a reversible data transform to cookie data.

Called from constructors in derived classes to initialize the class.

When overridden in a derived class, reverses the transform.

The encoded form of the cookie. The decoded byte array.

When overridden in a derived class, applies the transform.

The byte array to be encoded. The encoded cookie.

Provides cookie compression using .

Initializes a new instance of the class.

Inflates data.

Data previously returned from The decoded data. is . contains zero bytes. The decompressed length is larger than the maximum length specified by the property.

Deflates data.

The data to be compressed. The compressed data. is . contains zero bytes.

Gets or sets the maximum size, in bytes, of a decompressed cookie.

The maximum size, in bytes, of a decompressed cookie.

A class that wraps a specified reader and delegates all calls to the wrapped reader.

Initializes a new instance of the class.

Gets the number of attributes at the current reader position.

The number of attributes.

Gets the base URI of the current node.

The base URI.

Closes the reader and changes the to Closed.

Gets the Depth of the current node.

The depth.

Gets a value that indicates whether the reader is positioned at the end of the stream.

if the user is at the end of the stream; otherwise, .

Gets the value of the attribute at the given index.

The index of the attribute. The index is 0 based index. The value of the attribute at the specified index.

Gets the value of the attribute with the given name.

The qualified name of the attribute. The value of the attribute. If the attribute is not found null is returned.

Gets the value of the attribute with the given name and namespace Uri.

The local name of the attribute. The namespace of the attribute. The value of the attribute. If the attribute is not found null is returned.

Gets a value that indicates whether the current node can have a .

if the current node can have a ; otherwise, .

Initializes this instance with the specified inner reader.

The reader that is to be wrapped by this instance. is .

Gets the inner reader that is wrapped by this instance.

The inner reader.

Gets a value that indicates whether the current node is an attribute that was generated from the default value defined in the DTD or Schema.

if the current node was generated from the default value; otherwise, .

Gets a value that indicates whether the current node is an empty element.

if the current node is an empty element; otherwise, .

Gets the value of the attribute with the specified index.

The index of the attribute. The attribute value at the specified index.

Gets the value of the attribute with the specified name (as returned by the property from the wrapped reader).

The qualified name of the attribute. The value of the specified attribute. If the attribute is not found, is returned.

Gets the value of the attribute with the specified local name and namespace URI (as returned by the property and the property from the wrapped reader.

The local name of the attribute. The namespace URI of the attribute. The value of the specified attribute. If the attribute is not found, is returned.

Gets the local name of the current node.

The name of the current node with the prefix removed.

Resolves a namespace prefix in the current element scope.

Prefix whose namespace Uri to be resolved. The namespace Uri to which the prefix matches or null if no matching prefix is found.

Moves to the attribute with the specified index.

The index of the attribute.

Moves to the attribute with the given local name.

The qualified name of the attribute. true if the attribute is found; otherwise, false.

Moves to the attribute with the specified System.Xml.XmlReader.LocalName and System.Xml.XmlReader.NamespaceURI.

The local name of the attribute. The namespace URI of the attribute. true if the attribute is found; otherwise, false.

Moves to a node of type Element.

true if the reader is positioned on an element else false

Moves to the first attribute.

Returns true if the reader is positioned at a attribute else false.

Moves the reader to the next attribute.

Returns true if the reader is positioned at an attribute else false.

Gets the qualified name of the current node.

The qualified name of the current node.

Gets the namespace URI of the current node.

The namespace URI of the current node.

Gets the associated with this instance.

The enabling you to get the atomized version of a string within the node.

Gets the type of the current node.

One of the values representing the type of the current node.

Gets the namespace prefix associated with the current node.

The namespace prefix associated with the current node.

Gets the quotation mark character used to enclose the value of an attribute node. (" or ').

The quotation mark character (" or ') used to enclose the value of an attribute node.

Reads the next node from the stream.

true if the next node was read successfully.

Parses the attribute value into one or more Text, EntityReference, or EndEntity nodes.

true if there are nodes to return.false if the reader is not positioned on an attribute node when the initial call is made or if all the attribute values have been read.

Reads the content and returns the Base64 decoded binary bytes.

The buffer into which to copy the resulting text. This value cannot be null. The offset into the buffer where to start copying the result. The maximum number of bytes to copy into the buffer. The number of bytes written to the buffer.

Reads the content and returns the BinHex decoded binary bytes.

Reads the content and returns the contained string.

Returns .

Gets the state of the reader.

One of the values that specifies the state of the reader.

Reads large streams of text embedded in an XML document.

The array of characters that serves as the buffer to which the text contents are written. This value cannot be null. The offset within the buffer where the System.Xml.XmlReader can start to copy the results. The maximum number of characters to copy into the buffer. The actual number of characters copied is returned from this method. The number of characters read into the buffer. The value zero is returned when there is no more text content.

Resolves the entity reference for EntityReference nodes.

Gets the text value of the current node.

The text value of the current node. For more information, see the property

Gets the Common Language Runtime (CLR) type of the current node.

The CLR type that corresponds to the typed value of the node. The default is .

Gets the scope.

The scope.

Gets the current scope.

One of the values. If no scope exists, this property defaults to .

A class that wraps a specified writer and delegates all calls to the wrapped writer.

Initializes a new instance of the class.

Returns a value indicating if the reader is capable of Canonicalization.

true if the reader is capable of Canonicalization; otherwise, false.

Closes the underlying stream.

Stops the canonicalization started by the matching call.

Flushes the underlying stream.

Initializes this instance with the specified inner writer.

The writer that is to be wrapped by this instance.

Initializes this instance with a writer to which all calls will be echoed and that will write non-canonical XML.

A writer to which all calls will be echoed. If , calls are not echoed.

Get the wrapped writer.

Returns a .

Returns the closest prefix defined in the current namespace scope for the namespace URI.

The namespace URI whose prefix you want to find. The matching prefix or null if no matching namespace URI is found in the current scope.

Indicates the start of canonicalization. Any write operation following this will canonicalize the data and will write it to the given stream.

Stream to which the canonical stream should be written. The value indicates if comments written should be canonicalized as well. Set of prefixes that needs to be included into the canonical stream. The prefixes are defined at the first element that is written to the canonical stream.

Encodes the specified binary bytes as Base64 and writes out the resulting text.

Byte array to encode. The position in the buffer indicating the start of the bytes to write. The number of bytes to write.

writes out a CDATA block containing the specified text.

The text to place inside the CDATA block.

Forces the generation of a character entity for the specified Unicode character value.

The Unicode character for which to generate a character entity.

When overridden in a derived class, writes text one buffer at a time.

Character array containing the text to write. The position in the buffer indicating the start of the text to write. The number of characters to write.

Writes out a comment containing the specified text.

Text to place inside the comment.

Writes the DOCTYPE declaration with the specified name and optional attributes.

The name of the DOCTYPE. This must be non-empty. If non-null it also writes PUBLIC "pubid" "sysid" where pubid and sysid are replaced with the value of the given arguments. If pubid is null and sysid is non-null it writes SYSTEM "sysid" where sysid is replaced with the value of this argument. If non-null it writes [subset] where subset is replaced with the value of this argument.

Closes the previous System.Xml.XmlWriter.WriteStartAttribute(System.String,System.String) call.

Closes any open elements or attributes and puts the writer back in the Start state.

Closes one element and pops the corresponding namespace scope.

Writes out an entity reference as name.

The name of the entity reference.

Closes one element and pops the corresponding namespace scope.

Writes out a processing instruction with a space between the name and text as follows: <?name text?>.

The name of the processing instruction. The text to include in the processing instruction.

When overridden in a derived class, writes raw markup manually from a character buffer.

Character array containing the text to write. The position within the buffer indicating the start of the text to write. The number of characters to write.

Writes raw markup manually from a string.

String containing the text to write.

Writes the start of an attribute with the specified local name and namespace URI.

The namespace prefix of the attribute. The local name of the attribute. The namespace URI for the attribute.

When overridden in a derived class, writes the XML declaration with the version "1.0".

When overridden in a derived class, writes the XML declaration with the version "1.0" and the standalone attribute.

If true, it writes "standalone=yes"; if false, it writes "standalone=no".

When overridden in a derived class, writes the specified start tag and associates it with the given namespace and prefix.

The namespace prefix of the element. The local name of the element. The namespace URI to associate with the element.

When overridden in a derived class, gets the state of the writer.

Returns an .

Writes the given text content.

The text to write.

Generates and writes the surrogate character entity for the surrogate character pair.

The low surrogate. This must be a value between 0xDC00 and 0xDFFF. The high surrogate. This must be a value between 0xD800 and 0xDBFF.

Writes out the given white space.

The string of white space characters.

Writes an attribute as a xml attribute with the prefix 'xml:'.

Localname of the attribute. Attribute value.

Writes an xmlns namespace declaration.

The prefix of the namespace declaration. The namespace Uri itself.

Wraps a reader that is pointing to enveloped signed XML to provide a reader that can be used to read the content without having to process the signature. The signature is automatically validated when the last element of the envelope is read. This class cannot be inherited.

Initializes a new instance of the class by using the specified reader and security token serializer.

A reader that is pointing to the enveloped signed XML. The token serializer to be used to deserialize the of the signature. is . -or- is .

Initializes a new instance of the class by using the specified reader, security token serializer, and token resolver.

Initializes a new instance of the class by using the specified reader, security token serializer, token resolver, and behavior.

A reader that is pointing to the enveloped signed XML. The token serializer to be used to deserialize the of the signature. The token resolver to be used to resolve the signing token. specifies that a default security token resolver should be used. if the signature is required; otherwise, . if the signature should be read; otherwise, . if intrinsic signing keys should be resolved; otherwise, . is . -or- is .

Reads the next node from the stream.

if the next node was read successfully; if there are no more nodes.

Gets the signing credentials that are used in the signature, after the envelope is consumed and when the signature is validated.

The signing credentials.

Reads the signature if the reader is currently positioned at a element.

if the signature was successfully read; otherwise, .

Wraps a writer and generates a signature automatically when the envelope has been completely written. This class cannot be inherited.

Initializes a new instance of the class.

The writer to wrap. The signing credentials to be used to generate the signature. The reference ID of the envelope. The token serializer to use to serialize the signature KeyInfo. is or empty. is . -or- is . -or- is .

Closes one element and pops the corresponding namespace scope.

Sets the position of the signature within the envelope. Call this method while writing the envelope to indicate at which point the signature should be inserted.

Writes the specified start tag and associates it with the specified namespace.

The namespace prefix of the element. The local name of the element. (The name of the element without the prefix.) The namespace URI to associate with the element.

The exception that is thrown when a configured limit or quota is exceeded.

Initializes a new instance of the class.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

Defines the application service descriptor and its endpoints.

Initializes an instance of the class.

Gets the endpoints of this application service.

The collection of endpoints for the application service.

Gets the passive requestor endpoints of this application service.

The collection of passive requestor endpoints for the application service.

Represents a contact person in SAML 2.0 metadata.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified contact type.

The contact type.

Gets or sets the company name.

The company name.

Gets the collection of email addresses.

The collection of email addresses.

Gets or sets the given name.

The given name.

Gets or sets the surname.

The surname.

Gets or sets the collection of telephone numbers.

The collection of telephone numbers.

Gets or sets the contact type.

One of the enumeration values that specify the contact type.

Specifies the type of a contact.

An administrative contact.

A billing contact.

A contact with a type other than administrative, billing, support, technical, or unspecified.

A support contact.

A technical contact.

A contact with a type that is not specified.

Represents the displayable claim object.

Initializes a new instance of the class that has the specified claim type.

The claim type for the display claim. Initializes the property. is or an empty string.

Initializes a new instance of the class that has the specified claim type, display name, and description.

Initializes a new instance of the class that has the specified claim type, display name, display value, and description. The claim is required.

The claim type for the display claim. Initializes the property. The display name (or friendly name) for the display claim. Initializes the property. The description for the display claim. Initializes the property. The display value for the display claim. Initializes the property. is or an empty string.

Initializes a new instance of the class that has the specified claim type, display name, display value, description, and optional attribute.

Gets the claim type associated with the display claim.

A URI that represents the claim type.

Creates a display claim from the specified claim type.

The URI that represents the claim type. Returns .

Gets or sets a description for the display claim.

The description for the display claim.

Gets or sets the friendly name for the display claim.

The friendly name for the display claim.

Gets or sets a displayable value for the display claim.

The displayable value for the display claim.

Gets or sets the optional attribute for the display claim

if the display claim is optional; otherwise, . The default is .

Gets or sets a value that indicates whether the optional attribute will be serialized.

to serialize the optional attribute; otherwise, false. The default value is .

Defines the encryption method.

Initializes a new instance of the class that has the specified encryption algorithm.

The encryption algorithm URI. is .

Gets or sets the encryption method algorithm attribute.

The encryption algorithm URI.

Represents a collection of entities.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified collection of child .

The entities descriptor collection. Initializes the property.

Initializes a new instance of the class with the specified collection of child .

The entity descriptor collection. Initializes the property.

Initializes a new instance of the class with the specified collection of child and the specified collection of child .

The entity descriptor collection. Initializes the property. The entities descriptor collection. Initializes the property.

Gets the child for this entities collection.

The collection of child . The default is an empty collection.

Gets the child for this entities collection.

The collection of child for this entity. The default is an empty collection.

Gets or sets the name of this entities collection.

The name of the entities collection. The default is .

Represents an entity descriptor.

Initializes a new instance of the class.

Initializes a new instance of the class that has the specified entity ID.

The entity ID. Initializes the property.

Gets the collection of for this descriptor.

The collection of contact person objects. The default is an empty collection.

Gets or sets the entity ID for this descriptor.

The entity ID. The default is .

Gets or sets the federation ID for this descriptor.

The federation ID. The default is .

Gets or sets the organization for this descriptor.

The organization. The default is .

Gets the collection of role descriptors for this descriptor.

The collection of role descriptors. The default is an empty collection.

Represents an entity ID.

Initializes a new instance of the class.

Initializes a new instance of the class that has the specified ID.

The ID with which to initialize the new instance. Initializes the property.

Gets or sets the entity ID.

The entity ID. An attempt to set an entity ID longer than 1024 characters occurs.

The identity provider single sign-on descriptor (IDPSSODescriptor) class.

Initializes a new instance of the class.

Gets the collection of representing single sign-on services.

The collection of protocol endpoints that represent single sign-on services. The default is an empty collection.

Gets the supported collection.

The collection of supported attributes. The default is an empty collection.

Gets or sets a value that indicates whether authentication requests should be signed.

if authentication requests should be signed; otherwise, . The default is .

Defines an indexed .

Initializes a new instance of the class.

Initializes a new instance of the class that has the specified index, binding, and location.

The index. The binding. The location.

Gets or sets the index. This is a required element.

The index.

Gets or sets a value that indicates whether this is the default endpoint. This is optional.

if this is the default endpoint; otherwise, . Can be . The default is .

A sorted list of .

Initializes a new instance of the class.

Gets the default .

The default . if no default exists.

Defines the key descriptor.

Initializes a new instance of the class with default values.

Initializes a new instance of the class by using the specified key identifier.

The key identifier for this instance.

Gets the collection of for this key descriptor.

The collection of encryption methods. The default is an empty collection.

Gets or sets the key identifier for this key descriptor.

The key identifier. The default is .

Gets or sets the for this key descriptor.

One of the enumeration values that specifies the key type. The default is .

Defines the key types for the property.

The key is used for encryption.

The key is used for signing.

The key type is not specified.

The abstract base class that defines a localized entry.

Initializes a new instance of the class.

Initializes a new instance of the class for the specified culture.

The culture information. Initializes the property.

Gets or sets the culture information.

The culture information. An attempt to set the property to occurs.

A collection of objects.

The of the objects in the collection. Must derive from the class.

Initializes a new instance of the class.

Gets the key for the specified item.

The entry for which the key is to be returned. A that represents the key.

Defines a localized name.

Initializes a new instance of the class.

Initializes a new instance of the class that has the specified name and culture (language).

The name for this instance. Initializes the property. The that defines the language for this instance. Initializes the property.

Gets or sets the name.

The name.

Defines a localized URI.

Initializes a new instance of the class.

Constructs a with the and .

The URI for this instance. Initializes the property. The that defines the language for this instance. Initializes the property.

Gets or sets the URI.

The URI.

Defines the SAML metadata base class.

Called from constructors in derived classes to initialize the class.

Gets or sets the signing credentials.

The signing credentials. The default is .

The exception that is thrown when an error occurs while serializing or deserializing SAML metadata.

Initializes a new instance of the class.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

Provides support for Metadata Serialization

Initializes a new instance of the class with a default token serializer.

Initializes a new instance of the class that uses the specified token serializer.

The token serializer that will be used to serialize security tokens. is .

Gets or sets the validation mode of the X.509 certificate that is used to sign the metadata document.

One of the enumeration values that specifies the X.509 certificate validation mode. The default is specified by .

Gets or sets the certificate validator for the X.509 certificate that is used to sign the metadata document.

The certificate validator for the X.509 certificate.

Creates an application service descriptor.

The application service descriptor.

Creates a contact person.

The contact person.

Creates an entities descriptor.

The entities descriptor.

Creates an entity descriptor.

The entity descriptor.

Creates an IDPSSO descriptor.

The IDPSSO descriptor.

Creates an indexed enpoint.

The indexed endpoint.

Creates a key descriptor.

The key descriptor.

Creates a localized name.

The localized name.

Creates a localized URI.

The localized URI.

Creates an organization.

The organization.

Creates an endpoint.

The endpoint.

Creates a security token service descriptor.

The security token service descriptor.

Creates an SPSSO descriptor.

The SPSSO descriptor.

Gets the X.509 certificate created from the specified key identifier.

The key identifier from which to create the X.509 certificate. The X.509 certificate that was created from the specified key identifier. is . Cannot find a key identifier clause of type in . Enforces the default behavior, you can override this method to support other key identifier clauses.

A string constant that defines the language attribute, "xml:lang".

A string constant that defines the language local name, "lang".

A string constant that defines the language namespace URI, "http://www.w3.org/XML/1998/namespace".

A string constant that defines the language prefix, "xml".

Reads an application service descriptor.

The XML reader. The application service descriptor. is .

Reads the <saml:Attribute> element.

The XML reader. The Saml2 attribute. is .

Reads a contact person.

The XML reader. A contact person. is .

Extensibility point for reading custom attributes.

The XML reader. An object of type . The type that represents the metadata element that is being read; for example, .

Extensibility point for reading custom elements. By default, returns .

The XML reader. An object of type . The type that represents the metadata element that is being read; for example, . if an element of type is read; otherwise, .

Extensibility point for reading custom RoleDescriptors.

The xsi type The XML reader. The entity descriptor for adding the Role Descriptors

Reads a display claim.

The XML reader. The display claim. is . Thrown if the XML is not well-formed.

Reads an entities descriptor.

The XML reader. The security token resolver. The entities descriptor. is . Thrown if the XML is not well-formed.

Reads an entity descriptor.

The XML reader. The security token resolver. An entity descriptor. is .

Reads an IDPSSO descriptor.

The XML reader. The IDPSSO descriptor. is .

Reads an indexed endpoint.

The XML reader. An indexed endpoint. is .

Reads a key descriptor.

The XML reader. The key descriptor. is .

Reads a localized name.

The XML reader. A localized name. is .

Reads a localized URI.

The XML reader. A localized URI. is .

Reads the specified stream to deserialize an entity descriptor or an entities descriptor.

The stream to read. The descriptor. An instance of the or class. is .

Reads the specified XML reader to deserialize an entity descriptor or an entities descriptor.

The XML reader to be read. The descriptor. An instance of the or class. is .

Read the given XmlReader to deserialize an entity descriptor or an entities descriptor.

The XML reader to be read. The token resolver to use to resolve the signature token. The descriptor. An instance of the or class. is . -or- is .

Reads an entity descriptor or an entities descriptor.

The XML reader. The security token resolver. The descriptor. An instance of the or class. is . -or- is . The reader is not positioned on an or an element.

Reads an organization.

The XML reader. An organization. is .

Reads an endpoint.

The XML reader. An endpoint. is .

Reads role descriptor attributes.

The XML reader. The role descriptor. is . -or- is . -or- The property of is .

Reads role descriptor elements.

The XML reader. The role descriptor. if an element is read; otherwise, . is . -or- is . -or- The property of is . The property of is .

Reads a security token service descriptor.

The XML reader. A security token service descriptor. is .

Reads an SPSSO descriptor.

The XML reader. An SPSSO descriptor. is . The XML was not valid.

Reads SSO descriptor attributes.

The XML reader. The SSO role descriptor. is . -or- is .

Reads SSO descriptor elements.

The XML reader. The SSO descriptor. if an element is read; otherwise, . is . -or- is .

Reads web service descriptor attributes.

The XML reader. The web service descriptor. is . -or- is .

Reads web service descriptor elements.

The XML reader. The web service descriptor. if an element is read; otherwise, . is . -or- is . -or- The property of is . -or- The property of is . -or- The property of is . The parameter reader/roleDescriptor/roleDescriptor.TargetScopes/roleDescriptor.TargetScopes/roleDescriptor.TokenTypesOffered is null.

Gets or sets the revocation mode of the X.509 certificate that is used to sign the metadata document.

One of the enumeration values that specifies the X.509 certificate revocation mode. The default is specified by .

Gets the token serializer that is used by the current instance to serialize security tokens.

The token serializer that is used by the current instance.

Gets the list of trusted issuers that are trusted to sign the metadata document by the current instance.

The list of trusted issuers.

Gets or sets the trusted store location of the X.509 certificate that is used to sign the metadata document.

One of the enumeration values that specify the X.509 certificate store location. The default is specified by .

Validates the X.509 certificate that signed the metadata document against the trusted issuers list specified by the property. This method is invoked by the method.

The signing certificate.

Validates the signing credentials of the metadata document.

The credentials that were used to sign the metadata document. is .

Writes an application service descriptor.

The XML writer. The application service descriptor. is . -or- is . -or- The property of is . -or- The property of is .

Writes the <saml:Attribute> element.

The XML writer. The Saml2 attribute. is . -or- is .

Writes a contact person.

The XML writer. The contact person. is . -or- is . -or- The property of is . -or- The property of is .

Extensible point to write custom attributes.

The XML writer. The source element of type . The type that represents the element whose attribute is being written. For example .

Extensible point to write custom elements.

The XML writer. The source element of type . The type that represents the element that is being written.

Writes a display claim.

The XML writer. The display claim to write.

Writes an entities descriptor.

The XML writer. The entities descriptor. is . -or- is . -or- The property of is . -or- The property of is .

Writes an entity descriptor.

The XML writer. The entity descriptor. is . -or- is . -or- The property of is . -or- The property of is .

Writes an IDPSSO descriptor.

The XML writer. The IDPSSO descriptor. is . -or- is . -or- The property of is . -or- The property of is .

Writes an indexed endpoint.

The XML writer. The indexed endpoint. The XML qualified element. is . -or- is . -or- is .

Writes a key descriptor.

The XML writer. The key descriptor. is . -or- is .

Writes a localized name.

The XML writer. The localized name. The xml qualified name. is . -or- is . -or- is .

Writes a localized URI

The XML writer. The localized URI. The xml qualified name. is . -or- is . -or- is .

Writes the federation metadata to the specified stream.

The stream to which to write the federation metadata. The metadata to write. is . -or- is .

Writes the federation metadata to the specified XML writer.

The XML writer to which to write the federation Metadata The metadata to write. is . -or- is .

Writes the metadata.

The XML writer. The SAML metadata base. An instance of the or class. is . -or- is . is not assignable from or .

Writes an organization.

The XML writer. The organization. is . -or- is .

Writes an endpoint.

The XML writer. The endpoint. The xml qualified name element. is . -or- is . -or- is .

Writes role descriptor attributes.

The XML writer. The role descriptor. is . -or- is . -or- The property of is .

Writes the role descriptor element.

The XML writer. The role descriptor. is . -or- is . -or- The property of is . The property of is .

Writes a security token service descriptor.

The XML writer. The security token service descriptor. is . -or- is . -or- The property of is . -or- The property of is .

Writes an SPSSO descriptor.

The XML writer. The SPSSO descriptor. is . -or- is . -or- The property of is .

Writes the SSO descriptor attributes.

The XML writer. The SSO descriptor. is . -or- is .

Writes the SSO descriptor element.

The XML writer. The SSO descriptor. is . -or- is .

Writes the web service descriptor attributes.

The XML writer. The web service descriptor. is . -or- is .

Writes a web service descriptor element.

The XML writer. The web service descriptor. is . -or- is . -or- The property of is . -or- The property of is . -or- The property of is . The parameter reader/roleDescriptor/roleDescriptor.TargetScopes/roleDescriptor.TargetScopes/roleDescriptor.TokenTypesOffered is null.

Defines an organization.

Initializes a new instance of the class.

Initializes a new instance of the class that has the specified collection of names, display names, and URIs.

A collection of that contains the names for this instance. A collection of that contains the display names for this instance. A collection of that contains the URLs for this instance. If any of the input parameters is null.

Gets the collection of display names associated with the organization. This is a required element.

The collection of display names.

Gets the collection of names associated with the organization. This is a required element.

The collection of names.

Gets the collection of URLs associated with the organization. This is required element.

The collection of URL entries.

This class defines a protocol endpoint.

Initializes a new instance of the class.

Initializes a new instance of the class that has the specified binding and location.

The URI that represents the binding for the new instance. Initializes the property. The URI that represents the location for the new instance. Initializes the property.

Gets or sets the binding. This is a required element.

The URI that represents the binding for the current instance.

Gets or sets the location. This is a required element.

The URI that represents the location for the current instance.

Gets or sets the response location. This is an optional element.

The URI that represents the response location for the current instance. The default is .

Defines a role descriptor.

Initializes a new instance of the class.

Initializes a new instance of the class that has the collection of supported protocols.

The supported protocol collection. Initializes the property.

Gets the collection of .

The collection of contact persons for this role descriptor.

Gets or sets the error URL.

The error URL for this role descriptor.

Gets the collection of .

The collection of key descriptors for this role descriptor.

Gets or sets the .

The organization for this role descriptor.

Gets the collection of protocols supported.

The collection of supported protocols for this role descriptor.

Gets or sets the expiration time.

The expiration time for this role descriptor.

Defines a Service Descriptor for a security token service.

Initializes a new instance of the class.

Gets the collection of that represents the passive requestor endpoints.

The collection of passive requestor endpoints.

Gets the collection of that represents the endpoints of the security token service.

The collection of endpoints.

Defines a descriptor for a Service Provider SSO (SPSSO).

Initializes a new instance of the class.

Initializes a new instance of the class that has the specified dictionary of indexed endpoints.

An object for this instance. Initializes the property.

Gets the that contains the indexed endpoints that support the profiles of the Authentication Request protocol that is defined in [SAMLProf].

The for this instance.

Gets or sets a value that indicates whether requests sent by the service provider will be signed.

if authentication requests sent by the service provider will be signed; otherwise, . The default is .

Gets or sets a value that indicates whether assertions received by the service provider should be signed.

if assertions received by the service provider should be signed; otherwise, . The default is .

Defines an SSO descriptor.

Initializes a new instance of the class.

Gets an object that contains the indexed endpoints for the artifact resolution services.

The that contains the indexed endpoints for the artifact resolution services.

Gets the collection of URIs that represent the supported name identifier formats.

The collection of URIs that represent the supported name identifier formats.

Gets a collection of single logout service endpoints.

The collection of single logout service endpoints.

Defines a web service descriptor.

Initializes a new instance of the class.

Gets a collection of that represents the claim types offered.

The collection of offered claim types.

Gets a collection of that represents the claim types requested.

The collection of requested claim types.

Gets or sets the service description.

The service description.

Gets or sets the service display name.

The service display name.

Gets a collection of that represents the target scopes.

The collection of target scopes.

Gets the collection of token types offered.

The collection of token types offered.

An abstract class that provides a generic property bag to derived classes.

Called from derived classes to initialize the class.

Gets the properties bag to extend the object.

The properties bag to extend the object.

The result of evaluating all authorization policies available from the tokens in the sent message and by calling the method.

Initializes a new instance of the class.

Gets the set of claims associated with an authorization policy.

A of type that contains the set of claims.

Evaluate all of the specified authorization policies and create an .

An of that contains the set of authorization policies. An that contains the result of evaluating all the specified authorization policies.

Gets the date and time at which this object is no longer valid.

A value that indicates the date and time when this object is no longer valid.

Gets a unique identifier for this object.

A object.

Gets a collection of non-claim properties associated with this object.

A that specifies a collection of non-claim properties.

When overridden in a derived class, represents the results of the authorization policies that have been evaluated.

Initializes a new instance of the class.

Adds a set of claims to the evaluation context.

An that represents the authorization policy that is adding claims to the evaluation context. A that contains a set of claims.

Gets a read-only collection of objects that contains the claims added by authorization policies that have been evaluated.

A objects that contains the claims added by authorization policies that have been evaluated.

Gets the number of times that claims have been added to the evaluation context.

The number of times that claims have been added to the evaluation context.

Gets a collection of non-claim properties associated with this .

A that specifies a collection of non-claim properties.

Sets the date and time at which this is no longer valid.

A value that indicates the date and time when this object is no longer valid.

Represents a component that is used to authorize users.

Gets a string that identifies this authorization component.

A string that identifies this authorization component.

Defines a set of rules for authorizing a user, given a set of claims.

Evaluates whether a user meets the requirements for this authorization policy.

An that contains the claim set that the authorization policy evaluates. A , passed by reference that represents the custom state for this authorization policy. if the method for this authorization policy must be called if additional claims are added by other authorization policies to ; otherwise, to state no additional evaluation is required by this authorization policy.

Gets a claim set that represents the issuer of the authorization policy.

A that represents the issuer of the authorization policy.

Provides cookie integrity and confidentiality by using the class. This class cannot be inherited.

Creates a new instance of the class.

Verifies data protection and returns the decrypted data.

Data previously returned from the method. The decrypted data that was originally protected. is . contains zero bytes.

Protects (encrypts) the specified data.

The data to be protected (encrypted). The protected (encrypted) data. is . contains zero bytes.

Represents the auth:AdditionalContext element defined in the authorization extensions to WS-Trust. These extensions are defined in the WS-Federation specification.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified context items.

An of objects. is .

Gets the collection of context items for this instance.

An of objects that provide context for the request (RST) as a collection of name-value pairs. The default is an empty list.

Represents the contents of a WS-Trust BinaryExchange element.

Creates a new instance of the class with the specified data and ValueType URI.

The binary data exchanged. A that represents the value type of the binary data. is . -or- is . is not an absolute URI.

Creates a new instance of the with the specified data, ValueType URI, and EncodingType URI.

The binary data exchanged. A that represents the value type of the binary data. A that specifies the encoding type to be used for encoding the binary data. is . -or- is . -or- is . is not an absolute URI. -or- is not an absolute URI.

Gets the binary data associated with the BinaryExchange element.

An array of that contains the binary data.

Gets the EncodingType URI.

A that contains the encoding type. This is the value of the EncodingType attribute of the BinaryExchange element.

Gets the ValueType URI.

A that contains the value type. This is the value of the ValueType attribute of the BinaryExchange element.

Represents the auth:ContextItem element defined in the authorization extensions to WS-Trust. These extensions are defined in the WS-Federation specification.

Initializes a new instance of the class with the specified Name URI.

A that indicates the context item name. is . is not an absolute URI.

Initializes a new instance of the class with the specified Name URI and value.

A that indicates the context item name. The context item value. Can be . is . is not an absolute URI.

Initializes a new instance of the class with the specified Name URI, value, and Scope URI.

A that indicates the context item name. The context item value. Can be . The context item scope. Can be . is . is not an absolute URI. -or- is not and is not an absolute URI.

Gets or sets the Name URI.

A that contains the value of the Name attribute.

Gets or sets the Scope URI.

A that contains the value of the Scope attribute. Can be . An attempt is made to set a value that is not and is not an absolute URI.

Gets or sets the value of the context item.

The value of the ContextItem element. Can be .

Represents a wsa:EndpointReference element.

Initializes a new instance of the class with the specified URI.

An absolute URI that specifies the address of the endpoint reference. Initializes the property. is not an absolute URI. is .

Gets a collection of the XML elements that are contained in the endpoint reference. The wsa:Address element is not included in the collection.

A collection of the XML elements that are contained in the endpoint reference.

Reads a wsa:EndpointReference element from the specified XML dictionary reader.

The XML dictionary reader from which to read the endpoint reference. The endpoint reference read from the XML dictionary reader or if the wsa:EndpointReference element cannot be read.

Reads a wsa:EndpointReference element from the specified XML reader.

The XML reader from which to read the endpoint reference. The endpoint reference read from the XML dictionary reader or if the wsa:EndpointReference element cannot be read.

Gets the URI that specifies the address of the endpoint reference.

The address of the endpoint reference.

Writes the as a <wsa:EndpointReference> element to the specified XML writer.

The XML writer to which to write the endpoint reference.

Represents the entropy used in both token request messages and token response messages.

Initializes a new instance of the class for sending entropy in binary secret format.

An array of bytes that contains the key material.

Initializes a new instance of the class for sending entropy in encrypted key format.

An array of bytes that contains the key material. An that represents the credentials used to encrypt the key material.

Initializes a new instance of the class with the specified protected key.

A that represents the protected key which can be either a binary secret or an encrypted key.

Initializes a new instance of the class with randomly generated bytes.

The entropySizeInBits of the key material inside the entropy.

The exception that is thrown when the request (RST) is invalid or malformed.

Initializes a new instance of the class.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

Defines protocol-agnostic URIs that are used in the token request (RST) or response (RSTR) to indicate the desired or required key type.

A URI that represents the asymmetric key type; http://schemas.System.com/idfx/keytype/asymmetric.

A URI that represents the bearer key type; http://schemas.System.com/idfx/keytype/bearer.

A URI that represents the symmetric key type; http://schemas.System.com/idfx/keytype/symmetric.

Represents the element.

Initializes a new instance of the class with the specified creation and expiration time.

A that represents the token creation time in UTC. A that represents the token expiration time in UTC. The time specified by occurs before the time specified by .

Initializes a new instance of the class with the specified creation and expiration time.

A that specifies the token creation time in UTC. Can be . A that specifies the token expiration time in UTC. Can be . The time specified by occurs before the time specified by .

Gets the token creation time in UTC time.

A that represents the UTC time at which the token is created. Can be .

Gets the token expiration time in UTC time.

A that represents the UTC time at which the token expires. Can be .

Represents a WS-Trust Participants element. The wst:Participants element is an extension to the wst:RequestSecurityToken element and is used to pass information about which parties are authorized to participate in the use of the token.

Initializes a new instance of the class.

Gets the list of participants that are allowed to use the token.

The list of participants. Each item in the list contains the contents of a wst:Participant element.

Gets or sets the primary user of the issued token.

An that contains the address of the primary user of the token. This is the contents of the wst:Primary element.

Represents the contents of a wst:Entropy or a wst:RequestedProofToken element inside the RequestSecurityToken and RequestSecurityTokenResponse.

Initializes a new instance of the class with no encryption.

An array of that contains the key material to be protected.

Initializes a new instance of the class using the specified encrypting credentials.

An array of that contains the key material to be protected. An that contains the credentials used to encrypt the key material.

Gets the key material.

An array of that contains the key material.

Gets the encrypting credentials for the key.

A that represents the credentials used to encrypt the key. indicates that the key is not encrypted.

Represents the wst:Renewing element in a WS-Trust renew request.

Initializes a new instance of the class with default property values.

Initializes a new instance of the class with the specified values.

if renewal is permitted; otherwise, . if the requested token can be renewed after it has expired; otherwise, .

Gets or sets a value that indicates whether the token can be renewed.

if renewal is permitted; otherwise, .

Gets or sets a value that indicates whether the token can be renewed after it has expired.

if the requested token can be renewed after it has expired; otherwise, .

Represents a single requested claim in a security token request (RST).

Initializes a new instance of the class with the specified claim type.

The URI that represents the claim type.

Initializes a new instance of the class with the specified claim type and a value that indicates whether the claim is optional.

The URI that represents the claim type. if the claim is optional in the response; otherwise, .

Initializes a new instance of the class with the specified claim type, claim value, and a value that indicates whether the claim is optional.

The URI that represents the claim type. if the claim is optional in the response; otherwise, . The value of the claim.

Gets the type of the requested claim.

The URI that represents the claim type.

Gets or sets a value that indicates whether the request claim is optional in the response.

if the claim is optional in the response; otherwise, .

Gets or sets the requested claim value.

The value of the claim.

Represents a collection of the objects inside .

Initializes a new instance of the class.

Gets or sets the Dialect attribute.

A string that contains the URI that identifies the dialect. The default value is System.IdentityModel.Protocols.WSTrust.WSIdentityConstants.Dialect, which indicates that objects in the collection correspond to the Information Card profile.

Represents the contents of a wst:RequestedProofToken element.

Initializes a new instance of the class using the specified key material.

An array of that contains the key material.

Initializes a new instance of the class using the specified key material and encrypting credentials.

An array of that contains the key material. A that represents the credentials used to encrypt the key material.

Initializes a new instance of the class using the specified object.

A that represents the key, which can be either a binary secret or an encrypted key. is .

Initializes a new instance of the class using the specified computed key algorithm.

A string that contains a URI that indicates the algorithm used to compute the session key in the combined entropy case. is .

Gets the computed key algorithm used to calculate the session key in the combined entropy case.

A string that contains a URI that indicates the computed key algorithm.

Gets the key in the case when the wst:RequestedProofToken element contains a key.

A that represents the key, which can be either encrypted or clear text.

Represents the requested (issued) security token.

Initializes a new instance of the class using the issued token.

A that represents the requested security token. is .

Initializes a new instance of the class using the token XML.

An that contains the XML representation of the requested security token. is .

Gets the issued security token when the instance was created using the token itself.

A that represents the issued security token. if the instance was created using the token XML.

Gets the XML representation of the issued security token when the instance was created using the token XML.

An that contains the XML representation of the security token. if the instance was created using a object.

Represents the wst:RequestSecurityToken element (RST), which is used to request a security token.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified request type.

A string that contains the request type URI.

Initializes a new instance of the class with the specified request type.

A string that contains the request type URI. A string that contains the key type URI. This should be one of the constants defined by the class.

Gets or sets the security token for the identity that the requestor is attempting to act as.

A that represents the identity the requestor is attempting to act as. Can be .

Gets or sets the additional context information for the request.

An that contains the additional context information for the request. Can be .

Gets or sets the token to be canceled in a WS-Trust cancel request.

A that contains the token to be cancelled.

Gets the claim types requested by the client (requestor).

A that contains the requested claims. The default is an empty collection.

Gets a URI that represents the desired algorithm to use when computed keys are used for issued tokens.

A string that contains the URI that represents the computed key algorithm.

Gets or sets a value that specifies if the issued token should be marked as delegatable.

if the issued token is delegatable; otherwise, . Can be .

Gets or sets the identity to which the issued token should be delegated.

A that represents the identity to which the issued token should be delegated. Can be .

Gets or sets information on the token and key to use when encrypting.

A that contains the encrypting information.

Gets or sets a value that specifies if the issued token should be marked forwardable.

if the issued token is forwardable; otherwise, . Can be .

Gets or sets the issuer of the wst:OnBehalfOf token.

A that contains the address of the issuer.

Gets or sets the token for the identity on behalf of which the request is being made.

A that contains the token of the identity for which the request is being made.

Gets or sets the participants that are authorized to use the issued token.

A that contains the participants that are authorized to use the issued token.

Gets or sets the token to be used to encrypt the proof token.

A that contains the token.

Gets or sets the renew semantics for a WS-Trust renew request.

Returns that contains the renew semantics.

Gets or sets the token to be renewed in a WS-Trust renew request.

A that contains the token to be renewed.

Gets or sets parameters for which the requestor is not the originator.

A that contains secondary parameters for the request; that is, parameters for which the requestor is not the originator.

Gets or sets the token to be validated in a WS-Trust validate request.

A that contains the token to be validated.

Represents the wst:RequestSecurityTokenResponse element, which is used to return a security token.

Initializes a new instance of the class.

Initializes a new instance of the class based on the specified request message (RST) .

A that represents the request (RST). is .

Gets or sets the flag that determines if the RSTR is the final message and should be serialized as such.

if the RSTR is the final message; otherwise .

Gets or sets the security token reference when the requested token is attached to the message.

A that contains the reference.

Gets or sets the optional element used to return the proof of possession token.

A that represents the proof token.

Gets or sets the optional element used to return the requested security token.

A that represents the security token.

Gets or sets the wst:RequestedTokenCancelled element.

if the token was cancelled; otherwise .

Gets or sets the security token reference when the requested token is not attached to the message.

A that contains the reference.

Gets or sets the wst:Status element in the RSTR.

A that contains status information for a WS-Trust Validation request.

Defines protocol-agnostic RequestType URI strings.

A string constant that represents a protocol-agnostic URI for a WS-Trust Cancel request; http://schemas.System.com/idfx/requesttype/cancel.

A string constant that represents a protocol-agnostic URI for a WS-Trust GetMetadata request; http://schemas.System.com/idfx/requesttype/getMetadata.

A string constant that represents a protocol-agnostic URI for a WS-Trust Issue request; http://schemas.System.com/idfx/requesttype/issue.

A string constant that represents a protocol-agnostic WS-Trust IssueCard request; http://schemas.System.com/idfx/requesttype/issueCard.

A string constant that represents a protocol-agnostic URI for a WS-Trust Renew request; http://schemas.System.com/idfx/requesttype/renew.

A string constant that represents a protocol-agnostic URI for a WS-Trust Validate request; http://schemas.System.com/idfx/requesttype/validate.

Represents the result of a WS-Trust Validation request.

Initializes a new instance of the class with the specified status code and reason.

A string that contains the status code URI. A string that contains a human-readable reason. The reason is optional; can be . is .

Gets or sets the status code for the WS-Trust Validation binding in the RSTR.

A string that contains a status code URI.

Gets or sets the optional status reason for the WS-Trust Validation binding in the RSTR.

A string that contains the reason.

Represents the contents of the wst:UseKey element.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified security key identifier.

A that represents the existing key that should be used.

Initializes a new instance of the class using the specified security key identifier and security token.

A that represents the existing key that should be used. A that represents the existing key that should be used.

Initializes a new instance of the class using the specified security token.

A that represents the existing key that should be used.

Gets the security key identifier

A that represents the security key identifier.

Gets the security token if the serializer cannot convert it to the security key identifier.

A that represents the token.

Class for serializing and deserializing WS-Trust 1.3 RequestSecurityToken (RST) messages.

Initializes a new instance of the class.

Checks if the given reader is positioned at a element with the namespace "http://docs.oasis-open.org/ws-sx/ws-trust/200512".

The object from which to read. if the reader is positioned at a RequestSecurityToken element with namespace "http://docs.oasis-open.org/ws-sx/ws-trust/200512"; otherwise, . is .

Special case for reading inside a WS-Trust 1.3 RST.

The object pointing at the element inside the RST. A that contains the current serialization context. A that contains the SecondaryParameters found in the RST. is . -or- is . An inner element was found while processing the outer element.

Deserializes the RST from an object to a object.

An XML reader over the RST. A that contains the current serialization context. A object if the deserialization was successful. is . -or- is . There was an error parsing the RST.

Reads a child element inside the RST. Override of the base class method.

An object positioned at an element to read inside the RST. The object that is being populated from the reader. A that contains the current serialization context. is . -or- is . -or- is . Unable to deserialize the current parameter.

Writes the supported elements on the object to the stream.

The object being serialized. The object to write to. A that contains the current serialization context. is . -or- is . -or- is .

Serializes the specified object into the object.

The object to be serialized. The object to write to. A that contains the current serialization context. is . -or- is . -or- is .

Writes the specified RST parameter to the outgoing stream. Override of the base class method.

The object to which the RST is being serialized. The local name of the element to be written. The value of the element. The object that is being serialized. A that contains the current serialization context. is or an empty string. , , or is .

Class for serializing and deserializing WS-Trust 1.3 RequestSecurityTokenResponse (RSTR) messages.

Initializes a new instance of the class.

Checks if the specified XML reader is positioned at a RequestSecurityTokenResponse or a RequestSecurityTokenResponseCollection element with namespace "http://docs.oasis-open.org/ws-sx/ws-trust/200512".

The object from which to read. if the reader is positioned at a RequestSecurityTokenResponse or a RequestSecurityTokenResponseCollection element with namespace "http://docs.oasis-open.org/ws-sx/ws-trust/200512"; otherwise, . is .

Deserializes the RSTR from an object to a object.

The XML reader over the RSTR. A that contains the current serialization context. A object if the deserialization was successful. is . -or- is .

Reads a specific child element inside the RSTR.

An object positioned at an element to read inside the RSTR. The element that is being populated from the reader. A that contains the current serialization context. is . -or- is . -or- is . Unable to deserialize the current parameter.

Writes the supported elements on the object to the outgoing stream.

The object to serialize. The object to write to. A that contains the current serialization context. is . -or- is . -or- is .

Serializes the specified object into the object.

The object to serialize. The object to write to. A that contains the current serialization context. is . -or- is . -or- is .

Writes the specified RSTR element to the outgoing stream. Override of the base class method.

The object to which the RSTR is being serialized. The local name of the element to be written. The value of the element. The object that is being serialized. A that contains the current serialization context. is . -or- is . -or- is . elementName is or an empty string.

Class for serializing and deserializing WS-Trust Feb 2005 RequestSecurityToken (RST) messages.

Initializes a new instance of the class.

Checks if the given reader is positioned at a RequestSecurityToken element with the namespace "http://schemas.xmlsoap.org/ws/2005/02/trust".

The object from which to read. if the reader is positioned at a RequestSecurityToken element with namespace "http://schemas.xmlsoap.org/ws/2005/02/trust"; otherwise, . is .

Deserializes the RST from an object to a object.

An XML reader over the RST. A that contains the current serialization context. A object if the deserialization was successful. is . -or- is . There was an error parsing the RST.

Reads a child element inside the RST. Override of the base class method.

Writes the supported elements on the object to the stream.

The object being serialized. The object to write to. A that contains the current serialization context. is . -or- is . -or- is .

Serializes the specified object into the object.

The object to be serialized. The object to write to. A that contains the current serialization context. is . -or- is . -or- is .

Writes the specified RST parameter to the outgoing stream. Override of the base class method.

Class for serializing and deserializing WS-Trust Feb 2005 RequestSecurityTokenResponse (RSTR) messages.

Initializes a new instance of the class.

Checks if the specified XML reader is positioned at a RequestSecurityTokenResponse element with namespace "http://schemas.xmlsoap.org/ws/2005/02/trust".

The object from which to read. if the reader is positioned at a RequestSecurityTokenResponse element with namespace "http://schemas.xmlsoap.org/ws/2005/02/trust"; otherwise, . is .

Deserializes the RSTR from an object to a object.

The XML reader over the RSTR. A that contains the current serialization context. A object if the deserialization was successful. is . -or- is .

Override of the base class that Reads a specific child element inside the RSTR.

Writes the supported elements on the object to the outgoing stream.

The object to serialize. The object to write to. A that contains the current serialization context. is . -or- is . -or- is .

Serializes the specified object into the object.

The object to serialize. The object to write to. A that contains the current serialization context. is . -or- is . -or- is .

Writes the specified RSTR element to the outgoing stream. Override of the base class method.

The Base class for RST and RSTR.

Initializes a new instance of the class.

Gets or sets the contents of the wst:AllowPostdating element.

if returned tokens should allow requests for postdated tokens; otherwise, .

Gets or sets the contents of the wsp:AppliesTo element.

An that represents the endpoint address for which the security token is desired.

Gets or sets the contents of the wst:AuthenticationType element.

A string that contains a URI that indicates the type of authentication desired.

Gets or sets the contents of the wst:BinaryExchange element.

A that contains the binary data exchanged. This includes the contents of the ValueType and EncodingType attributes as well as the actual data.

Gets or sets the contents of the wst:CanonicalizationAlgorithm element.

A string that contains a URI that indicates the canonicalization algorithm.

Gets or sets the contents of the Context attribute on the RST or RSTR.

A string that contains a URI that identifies the context of a request or response message.

Gets or sets the contents of the wst:EncryptionAlgorithm element.

A string that contains a URI that indicates the encryption algorithm.

Gets or sets the contents of the wst:EncryptWith element.

A string that contains a URI that indicates the desired encryption algoritm to be used with the issued security token. An attempt to set the property to or an empty string occurs.

Gets or sets the contents of the wst:Entropy element.

A that represents the contents of the entropy element.

Gets or sets the contents of the wst:KeySize element inside a RequestSecurityToken (RST) message.

The key size in bits. An attempt to set a value less than or equal to zero occurs.

Gets or sets the contents of the wst:KeyType element inside a RequestSecurityToken (RST) message.

A string that contains the URI that identifies the type of key desired.

Gets or sets the contents of the wst:KeyWrapAlgorithm element.

A string that contains the URI that identifies the key wrap algorithm.

Gets or sets the contents of the wst:Lifetime element inside a RequestSecurityToken (RST) message.

A that represents the desired time during which the returned token will be valid.

Gets or sets the address to be used for replying to the Relying Party.

A string that contains the address.

Gets or sets the wst:RequestType element.

A string that contains a URI that indicates the request type; for example, one of the constants defined in the class.

Gets or sets the contents of the wst:SignatureAlgorithm element.

A string that contains a URI that indicates the signature algorithm.

Gets or sets the contents of the wst:SignWith element.

A string that contains a URI that identifies the desired signature algorithm. An attempt to set the value to or an empty string occurs.

Gets or sets the contents of the wst:TokenType element.

A string that contains a URI that indicates the token type.

Gets or sets the contents of the wst:UseKey element.

A that contains the key.

The abstract base class that defines methods for serializing and deserializing versions of WS-Trust request (RST) messages.

Initializes a new instance of the class.

When overridden in a derived class, checks if the specified XML reader is positioned at a WS-Trust RequestSecurityToken element.

The object from which to read. if the reader is positioned at an RST element that the serializer can read; otherwise, .

Creates an instance of the class that this class can serialize or deserialize.

A object.

When overridden in a derived class, reads a custom element.

The object positioned on the current element. A that contains the current serialization context.

When overridden in a derived class, deserializes the RST from an object to a object.

The XML reader over the RST. A that contains the current serialization context. A object if the deserialization was successful.

When overridden in a derived class, reads a child element inside the RST.

An object positioned at an element to read inside the RST. The object that is being populated from the reader. A that contains the current serialization context.

Validates the object that has been deserialized.

The object to validate. is . A WS-Trust Issue request for an asymmetric key did not specify the UseKey element.

When overridden in a derived class, writes the supported elements on the object to the stream.

The object being serialized. The object to write to. A that contains the current serialization context.

When overridden in a derived class, serializes the specified object into the object.

The object to be serialized. The object to write to. A that contains the current serialization context.

When overridden in a derived class, writes a child element inside the RST.

The abstract base class that defines methods for serializing and deserializing versions of WS-Trust response (RSTR) messages.

Initializes a new instance of the class.

When overridden in a derived class, checks if the specified XML reader is positioned at a WS-Trust RequestSecurityTokenResponse element.

The object from which to read. if the reader is positioned at an RSTR element that this serializer can read; otherwise, .

Creates an instance of the class that this class can serialize or deserialize.

A object.

When overridden in a derived class, deserializes the RSTR from an object to a object.

The XML reader over the RSTR. A that contains the current serialization context. A object if the deserialization was successful.

When overridden in the derived class reads a child element inside the RSTR.

An object positioned at an element to read inside the RSTR. The element that is being populated from the reader. A that contains the current serialization context.

Validates the object that has been deserialized.

The object to validate. is .

When overridden in a derived class, writes the supported elements on the object to the outgoing stream.

The object to serialize. The to write to. A that contains the current serialization context.

When overridden in a derived class, serializes the specified object into the object.

The object to serialize. The to write to. A that contains the current serialization context.

When overridden in a derived class, writes a child element inside the RSTR.

Defines the serialization context for WS-Trust messages.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified object.

The object that contains the set of objects to use for serializing and validating tokens found in WS-Trust messages. is .

Initializes a new instance of the class with the specified , , and objects.

The object that contains the set of objects to use for serializing and validating tokens found in WS-Trust messages. The object to use to resolve security token references found in most elements of WS-Trust messages. The object to use to resolve security token references found in the wst:UseKey element of RST messages as well as the wst:RenewTarget element found in RST messages. is . -or- is . -or- is .

Gets the that contains the set of objects used for serializing and validating tokens found in WS-Trust messages.

A object.

Gets or sets the collection of objects used to serialize and validate security tokens found in WS-Trust messages.

A object.

Gets or sets the object used to resolve security token references found in most elements of WS-Trust messages.

A object.

Gets or sets the object used to resolve security token references found in the wst:UseKey element of RST messages as well as the wst:RenewTarget element found in RST messages.

A object.

The exception that is thrown when an error occurs while serializing or deserializing a WS-Trust message.

Initializes a new instance of .

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

The base class for exceptions thrown on request failures.

Initializes a new instance of the class.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

The exception that is thrown if the specified request (RST) failed due to an external reason that cannot be specifically determined.

Initializes a new instance of the class.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

Encrypts a cookie using .

Initializes a new instance of the class that uses the specified key for encryption and decryption.

The key to use as the default encryption and decryption key. Initializes the and properties. is .

Initializes a new instance of the class that uses the private key of the specified X.509 certificate for encryption and decryption.

The certificate whose private key is used to encrypt and decrypt. The certificate whose private key will be used as the default encryption and decryption key. Initializes the and properties. is . does not have a private key. -or- The private key is not RSA.

Decrypts the specified data by using the provided RSA key(s) to decrypt an AES key, which decrypts the cookie.

The encoded data The decoded data is . contains zero bytes. The platform does not support the requested algorithm. There are no decryption keys or none of the keys match.

Gets the keys used for decryption By default, this property returns a list that contains only the encryption key.

The keys to use for decryption.

Encodes the specified data. The data is encrypted using the default encryption algorithm (AES-256), then the AES key is encrypted using RSA and the RSA public key is appended.

The data to encode The encoded data is . contains zero bytes. The is .

Gets or sets the RSA key used for encryption

The RSA key used for encryption.

Gets or sets the name of the hash algorithm to use.

The name of the hash algorithm to use. The default is "SHA2566".

Provides cookie integrity using an signature.

Initializes a new instance of the class by using the specified RSA key.

The RSA key to use as the default signing and verification key. is .

Initializes a new instance of the class by using the private key of the specified certificate.

The certificate whose private key is to be used for signing and verifying. is . has no private key -or- The private key of the is not an RSA key.

Verifies the specified signature and returns the original, unsigned data.

Data previously returned from the method. The original data (unsigned). is . contains zero bytes. The signature is not valid. The data is in the wrong format. There are no verification keys. The platform does not support the specified algorithm.

Signs the specified data.

The data to be signed. The signed data. is . contains zero bytes. The property is . -or- The key specified by the property is not assignable as . -or- The key specified by the property does not contain a private key. The operating system does not support the specified algorithm.

Gets or sets the name of the hash algorithm to use.

The name of the hash algorithm. The default is "SHA256".

Gets or sets the RSA key that is used for signing.

The RSA key that is used for signing.

Gets the collection of keys used for signature verification. By default, this property returns a list that contains only the signing key.

The collection of keys used for signature verification.

Represents the configuration for the token issuance request.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified appliesTo address.

The appliesTo address of the relying party. This is typically a URI.

Initializes a new instance of the class with the specified appliesTo address and encrypting credentials.

The appliesTo address of the relying party. This is typically a URI. The encrypting credentials for the relying party.

Initializes a new instance of the class with the specified appliesTo address and signing credentials.

The appliesTo address of the relying party. This is typically a URI. The signing credentials for the relying party.

Initializes a new instance of the class with the specified appliesTo address, signing credentials, and encrypting credentials.

The appliesTo address of the relying party. This is typically a URI. The signing credentials for the relying party. The encrypting credentials for the relying party.

Gets or sets the appliesTo address of the relying party.

The appliesTo address of the relying party. This is typically a URI.

Gets or sets the encrypting credentials for the relying party.

The encrypting credentials to be used for the relying party.

Gets the properties bag to extend the object.

The properties bag.

Gets or sets the replyTo address of the relying party.

The replyTo address of the relying party. This is typically a URI.

Gets or sets the signing credentials for the relying party.

The signing credentials to be used for the relying party.

Gets or sets a value that indicates whether issued symmetric keys must be encrypted.

if symmetric keys must be encrypted; otherwise, . The default is .

Gets or sets a value that indicates whether issued security tokens must be encrypted.

if security tokens must be encrypted; otherwise, . The default is .

The exception that is thrown when an error occurs while serializing a security message.

Initializes a new instance of the class.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

The abstract base class that defines the properties and methods of a security token service (STS).

Called from derived classes to initialize the class using the specified configuration settings.

A that contains the settings for the STS. is .

When overridden in a derived class, begins an asynchronous WS-Trust Cancel request.

A that represents the identity of the token requestor. A that represents the security token request. This includes the request message as well as other client related information such as authorization context. The delegate that receives notification of the completion of the asynchronous cancel operation. An object that contains state information associated with the asynchronous cancel operation. The that references the asynchronous cancel operation.

When overridden in a derived class, begins an asynchronous call to the method.

A that represents the identity of the token requestor. A that represents the security token request. This includes the request message as well as other client related information such as authorization context. The that contains information about the relying party associated with the request. The delegate that receives notification of the completion of the asynchronous operation. An object that contains state information associated with the asynchronous operation. The that references the asynchronous operation.

When overridden in a derived class, begins an asynchronous call for the method.

A that represents the identity of the token requestor. A that represents the security token request. This includes the request message as well as other client related information such as authorization context. The delegate that receives notification of the completion of the asynchronous operation. An object that contains state information associated with the asynchronous operation. The that references the asynchronous cancel operation.

When overridden in a derived class, begins an asynchronous WS-Trust Issue request.

A that represents the identity of the token requestor. A that represents the security token request. This includes the request message as well as other client related information such as authorization context. The delegate that receives notification of the completion of the asynchronous issue operation. An object that contains state information associated with the asynchronous issue operation. The that references the asynchronous issue operation.

When overridden in a derived class, begins an asynchronous WS-Trust Renew request.

A that represents the identity of the token requestor. A that represents the security token request. This includes the request message as well as other client related information such as authorization context. The delegate that receives notification of the completion of the asynchronous renew operation. An object that contains state information associated with the asynchronous renew operation. The that references the asynchronous renew operation.

When overridden in a derived class, begins an asynchronous WS-Trust Validate request.

A that represents the identity of the token requestor. A that represents the security token request. This includes the request message as well as other client related information such as authorization context. The delegate that receives notification of the completion of the asynchronous validate operation. An object that contains state information associated with the asynchronous validate operation. The that references the asynchronous validate operation.

When overridden in a derived class, processes a WS-Trust Cancel request.

Creates an instance of a .

The incoming token request. The object returned from . The . is . -or- is .

When overridden in a derived class, completes the asynchronous WS-Trust Cancel request.

The that is returned by a call to the method. A that represents the RSTR to return to the caller.

When overridden in a derived class, completes the asynchronous call to the method.

The that is returned by a call to the method. A that contains the collection of claims that will be placed in the issued security token.

When overridden in a derived class, completes the asynchronous call to the method.

The that is returned by a call to the method. A that encapsulates the relying party (RP) information associated with the request (RST) specified in the call to the method.

When overridden in a derived class, completes the asynchronous WS-Trust Issue request.

The that is returned by a call to the method. A that represents the RSTR to return to the caller.

When overridden in a derived class, completes the asynchronous WS-Trust Renew request.

The that is returned by a call to the method. A that represents the RSTR to return to the caller.

When overridden in a derived class, completes the asynchronous WS-Trust Validate request.

The that is returned by a call to the method. A that represents the RSTR to return to the caller.

This class is used to maintain the request state across asynchronous calls within a security token service.

Initializes a new instance of the class with the specified token request (RST), token requestor, and object.

The token request. The identity of the requestor. An that represents the status of the asynchronous call. is . -or- is .

Initializes a new instance of the class from the specified object. This constructor effectively creates a copy of the specified instance.

The instance from which to create the new instance. is .

Gets the identity of the token requestor associated with the asynchronous call.

The identity of the token requestor.

Gets the token request (RST) associated with the asynchronous call.

The token request associated with the asynchronous call.

Gets the associated with the asynchronous call.

An that represents the status of the asynchronous call.

Gets or sets the security token handler that will be used during an asynchronous token-issuance call.

The token handler that will be used.

Gets the name of the security token service (STS).

The issuer name.

When overridden in a derived class, this method returns a collection of output subjects to be included in the issued token.

A that represents the identity of the token requestor. A that represents the security token request. This includes the request message as well as other client related information such as authorization context. The that contains information about the relying party associated with the request. This is the object that was returned by the method. A that contains the collection of claims that will be placed in the issued security token.

Gets the proof token to be included in the response (RSTR).

A that represents the incoming token request (RST). The instance that encapsulates information about the relying party. A that represents the newly created proof descriptor. The proof descriptor can be an asymmetric proof descriptor, a symmetric proof descriptor, or in the bearer token case. is . -or- is .

Gets the requestor's proof encrypting credentials.

A that represents the incoming token request (RST). An object that represents the requestor's encrypting credentials. is .

Creates the response (RSTR) that contains the issued token by using the specified request (RST) and security token descriptor.

The RST that contains the token request. The token descriptor that contains the information to use for the issued token. The response (RSTR) or if a response cannot be created from the specified request and token descriptor. The default implementation returns if the parameter is .

Gets a object that contains information about the relying party (RP) associated with the specified request (RST). You must override this method in your implementation of the class.

A that represents the client making the request. A that represents the incoming request (RST). A that encapsulates the RP information associated with the request.

Gets the appropriate security token handler for issuing a security token of the specified type.

A string that contains the requested token type URI. A that represents the token handler to be used for creating the issued security token. Returns if the requested token type is not supported (there is no handler configured for the specified token type).

Gets the lifetime for the issued token.

A that represents the requested lifetime. A that represents the granted lifetime.

Issues a security token.

Gets or sets the principal associated with the current instance.

A that represents the current principal.

When overridden in a derived class, processes a WS-Trust Renew request.

Gets or sets the security token request (RST) associated with the current instance.

A that contains the request.

Gets or sets the scope associated with the current instance.

A that represents the configuration for the token issuance request.

Gets or sets the associated with the current instance.

The security token descriptor that is associated with the current instance. An attempt to set the property to occurs.

Gets the owner configuration instance.

A that contains the configuration for the current instance.

When overridden in a derived class, processes a WS-Trust Validate request.

Validates the security token request (RST) encapsulated by this instance.

A that represents the request. is . -or- The property of the request is not set to . -or- The property of the request is not or one of the constants defined in the class. -or- The of the request is and the element is present, but its value is not equal to zero. The STS does not support the request token type (based on the value of the property of the request).

Specifies whether the security token's should be validated.

Always.

Only when the security token's key is of type BearerKey and there are no proof of possession keys in the security token.

Never.

A helper class for the class that verifies that the property is set to a valid value.

Gets a value that indicates whether the value of the specified is valid.

The to verify its validity. when the is , , or ; otherwise, .

Authenticates a security token using a custom authentication scheme.

Initializes a new instance of the class using the specified validator.

A that authenticates the user name and password using a custom authentication scheme. is .

Authenticates the specified user name and password and returns the set of authorization policies for security tokens.

The user name associated with the security token. The password associated with the security token. A of type that contains the set of authorization policies in effect for this application. is . and combination are not valid.

Authenticates a security token.

Initializes a new instance of the class.

Initializes a new instance of the class by specifying whether the groups that the Windows user belongs to are obtained when the user is authenticated.

to get the groups the Windows user belongs to; otherwise, .

Gets a value that indicates whether the specified security token can be validated by this security token authenticator.

The to authenticate. when is a security token; otherwise, .

Represents a security token provider that provides security tokens for a SOAP message sender.

Initializes a new instance of the class using the specified service principal name.

The service principal name to get a security token for. is .

Initializes a new instance of the class using the specified service principal name and whether a client allows a recipient of the security token to impersonate the client's credentials.

The service principal name to get a security token for. A that specifies the degree to which a recipient of the security token can act on behalf of the client. is not or . is .

Initializes a new instance of the class using the specified service principal name, client identity, and whether a client allows a recipient of the security token to impersonate the client's credentials.

The service principal name to get a security token for. A that specifies the degree to which a recipient of the security token can act on behalf of the client process. A that represents the identity of the . is not or . is .

Gets a security token.

A that specifies the timeout value for the message that gets the security token. The that represents the security token to get.

Gets the identity of the security token.

A that represents the identity of the .

Gets the service principal name of the security token to get.

The service principal name of the security token to get.

Gets a value that specifies the degree to which a recipient of the security token can act on behalf of the client.

A that specifies the degree to which a recipient of the security token can act on behalf of the client.

Authenticates a security token.

Initializes a new instance of the class.

Gets a value indicating whether the specified security token can be validated by this security token authenticator.

The to be validated. when is a security token; otherwise, .

Authenticates the specified security token and returns the set of authorization policies for the security token.

The to be validated. A of type that contains the set of authorization policies in effect for this application.

Authenticates a security token.

Initializes a new instance of the class using the specified set of authenticators.

An of that contains the authenticators to authenticate the issuer's security tokens.

Initializes a new instance of the class using the specified set of authenticators and the maximum allowable difference between the sender's and receiver's clocks.

An of that contains the authenticators to authenticate the issuer's security tokens. A that represents the maximum allowable difference between the sender's and receiver's clocks.

Gets the set of target URIs for which the security token can be targeted for to be considered valid by this instance.

An of type that contains the target URIs for which the security token can be targeted for to be considered valid by this security token authenticator.

Gets or sets an that specifies whether the security token's should be validated.

An that specifies whether the security token's should be validated.

Gets a value that indicates whether the specified security token can be validated by this security token authenticator.

The to be validated. when is a security token; otherwise, .

Resolves the identity associated with the specified key identifier using the supporting security authenticators provided when the instance was created and returns it as a .

A to get the identity of. A that represents the identity of the specified key identifier.

Resolves the identity associated with the specified security token using the supporting token authenticators provided when the instance was created and returns it as a .

The to get the identity of. A that represents the identity of the specified security token.

Resolves the identity associated with the specified key identifier using the supporting security token authenticators provided when the instance was created and returns it as an .

A to get the identity of. An that represents the identity of the specified key identifier.

Resolves the identity associated with the specified security token using the supporting security token authenticators provided when the instance was created and returns it as an .

The to get the identity of. An that represents the identity of the specified security token.

Validates that the security token was intended for this Web service.

A that specifies the set of target Web services for which the security token is intended. if the property of the parameter is in the collection; otherwise, .

Authenticates the specified security token and returns the set of authorization policies for the security token.

The to be validated. A of type that contains the set of authorization policies that result from the security token authentication.

Authenticates a security token.

Initializes a new instance of the class.

Gets a value indicating whether the specified security token can be validated by this security token authenticator.

The to be validated. when token can be validated; otherwise, . is .

When overridden in a derived class, gets a value indicating whether the specified security token can be validated by this security token authenticator.

The to be validated. when can be validated; otherwise, .

Authenticates the specified security token and returns the set of authorization policies for the security token.

The to be validated. A of type that contains the set of authorization policies in effect for this application. is . cannot be authenticated by this security token authenticator -or- is not authenticated.

When overridden in a derived class, authenticates the specified security token and returns the set of authorization policies for the security token.

The to be validated. A of type that contains the set of authorization policies in effect for this application.

Represents a security token manager that specifies how security tokens are provided, authenticated, and serialized.

Initializes a new instance of the class.

Gets a security token authenticator that meets the specified security token requirements.

A that specifies the security token requirements. A that determines the security token that matches the specified security token requirements. A that authenticates security tokens in incoming SOAP messages that meet the specified requirements.

Gets a security token provider that meets the specified security token requirements.

A that specifies the security token requirements. A that provides security tokens that meet the specified requirements for outgoing SOAP messages.

Gets an XML serializer that can serialize security tokens in the specified version of the WS-* specifications.

A that specifies the WS-* specification versions that security tokens adhere to. A to serialize the security tokens.

Represents a security token provider that handles security tokens for a SOAP message sender.

Initializes a new instance of the class.

Begins an asynchronous operation to cancel a security token.

A that specifies the timeout value for the message that cancels the security token. The to cancel. The delegate that receives notification of the completion of the asynchronous close operation. An object, specified by the application, that contains state information associated with the asynchronous close operation. The that references the asynchronous cancel operation.

Begins an asynchronous operation to cancel a security token.

Begins an asynchronous operation to get a security token.

A that specifies the timeout value for the message that gets the security token. The delegate that receives notification of the completion of the asynchronous close operation. An object, specified by the application, that contains state information associated with the asynchronous close operation. The that references the asynchronous close operation.

Begins an asynchronous operation to get a security token.

Begins an asynchronous operation that renews a security token.

A that specifies the timeout value for the message that renews the security token. The to renew. The delegate that receives notification of the completion of the asynchronous close operation. An object, specified by the application, that contains state information associated with the asynchronous close operation. The that references the asynchronous operation.

Begins an asynchronous operation that renews a security token.

Cancels a security token.

A that specifies the timeout value for the message that cancels the security token. The to cancel.

Cancels a security token.

A that specifies the timeout value for the message that cancels the security token. The to cancel.

Completes an asynchronous operation to cancel a security token.

The that is returned by a call to the method.

Completes an asynchronous operation to cancel a security token.

The that is returned by a call to the method.

Completes an asynchronous operation to get a security token.

The that is returned by a call to the method. The that represents the security token.

Completes an asynchronous operation to get a security token.

The that is returned by a call to the method. The that represents the security token.

Completes an asynchronous operation to renew a security token.

The that is returned by a call to the method. The that represents the security token that is renewed.

Completes an asynchronous operation to renew the security token.

The that is returned by a call to the method. The that represents the security token that is renewed.

Gets a security token.

A that specifies the timeout value for the message that gets the security token. The that represents the security token to get.

Gets a security token.

A that specifies the timeout value for the message that gets the security token. The that represents the security token to get.

Renews a security token.

A that specifies the timeout value for the message that renews the security token. The to renew. The that represents the security token that is renewed.

Renews a security token.

A that specifies the timeout value for the message that renews the security token. The to renew. The that represents the security token that is renewed.

Encapsulates the results of an asynchronous operation on a delegate.

Creates a new instance of .

A security token with which to instantiate the The callback method to be called when the asynchronous operation completes. The object provided as the last parameter of the asynchronous method call.

Gets the object passed as the last parameter of the asynchronous method call.

Returns .

Gets a that encapsulates Win32 synchronization handles.

Returns .

Returns if the call completed asynchronously; otherwise, .

Returns .

Complete the asynchronous operation with the specified result.

The result of the asynchronous operation. Returns .

Returns if the asynchronous call is completed; otherwise, .

Returns .

Gets a value that indicates whether the security token can be cancelled.

if the security token can be cancelled; otherwise, . The default is .

Gets a value that indicates whether the security token is renewable.

if the security token can be renewed; otherwise, . The default is .

Specifies security token requirements.

Initializes a new instance of the class.

Gets the specified property for the current instance.

The name of the property to get. The type of the property to get. The value of the property to get. is .

Gets a value of the token property if it is optional.

A value of the token property.

Gets or sets the required size of the key associated with a security token.

The size of the key, in bits, associated with a security token. The default value is 0. The property is set to a value less than 0.

Gets a value that specifies the name of the index in the collection for the property.

The name of the index in the collection for the property.

Gets or sets the type of key (asymmetric or symmetric) associated with a security token.

A that specifies the type of key (asymmetric or symmetric) associated with a security token. The default value is .

Gets a value that specifies the name of the index in the collection for the property.

The name of the index in the collection for the property.

Gets or sets a value that specifies how the key associated with a security token can be used.

A that specifies how the key associated with a security token can be used. The default value is .

Gets a value that specifies the name of the index in the collection for the property.

The name of the index in the collection for the property.

Gets the name of the index in the collection for a property that specifies the peer authentication method.

The name of the index in the collection for a property that specifies the peer authentication method.

Gets a collection of the non-static properties for the current instance.

An that contains a collection of the non-static properties for the current instance.

Gets or sets a value that indicates whether the security token must be capable of performing cryptographic operations, such as encryption.

if the security token must be capable of performing cryptographic operations; otherwise, . The default is .

Gets the name of the index in the collection for the property.

The name of the index in the collection for the property.

Gets or sets the required security token type.

The required security token type.

Gets a value that specifies the name of the index in the collection for the property.

The name of the index in the collection for the property.

Gets the specified property for the current instance.

The name of the property to get. The value of the property specified in the property. The type of property to return in the parameter. if the property contains a property value for the property specified in the property; otherwise, . A properties exists with the name specified in the parameter, but it is not of the same type that is specified in the parameter.

Represents a utility class that can retrieve security tokens or keys when you have a key identifier or key identifier clause.

Initializes a new instance of the class.

Creates a default security token resolver for the specified security tokens.

A of type that contains the set of security tokens for which this security token resolver can resolve key identifiers and key identifier clauses to. to resolve the key identifier clauses that reference a security key that is located somewhere else in the SOAP message; otherwise, . A that resolves key identifiers and clauses that match the security tokens specified in the parameter.

When overridden in a derived class, loads custom configuration from XML.

The custom configuration elements.

Obtains the key that is referenced in the specified key identifier clause.

A to retrieve the key for. A that is the key referenced in the specified key identifier clause. is . A key could not be retrieved for the key identifier clause specified in the parameter.

Retrieves a security token that matches one of the security key identifier clauses contained within the specified key identifier.

The to create a security token for. A that represents the specified key identifier. is . A security token cannot be created for the specified key identifier.

Retrieves the security token that matches the specified key identifier clause.

The to create a security token for. A that represents the specified key identifier clause.

Attempts to retrieve the key that is referenced in the specified key identifier clause.

A to retrieve the key for. When this method returns, contains a that contains the key that is referenced in the specified key identifier clause. This parameter is passed uninitialized. when a key can be retrieved for the specified key identifier clause; otherwise, . is .

Attempts to retrieve the key that is referenced in the specified key identifier clause.

Attempts to retrieve the security token that matches one of the key identifier clauses contained within the specified key identifier.

The to create a security token for. When this method returns, contains a that represents the specified key identifier. This parameter is passed uninitialized. when a security token can be retrieved for the specified key identifier; otherwise, . is .

Attempts to retrieve the security token that matches the specified key identifier clause.

The to create a security token for. When this method returns, contains a that represents the specified key identifier clause. This parameter is passed uninitialized. when a security token can be retrieved for the specified key identifier clause; otherwise, . is .

When overridden in a derived class, attempts to retrieve the security token that matches at least one of the key identifier clauses contained within the specified key identifier.

When overridden in a derived class, attempts to resolve the security token that matches the specified key identifier clause.

Represents a class that can read and write key identifiers, key identifier clauses, and security tokens.

Initializes a new instance of the class.

Determines whether this serializer can read the element referred to by the specified XML reader.

An to read the key identifier. when the specified XML element can be read; otherwise, . is .

Determines whether this serializer can read a clause in a element referred to by the specified XML reader.

An to read the key identifier clause. when the specified key identifier clause can be read; otherwise, . is .

Determines whether this serializer can read the element referred to by the specified XML reader. Called by the base class.

An to read the key identifier clause. when the specified element can be read; otherwise, . is .

Determines whether this serializer can read the element referred to by the specified XML reader. Called by the base class.

An to read the key identifier. when the specified key identifier clause can be read; otherwise, . is .

Determines whether this serializer can read the security token pointed at by the specified XML reader.

An to read the security token. when the security token can be read; otherwise, . is .

Determines whether this serializer can read the security token pointed at by the specified XML reader. Called by the base class.

An to read the security token. when the security token can be read; otherwise, . is .

Determines whether this serializer can write the specified key identifier.

A that represents the key identifier to write. when this serializer can write the specified key identifier; otherwise, . is .

Determines whether this serializer can write the specified key identifier clause.

A that represents the key identifier clause to write. when this serializer can write the specified key identifier clause; otherwise, . is .

Determines whether this serializer can write the specified key identifier clause. Called by the base class.

A that represents the key identifier clause to write. when this serializer can write the specified key identifier clause; otherwise, . is .

Determines whether this serializer can write the specified key identifier. Called by the base class.

A that represents the key identifier to write. when this serializer can write the specified key identifier; otherwise, . is .

Determines whether this serializer can write the specified security token to XML.

The to convert to XML. when the security token can be written; otherwise, . is .

Determines whether this serializer can write the specified security token to XML. Called by the base class.

The to convert to XML. when the security token can be written; otherwise, . is .

Reads the key identifier using specified XML reader.

An to read the key identifier. A that represents the key identifier that is read. is .

Reads the key identifier clause using specified XML reader.

An to read the key identifier. A that represents the key identifier that is read. is .

Reads the key identifier clause using specified XML reader. Called by the base class.

An to read the key identifier. A that represents the key identifier that is read. is .

Reads the key identifier clause using specified XML reader. Called by the base class.

An to read the key identifier. A that represents the key identifier that is read. is .

Reads the security token pointed at by the specified XML reader.

An to read the security token. A that determines the security token type. A that represents the security token that is read. is . -or- is .

Reads the security token pointed at by the specified XML reader. Called by the base class.

An to read the security token. A that determines the security token type. A that represents the security token that is read. is . -or- is .

Writes the specified key identifier using the specified XML writer.

A to write the key identifier. A that represents the key identifier to write. is . -or- is .

Writes the specified key identifier clause using the specified XML writer.

A to write the key identifier clause. A that represents the key identifier clause to write. is . -or- is .

Writes the specified key identifier clause using the specified XML writer. Called by the base class.

A to write the key identifier clause. A that represents the key identifier clause to write. is . -or- is .

Writes the specified key identifier using the specified XML writer. Called by the base class.

A to write the key identifier. A that represents the key identifier to write. is . -or- is .

Writes the specified security token using the specified XML writer.

A to write the security token. A that represents the security token to write. is . -or- is .

Writes the specified security token using the specified XML writer. Called by the base class.

A to write the security token. A that represents the security token to write. is . -or- is .

Represents the specifications, such as the WS-*specifications, that security tokens are defined in.

Initializes a new instance of the class.

Gets the collection of supported security specifications.

A of type that contains the set of supported security specifications.

Validates a username and password.

Initializes a new instance of the class.

Gets an instance of a that validates a username and password using the specified membership provider.

A to validate the username and password. An that validates a username and password using .

Gets a validator that performs no validation on the username and password. As a result, the username and password are always deemed valid.

An that performs no validation on the username and password.

When overridden in a derived class, validates the specified username and password.

The username to validate. The password to validate.

Authenticates a security token.

Initializes a new instance of the class.

Gets a value indicating whether the specified security token can be validated by this security token authenticator.

The to be validated. when is a security token; otherwise, .

Authenticates the specified security token and returns the set of authorization policies for the security token.

The to be validated. A of type that contains the set of authorization policies in effect for this application.

When overridden in a derived class, authenticates the specified user name and password and returns the set of authorization policies for security tokens.

The user name associated with the security token. The password associated with the security token. A of type that contains the set of authorization policies in effect for this application.

Represents a security token provider that provides security tokens for a SOAP message sender.

Initializes a new instance of the class using the specified username and password.

The username to get security token for. The password of the user to get a security token for.

Gets a security token based on the username and password specified in the constructor.

A that specifies the timeout value for the message that gets the security token. The that represents the security token to get.

Uses Windows authentication to authenticate the security token.

Initializes a new instance of the class.

Initializes a new instance of the class by specifying whether the groups that the Windows user belongs to are added to the property when the user is authenticated.

to get the groups the Windows user belongs to; otherwise, .

Gets a value indicating whether the specified security token can be validated by this security token authenticator.

The to be validated. when is a security token; otherwise, .

Authenticates the specified security token and returns the set of authorization policies for the security token.

The to be validated. A of type that contains the set of authorization policies in effect for this application.

Uses Windows authentication to authenticate the user name and password in a security token.

Initializes a new instance of the class

Initializes a new instance of the class by specifying whether the claims that identify the Windows groups that a user belongs to are initially added to the property when the user is authenticated.

to get the groups the Windows user belongs to; otherwise, .

Authenticates the specified user name and password and returns the set of authorization policies for security tokens.

Validates an X.509 certificate.

Initializes a new instance of the class.

Gets a validator that validates the X.509 certificate using a trust chain.

A that validates the X.509 certificate using a trust chain.

Gets a validator that verifies the X.509 certificate by specifying the context and chain policy that is used to build and verify a trust chain.

to use the machine context; to use the current user context. An that specifies the policy used to build and verify the trust chain. A that validates the X.509 certificate using a trust chain.

Gets a validator that verifies the certificate is in the certificate store or by specifying the context and chain policy that is used to build a certificate trust chain. The certificate is trusted if it passes either verification method.

to use the machine context; to use the current user context. An that specifies the policy used to build the trust chain. A that verifies the certificate is in the certificate store or by building a certificate trust chain.

When overridden in a derived class, loads custom configuration from XML.

The custom configuration elements.

Gets a validator that performs no validation on an X.509 certificate. As a result, an X.509 certificate is always considered to be valid.

A that performs no validation on the X.509 certificate.

Gets a validator that verifies the certificate is in the certificate store or by building a certificate trust chain. The certificate is trusted if it passes either verification method.

A that verifies the certificate is in the certificate store or by building a certificate trust chain.

Gets a validator that verifies the certificate is in the certificate store

A that verifies the certificate is in the certificate store.

When overridden in a derived class, validates the X.509 certificate.

The that represents the X.509 certificate to validate.

Authenticates an .

Initializes a new instance of the class.

Initializes a new instance of the class using the specified certificate validator.

A that verifies that the certificate is valid.

Initializes a new instance of the class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity.

A that verifies that the certificate is valid. to map the identity of the certificate to a Windows identity; otherwise, .

Initializes a new instance of the class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity and the Windows groups the user belongs to.

A that verifies that the certificate is valid. to map the identity of the certificate to a Windows identity; otherwise, . to include the groups the Windows user belongs to in the property that is constructed throughout the authentication process; otherwise, .

Gets a value that indicates whether the specified security token can be validated by this security token authenticator.

The to be validated. when is a security token or a class that derives from ; otherwise, .

Gets a value that indicates whether to map the X.509 certificate to a Windows account.

to map the X.509 certificate to a Windows account; otherwise, .

Authenticates the specified security token and returns the set of authorization policies for the security token.

The to be validated. A of type that contains the set of authorization policies in effect for this application.

Represents a security token provider that provides security tokens for a SOAP message sender.

Initializes a new instance of the class by getting an X.509 certificate from the specified certificate store criteria.

One of the values that specifies the certificate store location. One of the values that specifies the certificate store name. One of the values that specifies how to search the certificate store. The value used to find the X.509 certificate in the certificate store. is . No certificates match the specified criteria. -or- More than one certificate matches the specified criteria.

Initializes a new instance of the class using the specified X.509 certificate.

The to get a security token for. is .

Gets the X.509 certificate associated with the security token.

Gets an that represents the X.509 certificate of a security token.

Releases all resources used by the .

Gets a security token using the X.509 certificate specified in the constructor.

A that specifies the timeout value for the message that gets the security token. The that represents the security token to get.

The exception that is thrown when an error occurs while processing a signature

Initializes a new instance of the class.

Initializes a new instance of the class with serialized data.

A object that holds the serialized object data. A object that contains the contextual information about the source or destination.

Initializes a new instance of the class with a specified error message.

The error message that explains the reason for the exception.

Initializes a new instance of the class with a specified error message and a reference to the inner exception that is the cause of this exception.

Represents a security token resolver that can wrap multiple token resolvers and resolve tokens across all of the wrapped resolvers.

Initializes a new instance of the class by using the specified list of token resolvers.

A list of the security token resolvers to be wrapped by this instance. is .

Gets the security token resolvers that are wrapped by this instance.

A read-only collection that contains the token resolvers that are wrapped by this instance.

Attempts to retrieve the key that is referenced in the specified key identifier clause.

The key identifier clause to retrieve the key for. When this method returns, contains the key that is referenced in the specified key identifier clause. This parameter is passed uninitialized. when a key can be retrieved for the specified key identifier clause; otherwise, . is .

Attempts to retrieve the security token that matches at least one of the key identifier clauses contained within the specified key identifier.

The security key identifier to retrieve the token for. When this method returns, contains a token that represents the specified key identifier. This parameter is passed uninitialized. when a token can be retrieved for the specified key identifier; otherwise, . is .

Attempts to resolve the security token that matches the specified key identifier clause.

The key identifier clause to create a security token for. When this method returns, contains a security token that represents the specified key identifier clause. This parameter is passed uninitialized. when a security token can be retrieved for the specified key identifier clause; otherwise, . is .

This class can be used for issuing the asymmetric key based token.

Initializes a new instance of the class.

Initializes a new instance of the class based on a key identifier.

The key identifier on which to construct the proof token.

Initializes a new instance of the class based on an RSA algorithm.

The RSA algorithm on which to construct the proof token.

Applies the proof descriptor to the RSTR's requested proof token.

The RSTR on which to apply the descriptor.

Gets the key identifier that the requestor has provided from the use key. It can be echoed back inside the SAML token if it is needed.

The key identifier that the requestor has provided from the use key.

Base class for asymmetric keys.

Initializes a new instance of the class.

When overridden in a derived class, gets the specified asymmetric cryptographic algorithm.

The asymmetric algorithm to create. when a private key is required to create the algorithm; otherwise, . An that represents the specified asymmetric cryptographic algorithm. Typically, is passed into the parameter, as a private key is typically required for decryption.

When overridden in a derived class, gets a cryptographic algorithm that generates a hash for a digital signature.

The hash algorithm. A that generates hashes for digital signatures.

When overridden in a derived class, gets the deformatter algorithm for the digital signature.

The deformatter algorithm for the digital signature. An that represents the deformatter algorithm for the digital signature.

When overridden in a derived class, gets the formatter algorithm for the digital signature.

The formatter algorithm for the digital signature. An that represents the formatter algorithm for the digital signature.

When overridden in a derived class, gets a value that indicates whether the private key is available.

when the private key is available; otherwise, .

Defines settings for an AudienceRestriction verification.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified mode.

One of the enumeration values that specifies the mode in which the Audience URI restriction is applied.

Gets the list of allowed Audience URIs.

The list of allowed Audience URIs.

Gets or sets the mode in which Audience URI restriction is applied.

One of the enumeration values that specifies the mode in which the Audience URI restriction is applied.

The exception that is thrown when an incoming security token fails Audience URI validation.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified XML serialization data and contextual data about the source and destination of the serialization stream.

A that contains values that are used during serialization and deserialization. A that contains data about the source and destination of the serialization stream.

Initializes a new instance of the class using the specified error message.

A message that identifies the reason the exception occurred.

Initializes a new instance of the class using the specified error message and root cause of the error.

A message that identifies the reason the exception occurred. A that represents the root cause of the exception.

This class is used to specify the context of an authentication event.

Initializes a new instance of the class.

Gets the collection of authorities to use for resolving an authentication event.

The collection of authorities to use for resolving an authentication event.

Gets or sets the context class to use for resolving an authentication event.

The context class to use for resolving an authentication event.

Gets or sets the context declaration to use for resolving an authentication event.

The context declaration to use for resolving an authentication event.

Defines constants for supported well-known authentication methods. Defines constants for SAML authentication methods.

Authentication by using a hardware token, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/hardwaretoken.

Authentication by using the Kerberos protocol, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/kerberos.

The namespace for the well-known authentication methods, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/.

Authentication by using a password, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password.

Authentication by using a key authenticated by a PGP web of trust, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/pgp.

Authentication by using the Secure Remote Password protocol, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/secureremotepassword.

Authentication by using an XML digital signature, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/signature.

Authentication by using a smartcard, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/smartcard.

Authentication by using a smartcard PKI, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/smartcardpki.

Authentication on a key authenticated using an SPKI PKI, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/spki.

Authentication by using either the SSL or TLS protocol with certificate-based client authentication, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/tlsclient.

Authentication by using an unspecified method, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/unspecified.

Windows authentication, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows.

Authentication on a key authenticated using an X.509 PKI, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509.

Authentication on a key authenticated using an XKMS trust service, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/xkms.

Represents a base class for key identifier clauses that are based upon binary data.

Initializes a new instance of the class using the specified key identifier clause type, binary data and a value that indicates whether the binary data must be cloned.

The key identifier clause type. Sets the value of the property. An array of that contains the binary data that represents the key identifier. to clone the array passed into the parameter; otherwise, . is . is zero length.

Initializes a new instance of the class using the specified key identifier clause type, binary data, a value that indicates whether the binary data must be cloned, a nonce and the key length.

The key identifier clause type. Sets the value of the property. An array of that contains the binary data that represents the key identifier. Sets the binary data that is returned by the method. to clone the array passed into the parameter; otherwise, . An array of that contains the nonce that was used to create a derived key. Sets the value that is returned by the method. The size of the derived key. Sets the value of the property. is . is zero length.

Gets the binary data that represents the key identifier.

An array of that contains the binary data that represents the key identifier.

Gets the binary data that represents the key identifier.

An array of that contains the binary data that represents the key identifier.

Returns a value that indicates whether the binary data for the current instance matches the specified binary data.

An array of to compare to. if is equivalent to the binary data returned by the method; otherwise, .

Returns a value that indicates whether the binary data for the current instance is equivalent to the specified binary data at the specified offset.

An array of to compare to. The index in the array at which the comparison starts. if the binary data in the parameter starting at the index specified in the parameter is equivalent to the binary data returned by the method (starting at index zero); otherwise, .

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified key identifier clause.

A to compare to. if is of type and the binary data returned by the method is identical for the parameter and the current instance; otherwise, .

Contains a serialized version of the original token that was used at sign-in time.

Initializes a new instance of the class by using the specified array.

An array that represents the token. is .

Initializes a new instance of the class by using the specified security token and token handler.

The security token to serialize. The handler with which to serialize the token. is . -or- is .

Initializes a new instance of the class from a stream.

The serialized data. The context for serialization. is null.

Initializes a new instance of the class by using the specified string.

A string that represents the token. is .

Populates the with data needed to serialize the current object.

The object to populate with data. The destination for this serialization. Can be . is .

Gets the security token that was used to initialize the context.

The security token or .

Gets the token handler that was used to initialize the context.

The token handler or .

Gets the string that was used to initialize the context.

The string that was used to initialize the context or .

Gets the array that was used to initialize the context.

The array that was used to initialize the context or .

Used in the RST to indicate the desired algorithm with which to compute a key based on the combined entropies from both the token requestor and the token issuer.

The URI for the P-SHA1 hash algorithm; http://schemas.microsoft.com/idfx/computedkeyalgorithm/psha1.

Represents an issuer name registry that maintains a list of trusted issuers loaded from elements in the application configuration file that associate each issuer name to the X.509 certificate that is needed to verify the signature of tokens produced by the issuer.

Initializes a new instance of the class.

Adds an issuer to the dictionary of trusted issuers.

ASN.1 encoded form of the issuer's certificate thumbprint. The name of the issuer. is or empty. -or- is or empty. The issuer specified by has already been configured. (The issuer already exists in the dictionary.)

Gets the dictionary of trusted issuers that have been configured for this instance.

A dictionary that contains the trusted issuers.

Returns the issuer name associated with the specified by mapping the certificate thumbprint to a name in the trusted issuers dictionary.

The security token for which the issuer name is requested. Should be assignable as . The issuer name if an entry for the certificate thumbprint of the token exists in the dictionary; otherwise, . is .

Loads the trusted issuers from configuration.

The XML that represents the map of trusted issuers that is specified in the configuration file. is . The configuration contains one or more elements that are not recognized.

Represents an empty key identifier clause. This class is used when an or a element does not contain a element, which is used to describe the key required to decrypt the data or check the signature.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified context.

Used to provide a hint when there is a need resolve an empty clause to a particular key. In the case of SAML11 and SAML2 tokens that have signatures without a element, this property will contain the assertion that is currently being processed.

Gets an object that is used to provide a hint when there is a need to resolve to a particular key.

An object that provides a hint when there is a need to resolve to a particular key.

Represents the encrypted key encrypting credentials. These are usually used as data encrypting credentials to encrypt things like tokens.

Initializes a new instance of the class based on the specified object, key size, and encryption algorithm.

The key wrapping credentials used to encrypt the session key. The key size of the wrapped session key. A URI that represents the encryption algorithm when the session key is used. This should be a symmetric key algorithm. is .

Initializes a new instance of the class based on the specified X.509 certificate.

The certificate used to encrypt the key.

Initializes a new instance of the class based on the specified X.509 certificate, wrapping algorithm, key size, and encryption algorithm.

The certificate used to encrypt the key. A URI that represents the key wrapping algorithm. This should be an asymmetric algorithm. The key size of the wrapped session key. A URI that represents the encryption algorithm when the session key is used. This should be a symmetric key algorithm.

Gets the key wrapping credentials used to encrypt the session key; for example, .

An that represents the credentials used to encrypt the session key.

Represents a key identifier clause that identifies an encrypted key.

Initializes a new instance of the class using the specified key that is encrypted and the cryptographic algorithm used to encrypt the key.

Initializes a new instance of the class using the specified key that is encrypted, the cryptographic algorithm used to encrypt the key, and a key identifier for the encrypting key.

Initializes a new instance of the class using the specified key that is encrypted, the cryptographic algorithm used to encrypt the key, a key identifier for the encrypting key and a user-readable name.

An array of that contains a key that is encrypted. Sets the value that is returned from the method. The cryptographic algorithm that is used to encrypt the key. Sets the value of the property. A that represents the key identifier for the encrypting key specified in the parameter. Sets the value of the property. A user-readable name that is associated with the key specified in the parameter. Sets the value of the property. is . -or- is . is zero length.

Initializes a new instance of the class using the specified key that is encrypted, the cryptographic algorithm used to encrypt the key, a key identifier for the key and a user-readable name.

An array of that contains a key that is encrypted. Sets the value that is returned from the method. The cryptographic algorithm that is used to encrypt the key. Sets the value of the property. A that represents the key identifier for the key specified in the parameter. Sets the value of the property. A user-readable name that is associated with the key specified in the parameter. Sets the value of the property. An array of that contains the nonce that was used to create a derived key. Sets the value that is returned by the method. The size of the derived key. Sets the value of the property. is . -or- is . is zero length.

Gets a user-readable name that is associated with the encrypted key.

A user-readable name that is associated with the encrypted key.

Gets a key identifier for the encrypting key.

A that represents the key identifier for the encrypting key.

Gets the cryptographic algorithm that is used to encrypt the key.

The cryptographic algorithm that is used to encrypt the key.

Gets the encrypted key.

An array of that contains the encrypted key.

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified encrypted key, encryption method and user-readable name.

An array of that contains a key that is encrypted. The cryptographic algorithm that is used to encrypt the key. A user-readable name that is associated with the encrypted key. if the , and parameters have the same values returned by the method and the and the properties, respectively; otherwise, .

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified key identifier clause.

A to compare to. if is of type and has the same encrypted key, encryption method and user-readable name as the current instance; otherwise, . is .

Returns a string that represents the current object.

The current object.

A wrapping-token that handles encryption for a token that does not natively support it.

Initializes a new instance of the class for the specified token by using the specified encrypting credentials.

The token to encrypt. The credentials to use to encrypt the token.

Gets a value that indicates whether the token can create a key identifier clause of the specified type.

The type of the key identifier clause. if the token can create a key identifier clause of the specified type; otherwise, .

Creates a key identifier clause of the specified type for the token.

The type of the key identifier clause to create. A key identifier clause of the specified type.

Gets the credentials to use for encryption.

The credentials to use for encryption.

Gets the unique identifier of the security token.

The unique identifier of the security token.

Returns a value that indicates whether the key identifier for this instance can be resolved to the specified key identifier.

A key identifier clause to compare to this instance. if the specified key identifier clause can be resolved by this instance; otherwise .

Gets the key for the specified key identifier clause.

The key identifier clause to get the key for. The key.

Gets the cryptographic keys associated with the security token.

The set of keys associated with the security token.

Gets the encrypted token.

The encrypted token.

Gets the first instant in time at which the security token is valid.

The instant in time at which the security token is valid.

Gets the last instant in time at which the security token is valid.

The last instant in time at which the security token is valid.

A token handler for encrypted security tokens. Handles tokens of type .

Initializes a new instance of the class.

Returns a value that indicates whether the current XML element is pointing to an element that can be deserialized to a by this instance.

An XML reader positioned at the start element. The reader should not be advanced. if the XML reader is positioned at an element as defined in section 3.5.1 of the XML Encryption Syntax and Processing specification (http://www.w3.org/TR/2002/REC-xmlenc-core-20021210); otherwise, . is .

Returns a value that indicates whether the reader is pointing to an element.

The reader positioned at a security token ( element.) if the reader is positioned at an element; otherwise, .

Gets a value that indicates whether the handler provides serialization functionality for tokens.

if the handler can serialize tokens; otherwise, . Always .

Gets the type identifier URIs for tokens handled by the current instance.

By default, returns an array with a single string because there is not a specific token type identifier that is associated with the type.

Gets or sets the that will be used to serialize and deserialize key identifiers from the element.

The token serializer that will be used to read and write key the key identifiers. An attempt to set the property to occurs.

Reads an from an XML stream.

An XML reader positioned at an element as defined in 'http://www.w3.org/TR/2002/REC-xmlenc-core-20021210'; otherwise, . A key identifier clause of type . is . is not positioned at an element.

Reads an encrypted security token.

The reader from which to read the token. A security token of type . is . There is no configured service token resolver. (Either the property or the property of the referenced token handler configuration is . A service token resolver is required to obtain keys for decryption. -or- The referenced through the property is unable to find a that can read the decrypted XML and return a . A is not found inside the XML pointed to by the reader. -or- The is not a . The found inside the XML cannot be resolved by the configured service token resolver to a .

Gets the type of the token handled by the current instance.

The token type handled by the current instance. The default is .

Writes an encrypted security token using the XML writer.

The XML writer to which to write the encrypted token. The encrypted security token, must be an instance of . is . -or- is . is not assignable as . The property is . This property is required for obtaining keys for encryption. -or- The token handler collection returned by the property was unable to find a that can write the returned by the property. The property is not assignable as .

The exception that is thrown when an error occurs while processing an encrypted security token.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified XML serialization data and contextual data about the source and destination of the serialization stream.

A that contains values that are used during serialization and deserialization. A that contains data about the source and destination of the serialization stream.

Initializes a new instance of the class using the specified error message.

A message that identifies the reason the exception occurred.

Initializes a new instance of the class using the specified error message and root cause of the error.

A message that identifies the reason the exception occurred. A that represents the root cause of the exception.

Represents the cryptographic key and encrypting algorithm that are used to encrypt the proof key.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified cryptographic key, key identifier, and encryption algorithm.

A that contains the cryptographic key that is used for encryption. A that specifies the identifier that represents the key that is used for encryption. A URI that represents the cryptographic algorithm that is used for encryption. is . -or- is . -or- is .

Gets or sets the encryption algorithm.

A URI that represents the cryptographic algorithm that is used to encrypt the proof key. An attempt is made to set the property to or to an empty string.

Gets or sets the encryption key material.

A that contains the cryptographic key that is used to encrypt the proof key. An attempt is made to set the property to .

Gets or sets the identifier that identifies the encrypting credential.

A that identifies the key that is used to encrypt the proof key. An attempt is made to set the property to .

Represents a key identifier clause that is based on XML.

Initializes a new instance of the class by using the specified XML element.

The XML element that represents the key identifier clause. Sets the value of the property. is .

Initializes a new instance of the class by using the specified XML element, nonce, and derivation length.

The XML element that represents the key identifier clause. Sets the value of the property. An array of that contains the nonce that was used to create a derived key. Sets the value that is returned by the method. The size of the derived key. Sets the value of the property. is .

Returns a value that indicates whether specified key identifier clause matches the current instance.

The key identifier clause to which to compare current instance. if the specified key identifier clause matches the current instance; otherwise, .

Gets the XML element that represents the key identifier clause.

The XML element that represents the key identifier clause.

Represents a security token that is based upon XML.

Initializes a new instance of the class.

An that represents the XML that is associated with the security token. Sets the property. A that represents the proof token for the security token. Sets the property. A that represents the first instant in time at which this security token is valid. Sets the property. A that represents the last instant in time at which this security token is valid. Sets the property. A that represents a reference to this security token when it is included in a SOAP message in which it is referenced. Sets the property. A that represents a reference to this security token when it is not included in a SOAP message in which it is referenced. Sets the property. A of type that contains the set authorization policies for this security token. is . -or- is .

Gets the collection of authorization policies for this security token.

A of type that contains the set authorization policies for this security token.

Gets a value that indicates whether this security token is capable of creating the specified key identifier clause.

A that specifies the key identifier to create. when is not and the same type as either the or property values; otherwise, .

Creates the specified key identifier clause.

A that specifies the key identifier to create. A that is a key identifier clause for a security token. is not and not the same type as one of the or property values.

Gets a security key identifier clause that references this security token when this security token is not included in the SOAP message in which it is referenced.

A that represents a reference to this security token when it is not included in a SOAP message in which it is referenced.

Gets a unique identifier of the security token.

The unique identifier of the security token.

Gets a security key identifier clause that references this security token when this security token is included in the SOAP message in which it is referenced.

A that represents a reference to this security token when it is included in a SOAP message in which it is referenced.

Returns a value that indicates whether the key identifier for this instance is equal to the specified key identifier.

An to compare to this instance. when is not and matches either the or property values; otherwise, .

Gets the proof token for the security token.

A that represents the proof token for the security token.

Gets the cryptographic keys associated with the proof token.

A of type that contains the set of keys associated with the proof token.

Gets the XML that is associated with the security token.

An that represents the XML that is associated with the security token.

Returns the current object.

The current object.

Gets the first instant in time at which this security token is valid.

A that represents the first instant in time at which this security token is valid.

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid.

Represents keys that are generated using symmetric algorithms and are only stored in the local computer's random access memory.

Initializes a new instance of the class using the specified symmetric key.

An array of that contains the symmetric key. is . is zero length.

Initializes a new instance of the class using the specified symmetric key and a value that indicates whether the binary data must be cloned.

An array of that contains the symmetric key. to clone the array passed into the parameter; otherwise, . is . is zero length.

Decrypts the specified encrypted key.

The cryptographic algorithm that was used to encrypt the key. An array of that contains the encrypted key. An array of that contains the decrypted key. is not supported. The supported algorithms are , , , and .

Encrypts the specified key.

The cryptographic algorithm to encrypt the key with. An array of that contains the key. An array of that contains the encrypted key. is not supported. The supported algorithms are , , , or .

Generates a derived key using the specified cryptographic algorithm and parameters for the current key.

A URI that represents the cryptographic algorithm to use to generate the derived key. An array of that contains the label parameter for the cryptographic algorithm. An array of that contains the nonce that is used to create a derived key. The size of the derived key. The position at which the derived key is located in the byte array that is returned from this method. An array of that contains the derived key. is not supported. The supported algorithms is .

Gets a transform that decrypts cipher text using the specified cryptographic algorithm.

A cryptographic algorithm that decrypts cipher text, such as encrypted XML. An array of that contains the initialization vector () for the specified algorithm. An that represents the decryption transform. is not supported. The supported algorithms are , , , and .

Gets a transform that encrypts XML using the specified cryptographic algorithm.

A cryptographic algorithm that encrypts XML. An array of that contains the initialization vector () for the specified algorithm. An that represents the encryption transform. is not supported. The supported algorithms are , , , and .

Gets the size, in bits, of the initialization vector () that is required for the specified cryptographic algorithm.

The cryptographic algorithm to get the size of the initialization vector (). The size, in bits, of the initialization vector () that is required for the cryptographic algorithm specified in the parameter. is not supported. The supported algorithms are , , , and .

Gets an instance of the specified keyed hash algorithm.

The keyed hash algorithm to get an instance of. A that represents the keyed hash algorithm. is not supported. The supported algorithms is .

Gets an instance of the specified symmetric algorithm.

The symmetric algorithm to get an instance of. A that represents the symmetric algorithm. is not supported. The supported algorithms are , , , , , , , and

Gets the bytes that represent the symmetric key.

An array of that contains the symmetric key.

Gets a value that indicates whether the specified algorithm uses asymmetric keys.

The cryptographic algorithm. when the specified algorithm uses asymmetric keys; otherwise, .

Gets a value that indicates whether the specified algorithm is supported by this class.

The cryptographic algorithm. when the specified algorithm is supported by this class; otherwise, .

Gets a value that indicates whether the specified algorithm uses symmetric keys.

The cryptographic algorithm. when the specified algorithm uses symmetric keys; otherwise, .

Gets the size, in bits, of the key.

The size, in bits, of the key.

The abstract base class for an issuer name registry. An issuer name registry is used to associate a mnemonic name to the cryptographic material that is needed to verify the signatures of tokens produced by the corresponding issuer. The issuer name registry maintains a list of issuers that are trusted by a relying party (RP) application.

Initializes a new instance of the class.

When overridden in a derived class, returns the name of the issuer of the specified security token.

The security token for which to return the issuer name. The issuer name.

When overridden in a derived class, returns the name of the issuer of the specified security token. The specified issuer name may be considered in determining the issuer name to return.

The security token for which to return the issuer name. An issuer name to consider in the request. The issuer name.

Returns the default issuer name to be used for Windows claims.

The default issuer name for Windows claims.

When overridden in a derived class, loads custom configuration from XML.

The configuration XML elements. Each node in the list is of type .

Resolves issuer tokens received from service partners.

Initializes a new instance of the class.

Initializes a new instance of the class by using the specified token resolver.

The security token resolver to be wrapped by this instance. Sets the property in the new instance.

The default store location for resolving X.509 certificates.

The default store for resolving X.509 certificates.

Attempts to retrieve the key that is referenced in the specified key identifier clause. (Override of the base class method.)

A key identifier clause to retrieve the key for. When this method returns, contains the key that is referenced in the specified key identifier clause. This parameter is passed uninitialized. when a key can be retrieved for the specified key identifier clause; otherwise, .

Attempts to retrieve the security token that matches at least one of the key identifier clauses contained within the specified key identifier. (Override of the base class method.)

The key identifier to create a security token for. When this method returns, contains a that represents the specified key identifier. This parameter is passed uninitialized. if a security token can be retrieved for the specified key identifier; otherwise, .

When overridden in a derived class, attempts to resolve the security token that matches the specified key identifier clause. (Override of the base class method.)

The key identifier clause to create a security token for. When this method returns, contains a that represents the specified key identifier clause. This parameter is passed uninitialized. if a security token can be retrieved for the specified key identifier clause; otherwise, .

Gets the security token resolver wrapped by this instance.

The wrapped token resolver.

Represents a security token that is based upon a Kerberos ticket that is received in a SOAP message.

Initializes a new instance of the class using the specified Kerberos ticket.

An array of that contains a Kerberos ticket.

Initializes a new instance of the class using the specified Kerberos ticket and unique identifier.

An array of that contains the Kerberos ticket. A unique identifier of the security token. Sets the value of the property.

Creates a new instance of .

An array of bytes that contains the Kerberos ticket. A unique identifier for the security token. The URI that describes the value type.

Gets a value that indicates whether this security token is capable of creating the specified key identifier.

A that specifies the type of key identifier to create. when is of type ; otherwise, .

Creates the specified key identifier clause.

A that specifies the type of key identifier to create. A that is a key identifier clause for the security token.

Gets the Kerberos ticket.

An array of that contains the Kerberos ticket.

Returns a value that indicates whether the key identifier for this instance matches the specified key identifier.

A to compare to this instance. if is of type and the Kerberos ticket match; otherwise, .

Gets the symmetric session key for the Kerberos ticket that is associated with this security token.

A that contains the symmetric session key for the Kerberos ticket that is associated with this security token.

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token.

Gets the first instant in time at which this security token is valid.

A that represents the instant in time at which this security token is first valid.

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid.

Gets the URI that describes the value type.

Returns .

Gets the Windows user associated with this security token.

A that represents a Windows user.

Represents a security token that is based upon a Kerberos ticket that is sent in an SOAP request.

Initializes a new instance of the class using a service that is associated with the specified service principal name.

The service principal name for the security token. Sets the property. is . A Kerberos ticket cannot be obtained for the current user.

Initializes a new instance of the class.

The service principal name for the security token. Sets the property. One of the values that specifies how the client allows the security token to be impersonated. A that specifies the user to get a security token for. A unique identifier of the security token. Sets the value of the property. is . -or- is . is not , not equal to and the property is empty or . A Kerberos ticket cannot be obtained for the specified user. is not or .

Gets a value that indicates whether this security token is capable of creating the specified key identifier.

A that specifies the key identifier to create. when is of type ; otherwise, .

Creates the specified key identifier clause.

A that specifies the key identifier to create. A that is a key identifier clause for the security token.

Gets the Kerberos ticket request.

An array of that contains the result Kerberos ticket request.

Gets a unique identifier of the security token.

A unique identifier of the security token.

Returns a value that indicates whether the key identifier for this instance matches the specified key identifier.

A to compare to this instance. if is of type and the results of the Kerberos ticket request match; otherwise, .

Gets the symmetric session key for the Kerberos ticket that is associated with this security token.

A that contains the symmetric session key for the Kerberos ticket that is associated with this security token.

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token.

Gets the service principal name for the security token.

The service principal name for the security token.

Gets the first instant in time at which this security token is valid.

A that represents the instant in time at which this security token is first valid.

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid.

Represents a security token handler that processes Kerberos tokens. Handles tokens of type .

Initializes a new instance of the class.

Gets a value that indicates whether the current instance can validate security tokens.

if the handler can validate tokens; otherwise, . The default is .

Gets the Kerberos Security token type defined in WS-Security Kerberos Security Token profile.

The Kerberos Security token type URI. By default, the value of the property.

Gets the type of the token handled by the current instance.

The type of the token handled by the current instance. By default this is the type of the class.

Validates the specified Kerberos security token.

The security token to be validated. This must be an instance of the class. The identities that are contained in the token. is . The specified token is not assignable as a .

Represents a key identifier clause that identifies a or security token.

Initializes a new instance of the class using the specified SHA-1 hash of a Kerberos service ticket.

An array of that contains the SHA-1 hash of a Kerberos service ticket. is .

Initializes a new instance of the class using the specified Kerberos ticket, nonce, and key length.

An array of that contains the SHA-1 hash of a Kerberos service ticket. An array of that contains the nonce that was used to create a derived key. The size of the derived key. is . is zero length.

Gets the SHA-1 hash of a Kerberos service ticket.

An array of that contains the SHA-1 hash of a Kerberos service ticket.

Returns the current object.

A that represents the current object.

Represents a key identifier clause that identifies a security tokens specified in the security header of the SOAP message.

Initializes a new instance of the class using the specified identifier and array of types.

The value of the attribute for an XML element within the current SOAP message. Sets the value of the property. is . is empty.

Initializes a new instance of the class using the specified identifier, nonce, derived key length an owner security token type.

The value of the attribute for an XML element within the current SOAP message. Sets the value of the property. An array of that contains the nonce that was used to create a derived key. Sets the value that is returned by the method. The size of the derived key. Sets the value of the property. A that is the type of security token that is referred to by the parameter. Sets the value of the property. is . is empty.

Initializes a new instance of the class using the specified identifier an owner security token type.

The value of the attribute for an XML element within the current SOAP message. Sets the value of the property. A that is the type of security token that is referred to by the parameter. Sets the value of the property. is . is empty.

Gets the value of the attribute for an XML element within the current SOAP message.

The value of the attribute for an XML element within the current SOAP message.

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified key identifier clause.

A to compare to. if is of type and the values of the and properties match the current instance; otherwise, . See the remarks for more details.

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified reference and type.

The value of the attribute for an XML element within the current SOAP message. A that is the type of security token that is referred to by the parameter. if the and parameters match the values of the and properties; otherwise, .

Gets the type of security token that is referred to by the property.

A that contains the type of security token that is referred to by the property.

Returns a string that represents the current object.

A that represents the current object.

The base class for the and classes.

Called from constructors in derived classes to initialize the class.

Sets the appropriate properties inside the RSTR according to the properties of the current proof descriptor instance.

The RSTR object to be modified by this proof descriptor.

When implemented in a derived class, gets the key identifier that can be used inside issued tokens to define the key.

The key identifier.

Represents a key identifier clause that identifies a security token.

Initializes a new instance of the class using the specified RSA algorithm.

An that represents an RSA algorithm. Sets the value of the property. is .

Gets a value that indicates whether a key can be created from the key identifier clause.

in all cases.

Creates a key using the RSA algorithm.

A that is a key created using the RSA algorithm specified in the constructor.

Gets the parameter for the RSA algorithm.

An array of that contains the parameter for the RSA algorithm.

Gets the parameter for the RSA algorithm.

An array of that contains the parameter for the RSA algorithm.

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified key identifier clause.

A to compare to. if is of type and the arrays returned by the and methods for the parameter are identical to the current instance; otherwise, .

Returns a value that indicates whether the key identifier for this instance matches the specified RSA algorithm.

An that represents an RSA algorithm. if the and fields of the parameter match the values returned by the and methods for the current instance; otherwise, .

Gets the RSA algorithm that is associated with the key identifier clause.

An that represents an RSA algorithm.

Returns a string that represents the current object.

A that represents the current object.

Writes the Base64 encoded parameter of the RSA algorithm into the specified XML serializer.

A to write the Base64 encoded parameter of the RSA algorithm. is .

Writes the Base64 encoded parameter of the RSA algorithm into the specified XML serializer.

A to write the Base64 encoded parameter of the RSA algorithm. is .

Represents a security key that is generated using the RSA algorithm. This class cannot be inherited.

Initializes a new instance of the class using the specified RSA algorithm.

An that represents an RSA algorithm. is .

Decrypts the specified encrypted key.

The cryptographic algorithm that was used to encrypt the key. The supported algorithms are and . An array of that contains the encrypted key. An array of that contains the decrypted key. is not supported. The supported algorithms are and . is .

Encrypts the specified key using the specified algorithm.

The cryptographic algorithm to encrypt the key with. An array of that contains the key. An array of that contains the encrypted key. is not supported. The supported algorithms are and . is .

Gets the specified asymmetric cryptographic algorithm.

Gets a cryptographic algorithm that generates a hash for a digital signature.

The hash algorithm. The supported algorithm is . A that generates hashes for digital signatures. is not supported. The supported algorithm is .

Gets the de-formatter algorithm for the digital signature.

The de-formatter algorithm for the digital signature to get an instance of. The supported algorithm is . An that represents the de-formatter algorithm for the digital signature. is not supported. The supported algorithm is .

Gets the formatter algorithm for the digital signature.

The formatter algorithm for the digital signature to get an instance of. The supported algorithm is . An that represents the formatter algorithm for the digital signature. is not supported. The supported algorithm is .

Gets a value that indicates whether the private key is available.

when the private key is available; otherwise, .

Gets a value that indicates whether the specified algorithm uses asymmetric keys.

The cryptographic algorithm. when the specified algorithm uses asymmetric keys; otherwise, .

Gets a value that indicates whether the specified algorithm is supported by this class.

The cryptographic algorithm. when the specified algorithm is , , or ; otherwise, .

Gets a value that indicates whether the specified algorithm uses symmetric keys.

The cryptographic algorithm. when the specified algorithm uses symmetric keys; otherwise, .

Gets the size, in bits, of the key.

The size, in bits, of the key.

Represents a security token that is based upon key that is created using the RSA algorithm.

Initializes a new instance of the class using the specified RSA algorithm.

A that represents a RSA algorithm that is capable of creating an asymmetric key. Sets the value of the property. is .

Initializes a new instance of the class using the specified RSA algorithm and unique identifier.

A that represents a RSA algorithm that is capable of creating an asymmetric key. Sets the value of the property. A unique identifier of the security token. Sets the value of the property. is . -or- is .

Gets a value that indicates whether this security token is capable of creating the specified key identifier.

A that specifies the type of key identifier to create. when is of type ; otherwise, .

Creates the specified key identifier clause.

A that specifies the key identifier to create. A that is a key identifier clause for the security token.

Allows the to free resources before it is destroyed by the garbage collector.

Gets a unique identifier of the security token.

A unique identifier of the security token.

Returns a value that indicates whether the key identifier for this instance matches the specified key identifier.

A to compare to this instance. if is of type and the keys match; otherwise, .

Gets a RSA algorithm that is capable of creating an asymmetric key.

A that represents a RSA algorithm that is capable of creating an asymmetric key.

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token.

Gets the first instant in time at which this security token is valid.

A that represents the instant in time at which this security token is first valid.

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid.

Represents a that processes tokens of type .

Initializes a new instance of the class.

Indicates whether the current XML element can be read as a .

An XML reader positioned at a start element. The reader should not be advanced. if the reader is pointing to a ; otherwise, . is .

Gets a value that indicates whether this handler supports validation of tokens of type .

if the handler supports validation of tokens of type ; otherwise, . Always .

Gets a value that indicates whether this handler can write tokens of type .

if the handler can write tokens of type ; otherwise, . Always .

Gets the RSA Security Token type (URI) as defined in the WS-Security Token profile.

The RSA Security Token type URI.

Deserializes an RSA security token from XML.

An XML reader positioned at the start element of the token. The RSA security token that was deserialized from the XML. is . is not positioned at an RSA token.

Gets the of the tokens that this handler processes.

The type of .

Validates the specified security token.

The security token to validate; must be an instance of the class. The identities that are contained in the token. is . is not assignable from . The property for this handler is .

Serializes an RSA security token to XML.

The XML writer to use to serialize the token. The RSA security token to serialize. is . -or- is . is not assignable from .

Represents a element defined by SAML 2.0.

Initializes a new instance of the class with the specified namespace and action.

The action that is to be performed. The URI that represents the namespace in which the name of the specified action is to be interpreted. is . -or- is or an empty string. is not an absolute URI.

Gets or sets the URI reference that represents the XML namespace in which the name of the specified action is to be interpreted.

The that represents the namespace. An attempt to set the property to occurs. An attempt to set a value that is not an absolute URI occurs.

Gets or sets the action that the subject of the can perform on the resource.

The action that the subject of the can perform on the resource. An attempt to set a value that is or an empty string occurs.

Represents the Advice element specified in [Saml2Core, 2.6.1].

Initializes a new instance of the class.

Gets the collection of assertions referenced by ID.

A collection of type that contains IDs that reference the assertions.

Gets the collection of assertions specified by value.

A collection of type that contains the assertions.

Gets the collection of assertions referenced by URI.

A collection of type that contains URIs that reference the assertions.

Represents the Assertion element specified in [Saml2Core, 2.3.3].

Initializes a new instance of the class with the specified issuer.

A that specifies the SAML authority that is making the claim(s) in the assertion. [Saml2Core, 2.3.3]. is .

Gets or sets additional information related to the assertion that assists processing in certain situations but which may be ignored by applications that do not understand the advice or do not wish to make use of it. [Saml2Core, 2.3.3]

A that contains additional information related to the assertion.

Gets a value that indicates whether this assertion was deserialized from XML source and can re-emit the XML data unchanged.

if this assertion can re-emit the XML source data unchanged; otherwise, .

Gets or sets the conditions that must be evaluated when assessing the validity of and/or when using the assertion. [Saml2Core 2.3.3]

A that contains the conditions.

Gets or sets the credentials used for encrypting the assertion. The key identifier in the encrypting credentials is used for the embedded in the element.

Returns that represents the credentials.

Gets or sets a collection that contains any additional encrypted keys that are specified external to the EncryptedData element, as children of the EncryptedAssertion element.

A collection of type that contains the keys.

Gets or sets the identifier for this assertion. [Saml2Core, 2.3.3]

A that represents the identifier. An attempt to set the property to occurs.

Gets or sets the time instant of issue in UTC. [Saml2Core, 2.3.3]

A that represents the time at which this assertion was issued in UTC. The default is .

Gets or sets the identifier for the SAML authority that is making the claim(s) in the assertion. [Saml2Core, 2.3.3]

A that specifies the issuer. An attempt to set the property to occurs.

The credentials used by the issuer to protect the integrity of the assertion.

A that represents the credentials.

Gets a collection that contains the statements regarding the subject made in this assertion.

A collection of type that contains the statements for this assertion.

Gets or sets the subject of the statement(s) in the assertion. [Saml2Core, 2.3.3]

A that specifies the subject.

Gets the SAML version of this assertion. [Saml2Core, 2.3.3]

A string that contains the version.

Writes the source data, if available.

The with which to write the source data. No source data is available.

Represents a implementation for referencing SAML2-based security tokens.

Initializes a new instance of the class for the specified ID.

The ID that defines the clause to create. is or an empty string.

Initializes a new instance of the class for the specified ID, nonce, and key size.

The ID that defines the clause to create. An array of that contains the nonce that was used to create a derived key. Sets the value that is returned by the method. The size of the derived key. Sets the value of the property. is or an empty string.

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified key identifier clause.

A to compare to. if is the same instance as the current instance; otherwise, .

Returns a value that indicates whether the key identifier for an assertion is equivalent to the specified key identifier clause.

The ID of the assertion. A to compare to. if matches the property of ; otherwise, . is or an empty string.

Returns a string that represents the current instance.

A string representation of the current instance.

Represents the Attribute element specified in [Saml2Core, 2.7.3.1].

Initializes a new instance of the class with the specified name.

The name of the attribute. is .

Initializes a new instance of the class with the specified name and values.

The name of the attribute. A collection of strings that contains the attribute values. is . -or- is .

Initializes a new instance of the class with the specified name and value.

The name of the attribute. The value of the attribute. is . -or- is .

Gets or sets the xsi:type of the values contained in the SAML Attribute.

A string that contains the xsi:type. The default is . An attempt to set a value that is or empty occurs. -or- An attempt to set a value that is malformed occurs.

Gets or sets a human-readable name for the attribute. [Saml2Core, 2.7.3.1]

A string that contains the friendly name for the attribute.

Gets or sets the name of the attribute. [Saml2Core, 2.7.3.1]

A string that contains the attribute name. An attempt to set a value that is or an empty string occurs.

Gets or sets a URI that represents the classification of the attribute name for the purposes of interpreting the name. [Saml2Core, 2.7.3.1]

A that represents the classification. An attempt to set a value that is not and is not an absolute URI occurs.

Gets or sets the string that represents the OriginalIssuer of this SAML Attribute.

A string that contains the original issuer of the attribute. An attempt to set a value that is an empty string occurs.

Gets the collection that contains the values of the attribute.

A collection of strings that contains the attribute values.

Represents the AttributeStatement element specified in [Saml2Core, 2.7.3].

Initializes a new instance of the class with no attributes.

Initializes a new instance of the class.

A collection of type that contains the Attribute elements contained in this statement. is . -or- One of the elements of the collection specified by is .

Initializes a new instance of the class.

A that represents a single Attribute element contained in this statement. is .

Gets the collection of attributes contained in the attribute statement. These attributes are associated with the assertion subject. [Saml2Core, 2.7.3]

A collection of type that contains the attributes in the statement.

Represents the AudienceRestriction element specified in [Saml2Core, 2.5.1.4].

Initializes a new instance of the class with no Audience elements.

Initializes a new instance of the class with the specified URIs.

The collection of that contains the Audience elements contained in this restriction.

Initializes a new instance of the class.

A that represents the contents of the Audience element contained in this restriction.

Gets a collection of URIs that specifies the audiences to which the assertion is addressed. The condition is valid if the relying party is a member of any of the specified audiences.

A collection of type that specifies the audiences.

Represents the AuthnContext element specified in [Saml2Core, 2.7.2.2].

Initializes a new instance of the class.

Initializes a new instance of the class with the specified class reference.

The class reference of the authentication context. is not and is not an absolute URI.

Initializes a new instance of the class with the specified class reference and declaration reference.

The class reference of the authentication context. The declaration reference of the authentication context is not and is not an absolute URI. -or- is not and is not an absolute URI.

Gets a collection of zero or more unique identifiers (URIs) of authentication authorities that were involved in the authentication of the principal (not including the assertion issuer, who is presumed to have been involved without being explicitly included in the collection). [Saml2Core, 2.7.2.2]

A collection of URIs that identify the authenticating authorities that were involved in the authentication of the principal.

Gets or sets the URI reference that identifies an authentication context class that describes the authentication context declaration that follows. [Saml2Core, 2.7.2.2]

A that identifies the context class. An attempt to set a value that is not and is not an absolute URI occurs.

Gets or sets a URI reference that identifies an authentication context declaration. [Saml2Core, 2.7.2.2]

A that identifies an authentication context declaration. An attempt to set a value that is not and is not an absolute URI occurs.

Represents the AuthnStatement element specified in [Saml2Core, 2.7.2].

Initializes a new instance of the class with the specified authentication context and the current time as the authentication instant.

The authentication context of this statement. is .

Initializes a new instance of the class with the specified authentication context and authentication time.

The authentication context of this statement. The time of the authentication. is .

Gets or sets the context used by the authenticating authority up to and including the authentication event that yielded this statement. [Saml2Core, 2.7.2]

A that represents the context. An attempt to set a value that is occurs.

Gets or sets the time at which the authentication took place. [Saml2Core, 2.7.2]

A that represents the time of authentication in UTC.

Gets or sets the index of a particular session between the principal identified by the subject and the authenticating authority. [Saml2Core, 2.7.2]

A string that contains the session index.

Gets or sets the time instant at which the session between the principal identified by the subject and the SAML authority issuing this statement must be considered ended. [Saml2Core, 2.7.2]

A nullable that represents the session expiration time in UTC. A value indicates that the attribute is not specified.

Gets or sets the DNS domain name and IP address for the system from which the assertion subject was apparently authenticated. [Saml2Core, 2.7.2]

A that specifies the DNS domain name and IP address.

Represents the element defined by SAML 2.0.

Initializes a new instance of the class with the specified decision for the specified resource.

The of the resource about which the authorization decision applies. Sets the property. A value that indicates the decision. Sets the property. is . is not an absolute URI or an empty relative URI. is not a valid value.

Initializes a new instance of the class with the specified decision for the specified actions on the specified resource.

The of the resource about which the authorization decision applies. Sets the property. A value that indicates the decision. Sets the property. A collection of that specifies the actions to be authorized on the resource. Sets the property. is . is not an absolute URI or an empty relative URI. is not a valid value.

Gets or sets the set of actions authorized to be performed on the specified resource.

A collection of type that specifies the authorized actions.

Gets or sets the decision rendered by the SAML authority with respect to the specified resource.

One of the values that specify the authorization decision rendered by the SAML authority with respect to access by the subject to the specified resource. An attempt to set a value that is not a valid value occurs.

Gets an empty URI reference. The reference may be used to set the property. When used, it specifies the start of the current document.

Gets or sets the set of assertions that the SAML authority relied on in making the decision. [Saml2Core, 2.7.4]

A that contains the assertions.

Gets or sets the URI reference that identifies the resource to which access authorization is sought.

A that identifies the resource. An attempt to set a value that is occurs. An attempt to set a value that is not an absolute URI or is not an empty relative URI occurs.

Represents the Conditions element specified in [Saml2Core, 2.5.1].

Initializes a new instance of the class.

Gets a collection that specifies the audience to which the assertion is addressed. [Saml2Core, 2.5.1]

A collection of type that specifies the audience for the assertion. If the collection is empty no restrictions on the audience apply.

Gets or sets the earliest time instant at which the assertion is valid. [Saml2Core, 2.5.1]

A nullable that contains the time instant in UTC. A value indicates that the attribute is not present. The property is not and an attempt to set a value that occurs on or after the time instant specified by the property occurs.

Gets or sets the time instant at which the assertion has expired. [Saml2Core, 2.5.1]

A nullable that contains the time instant in UTC. A value indicates that the attribute is not present. The property is not and an attempt to set a value that occurs before the time instant specified by the property occurs.

Gets a value that specifies whether the assertion should be used immediately and must not be retained for future use. [Saml2Core, 2.5.1]

if the assertion should be used immediately; otherwise, .

Gets or sets the limitations that the asserting party imposes on relying parties that wish to subsequently act as asserting parties themselves and issue assertions of their own on the basis of the information contained in the original assertion. [Saml2Core, 2.5.1]

A that contains the restrictions placed on subsequent asserting parties.

Represents the Evidence element specified in [Saml2Core, 2.7.4.3].

Initializes a new instance of the class.

Initializes a new instance of the class with the specified assertion.

A that contains the evidence. is .

Initializes a new instance of the class with an ID that references an assertion.

A that references the assertion. is .

Initializes a new instance of the class with a URI that references an assertion.

A that references an assertion. is .

Gets the collection of assertions referenced by ID.

A collection of type that contains IDs that reference the assertions.

Gets the collection of assertions specified by value.

A collection of type that contains the assertions.

Gets the collection of assertions referenced by URI.

A collection of type that contains URIs that reference the assertions.

Represents the identifier used for SAML assertions.

Initializes a new instance of the class with a system-generated value.

Initializes a new instance of the class with the specified value.

The ID value. is not a valid NCName. is or an empty string.

Determines whether this instance is equal to the specified object.

The object with which to compare this instance. if the objects are equal; otherwise .

Returns a hash code for this instance.

An integer that contains the hash code.

Returns a string representation of this instance.

The string representation of the .

Gets the identifier string.

The ID string.

Represents the NameID element as specified in [Saml2Core, 2.2.3] or the EncryptedID element as specified in [Saml2Core, 2.2.4].

Initializes a new instance of the class with the specified name.

The name identifier. is .

Initializes a new instance of the class with the specified name and format URI.

The name identifier. A that specifies the identifier format. is . An attempt to set to a value that is not and is not an absolute URI occurs.

Gets or sets the credentials used for encrypting the name identifier in an EncryptedID element.

A that represents the credentials used to encrypt the name identifier.

Gets a collection that contains additional encrypted keys that are specified external to the xenc:EncryptedData element, as child elements of the EncryptedID element.

A that contains the keys.

Gets or sets a URI reference that represents the classification of string-based identifier information. [Saml2Core, 2.2.2]

A . An attempt to set a value that is not and is not an absolute URI occurs.

Gets or sets the security or administrative domain that qualifies the name. [Saml2Core, 2.2.2]

The name qualifier.

Gets or sets the name of a service provider or affiliation of providers that is used to further qualify a name [Saml2Core, 2.2.2].

The service provider name qualifier.

Gets or sets a name identifier established by a service provider or affiliation of providers for the entity, if different from the primary name identifier. [Saml2Core, 2.2.2]

A string that contains the name identifier.

Gets or sets the value of the name identifier.

A string that contains the name identifier value. An attempt to set a value that is occurs.

Represents the ProxyRestriction element specified in [Saml2Core, 2.5.1.6].

Initializes a new instance of the class.

Gets or sets the set of audiences to whom the asserting party permits new assertions to be issued on the basis of this assertion.

A collection of type that contains the addresses of the entities about which new assertions can be issued.

Gets or sets the maximum number of indirections that the asserting party permits to exist between this assertion and an assertion which has ultimately been issued on the basis of it.

A nullable integer. indicates that the attribute is not set and no limitation is set on the number of indirections. An attempt to set a value that is not and is less than zero occurs.

This class is used when a Saml2Assertion is received without a <ds:KeyInfo> element inside the signature element. The KeyInfo describes the key required to check the signature. When the key is needed this clause will be presented to the current . It will contain the Saml2Assertion fully read which can be queried to determine the key required.

Initializes a new instance of the class.

The assertion that is currently being processed. Sets the value of the property.

Gets the Saml2Assertion that is currently associated with this instance.

The Saml2Assertion that is currently associated with this instance. Can be .

Represents a security token that is based upon a SAML assertion.

Initializes a new instance of the class using the specified SAML assertion.

A that represents the SAML assertion for this security token.

Initializes a new instance of the class using the specified SAML assertion, cryptographic keys and issuer token.

A that represents the SAML assertion for this security token. The set of keys associated with this security token. The token of the issuer for this security token.

Gets the SAML assertion for this security token.

A that represents the SAML assertion for this security token.

Gets a value indicating whether this security token is capable of creating the specified key identifier.

A that specifies the key identifier to create. when is of type ; otherwise, .

Creates the specified key identifier clause.

A that specifies the key identifier to create. A that is a key identifier clause for a SAML security token. is not of type .

Gets a unique identifier of the security token.

The unique identifier of the security token.

Gets the security token of the issuer.

The security token of the issuer.

Returns a value indicating whether the key identifier for this instance is equal to the specified key identifier.

An to compare to this instance. if is a and it has the same unique identifier as the property; otherwise, .

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token.

Gets the first instant in time at which this security token is valid.

A that represents the first instant in time at which this security token is valid.

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid.

Represents a security token handler that creates security tokens from SAML 2.0 Assertions.

Initializes a new instance of the class with default security token requirements.

Initializes a new instance of the class with the specified security token requirements.

The to be used by this instance when validating tokens. Sets the property. is .

Adds all of the delegates associated with the subject into the attribute collection.

The delegate of this object will be serialized into a . A collection of type . The token descriptor. is . -or- is .

Indicates if the current XML element is pointing to a key identifier clause that can be serialized by this instance.

An XML reader positioned at the start element. if the method can read the element; otherwise, .

Indicates whether the current XML element can be read as a token of the type handled by this instance.

An XML reader positioned at a start element. The reader should not be advanced. if the method can read the element; otherwise, .

Gets a value that indicates if this handler can validate tokens of type .

, which indicates that the handler can validate tokens of type .

Indicates if the specified key identifier clause can be serialized by this instance.

The to be serialized. if the specified key identifier clause can be serialized; otherwise, .

Gets a value that indicates whether this handler can serialize tokens of type .

; which indicates that the handler can serialize tokens of type .

Gets or sets the X.509 certificate validator that is used by the current instance to validate X.509 certificates.

An that represents the validator.

Collects attributes with a common claim type, claim value type, and original issuer into a single attribute with multiple values.

A collection of type that contains the attributes generated from claims. A collection of that contains attributes derived from the input collection. Attributes in the input collection that share a common claim type, claim value, and original issuer with other attributes are consolidated into a single attribute with multiple values in the output collection. Attributes in the input collection that do not share claim type, claim value, or original issuer with other attributes appear unaltered in the output collection.

Creates a object for the assertion.

The token descriptor. A object. The default is .

Creates a object from a claim.

The from which to generate the SAML Attribute. The token descriptor. A that contains the converted claim. is .

Creates a object from a token descriptor.

The object that contains claims which will be converted to SAML Attributes. The token descriptor. A that contains the converted claims.

Creates a SAML 2.0 authentication statement from the specified authentication information.

An object that contains the state to be wrapped as a object. The token descriptor. A to add to the assertion being created or to ignore the object (and not create a SAML 2.0 authentication statement). is . -or- The property of is . The subject of the (the property) contains claims with a claim type of either or but does not contain at least one claim of each type. -or- The authentication method specified by the subject of the cannot be resolved to an absolute URI.

Creates claims from a SAML 2.0 token.

A that represents the security token from which to create the claims. An that contains the claims extracted from the token. is . The property of is . The handler is not configured or an issuer name registry is not configured for the handler. (The property is or is set to a with an property that is . The issuer name returned by the configured issuer name registry for the security token () is or empty.

Creates the conditions for the assertion.

The lifetime of the token. The endpoint address for which the token is created. The address is modeled as an AudienceRestriction condition. The token descriptor. A object that contains the conditions for the assertion.

Creates a name identifier that identifies the assertion issuer.

The token descriptor from which to create the name identifier. A that represents the name identifier. is .

Creates a SAML 2.0 subject for the assertion.

The security token descriptor from which to create the subject. A that represents the subject of the assertion. is .

Creates the security token reference when the token is not attached to the message.

The SAML token. A value that indicates whether an attached or unattached reference should be created. A that represents the token reference. (An instance of is actually returned.) is .

Creates SAML 2.0 statements to be included in the assertion.

The token descriptor from which to create the statements. An enumeration of that contains the statements. is .

Creates a security token based on a token descriptor.

The token descriptor from which to create the security token. A that represents the SAML 2.0 security token. (The token returned is actually an instance of .) is .

Creates a object using the specified User Principal Name (UPN).

The UPN to use to create the identity. The Windows identity that was created. is or an empty string.

Builds an XML formatted string from a collection of SAML 2.0 attributes that represent the Actor.

An enumeration of type that contains the attributes. A well-formed XML string constructed using the attributes.

Returns the Saml2 AuthenticationContext matching a normalized value.

The normalized value. A string that represents the denormalized authentication type used to obtain the token.

Throws an exception if the specified token already exists in the token replay cache; otherwise the token is added to the cache.

A that represents the SAML 2.0 security token (the token should be of type ) to be checked. is . The property is . -or- There is no configured under the property of the handler configuration (accessed through the property). cannot be cast as an instance of . The ID of the assertion associated with the token is or empty. (The property of the token references a that has an property that references a with a property that is or empty.) The token already exists in the .

Finds the UPN claim value in the specified object for the purpose of mapping the identity to a object.

The claims identity object containing the desired UPN claim. A string that contains the UPN claim value found.

Gets the token encrypting credentials. Override this method to change the token encrypting credentials.

Retrieves some scope encrypting credentials from the Scope object. An that represents the token encrypting credentials. is . The encrypting credentials retrieved from the token descriptor are asymmetric.

Gets the credentials for signing the assertion.

The token descriptor. A that represents the credentials for signing the assertion. is .

Returns the time until which the token should be held in the token replay cache.

The token for which to return the expiration time. A that represents the expiration time. is .

Gets the token type identifier(s) supported by this handler.

An array of strings that contains the token type identifier(s) supported by this handler.

Gets or sets the security token serializer that is used to serialize and deserialize key identifiers.

A that represents the serializer. An attempt to set the value to occurs.

Loads custom configuration from XML.

An that specifies the SAML token authentication requirements. is . The configuration specified in is not valid.

Returns the normalized value matching a SAML authentication context class reference.

A string representing one of the System.IdentityModel.Tokens.Saml2Constants.AuthenticationContextClasses constants. A string that contains the normalized value.

Creates claims from a SAML 2.0 attribute statement and adds them to the specified subject.

The from which the claims are created. The subject to which the claims are added. The issuer. is . -or- is .

Creates claims from a SAML 2.0 authentication statement and adds them to the specified subject.

The from which the claims are created. The subject to which the claims are added. The issuer. is . -or- is .

Creates claims from a SAML 2.0 authorization decision statement and adds them to the specified subject.

The from which the claims are created. The subject to which the claims are added. The issuer.

Creates claims from the SAML 2.0 subject and adds them to the specified subject.

The from which the claims are created. The subject to which the claims are added. The issuer. is . -or- is .

Creates claims from a collection of SAML 2.0 statements and adds them to the specified subject.

A collection of from which the claims are created. The subject to which the claims are added. The issuer. is .

Reads the <saml:Action> element.

An positioned at the element to read. A that represents the Action element that is read. is .

Reads the <saml:Advice> element.

An positioned at the element to read. A that represents the Advice element that is read. is .

Reads the <saml:Assertion> element.

An positioned at the element to read. A that represents the Assertion element that is read. is .

Reads the <saml:Attribute> element.

An positioned at the element to read. A that represents the Assertion element that is read. is .

Reads the <saml:AttributeStatement> element, or a <saml:Statement> element that specifies an xsi:type of saml:AttributeStatementType.

An positioned at the element to read. A that represents the element that is read. is .

Reads an attribute value.

An positioned at the element to read. The attribute being read. A string that contains the attribute value. is .

Reads the <saml:AudienceRestriction> element or a <saml:Condition> element that specifies an xsi:type of saml:AudienceRestrictionType.

An positioned at the element to read. A that represents the element that was read. is .

Reads the <saml:AuthnContext> element.

An positioned at the element to read. A that represents the AuthnContext element that is read. is .

Reads the <saml:AuthnStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthnStatementType.

An positioned at the element to read. A that represents the element that is read. is .

Reads the <saml:AuthzDecisionStatement> element or a <saml:Statement> element that specifies an xsi:type of saml:AuthzDecisionStatementType.

An positioned at the element to read. A that represents the element that is read. is .

Reads the <saml:Conditions> element.

An positioned at the element to read. A that represents the Conditions element that is read. is . is not positioned at a Conditions element.

Reads the <saml:EncryptedId> element.

An pointing at the EncryptedId element. A that represents the EncryptedId element that was read. is . is not positioned at an EncryptedID element.

Reads the <saml:Evidence> element.

An positioned at the element to read. A that represents the Evidence element that is read. is .

Reads the <saml:Issuer> element.

An positioned at the element to read. A that represents the Issuer element that is read. is .

Reads a SecurityKeyIdentifierClause.

The with which to read. A that represents the security key identifier clause. is .

Reads the <saml:NameID> element.

An positioned at a NameID element. A that represents the NameID element that was read. is .

Both <Issuer> and <NameID> are of NameIDType. This method reads the content of either one of those elements.

An positioned at NameID type. A constructed from the XML. is .

Reads the <saml:ProxyRestriction> element, or a <saml:Condition> element that specifies an xsi:type of saml:ProxyRestrictionType.

An positioned at the element to read. A that represents the element that was read. is .

Deserializes the SAML Signing KeyInfo.

An XmlReader that can be positioned at a ds:KeyInfo element. The assertion that is having the signature checked. The that represents the key to use to check the signature. is .

Reads the <saml:Statement> element.

An positioned at the element to read. A that represents the Statement element that was read. is .

Reads the <saml:Subject> element.

An positioned at the element to read. A that represents the Subject element that was read. is .

Reads the <SubjectConfirmation> element.

An positioned at the element to read. A that represents the SubjectConfirmation element that was read. is .

Reads the <saml:SubjectConfirmationData> element.

An positioned at the element to read. A that represents the SubjectConfirmationData element that was read. is .

This method handles the construct used in the <Subject> and <SubjectConfirmation> elements for ID.

An positioned at the Subject ID XML. The parent element that contains this Subject ID. A constructed from the XML. is .

Deserializes the SAML Subject <ds:KeyInfo> element.

An positioned at a <ds:KeyInfo> element. A that represents the contents of the <ds:KeyInfo> element. is .

Reads the <saml:SubjectLocality> element.

An positioned at the element to read. A that represents the SubjectLocality element that was read. is .

Reads a SAML 2.0 token from the specified stream.

A stream to a SAML 2.0 Security Token. An instance of . The property is . -or- The property of the configuration specified by the property is . -or- The property of the configuration specified by the property is .

Resolves the Signing Key Identifier to a .

The for which the Issuer token is to be resolved. The current associated with this handler. A that represents the resolved token. is . The handler is unable to resolve the token.

Resolves the collection of referenced in a .

The to process. The to use in resolving the objects. A collection of type that contains the keys. is . The handler is unable to resolve the keys.

Gets or sets the security token requirements for this instance.

A that specifies the requirements. An attempt to set the value to occurs.

This method gets called when a special type of is detected. The passed in wraps a that contains a collection of attribute values (in the property), each of which will get mapped to a claim. All of the claims will be returned in an with the specified issuer.

The to use. The that is the subject of this token. The issuer of the claim. The does not contain any valid attribute values.

The key identifier value type for SAML 2.0 assertion IDs, as defined by the OASIS Web Services Security SAML Token Profile 1.1. This is a URI.

Gets the token type supported by this handler.

The of the class.

Resolves the Signing Key Identifier to a SecurityToken.

The for which the Issuer token is to be resolved. The current associated with this handler. When this method returns, contains the resolved security token if a token was successfully resolved. if the token is resolved.

Validates the specified object.

The SAML 2.0 condition to be validated. to check for Audience Restriction condition.

Validates the specified object.

The SAML 2.0 subject confirmation data.

Validates the token data and returns its claims.

The SAML 2.0 token to be validated. The identities contained in the token.

Writes the <saml:Action> element.

The with which to write the data. The data to write. is . -or- is .

Writes the <saml:Advice> element.

The with which to write the data. The data to write. is . -or- is .

Serializes the specified SAML assertion to the specified XML writer.

The to use for the serialization. A that represents the assertion to serialize. is . -or- is . The property of the assertion specified by is either or has no elements. -or- There are no statements and no subject in the assertion specified by . (Both the property and the property are .) If an assertion does not contain statements, it must contain a subject. -or- The assertion specified by contains an authentication, attribute, or authorization decision statement and no subject - these statements require a subject. (The property contains a statement of type , , or and the property is ). The token encrypting credentials do not have a Symmetric Key specified.

Writes the <saml:Attribute> element.

The with which to write the data. The data to write. is . -or- is .

Writes the <saml:AttributeStatement> element.

The with which to write the data. The data to write. is . -or- is .

Writes the saml:Attribute value.

The with which to write. A string that contains the attribute value to be written. A that represents the attribute whose value is being written. is .

Writes the <saml:AudienceRestriction> element.

The with which to write the data. The data to write. is . -or- is .

Writes the <saml:AuthnContext> element.

The with which to write the data. The data to write. is . -or- is .

Writes the <saml:AuthnStatement> element.

The with which to write the data. The data to write. is . -or- is .

Writes the <saml:AuthzDecisionStatement> element.

The with which to write the data. The data to write. is . -or- is .

Writes the <saml:Conditions> element.

The with which to write the data. The data to write. is . -or- is .

Writes the <saml:Evidence> element.

The with which to write the data. The data to write. is . -or- is .

Writes the <saml:Issuer> element.

The with which to write the data. The data to write. is . -or- is .

Serializes a to the specified XML writer.

The to serialize the key identifier clause. A that represents the key identifier clause to be serialized. is . -or- is .

Writes the <saml:NameID> element.

The with which to serialize the . The to be serialized. is . -or- is . The Saml2NameIdentifier encrypting credentials must have a Symmetric Key specified.

Both <Issuer> and <NameID> are of NameIDType. This method writes the content of either one of those elements.

The with which to serialize the NameID type. The to write. is . -or- is .

Writes the <saml:ProxyRestriction> element.

The with which to write the data. The data to write. is . -or- is .

Writes the Signing <ds:KeyInfo> element using the specified XML writer.

The with which to serialize the key identifier. The that represents the key identifier to write. is . -or- is . The handler cannot serialize the key identifier specified by .

Writes a Saml2Statement.

The with which to write the data. The data to write. is . -or- is .

Writes the <saml:Subject> element.

The with which to write the data. The data to write. is . -or- is .

Writes the <saml:SubjectConfirmation> element.

The with which to write the data. The data to write. is . -or- is .

Writes the <saml:SubjectConfirmationData> element.

The with which to write the data. The data to write. is . -or- is .

Serializes the Subject <ds:KeyInfo> element using the specified XML writer.

The with which to serialize the key identifier. The that represents the key identifier to write. is . -or- is .

Writes the <saml:SubjectLocality> element.

The with which to write the data. The data to write. is . -or- is .

Writes a Saml2 Token to the specified XML writer.

The with which to write the data. The token to write. is . -or- is . is not a object.

Represents the StatementAbstractType specified in [Saml2Core, 2.7.1].

Called from constructors in derived classes to initialize the class.

Represents the Subject element specified in [Saml2Core, 2.4.1].

Initializes a new instance of the class.

Initializes a new instance of the class with the specified object.

A that represents the name identifier.

Initializes a new instance of the class with the specified object.

A that contains confirmation information. is .

Gets or sets the identifier for the subject. [Saml2Core, 2.4.1]

A that contains the identifier.

Gets a collection that contains information that allows the subject to be confirmed. [Saml2Core, 2.4.1]

A collection of type .

Represents the SubjectConfirmation element specified in [Saml2Core, 2.4.1.1].

Initializes a new instance of the class with the specified confirmation method.

The that indicates the confirmation method. is . is not an absolute URI.

Initializes a new instance of the class with the specified confirmation method and additional confirmation information.

The that indicates the confirmation method. The that contains the additional confirmation information. is . is not an absolute URI.

Gets or sets a URI reference that identifies a protocol or mechanism to be used to confirm the subject. [Saml2Core, 2.4.1.1]

A that represents the reference. An attempt to set the property to occurs. An attempt to set a value that is not an absolute URI occurs.

Gets or sets the identifier for the entity expected to satisfy the enclosing subject confirmation requirements. [Saml2Core, 2.4.1.1]

A that specifies the entity.

Gets or sets additional confirmation information to be used by a specific confirmation method. [Saml2Core, 2.4.1.1]

A that contains information to be used with the confirmation method.

Represents the SubjectConfirmationData element and the associated KeyInfoConfirmationDataType defined in [Saml2Core, 2.4.1.2-2.4.1.3].

Initializes a new instance of the class.

Gets or sets the network address/location from which an attesting entity can present the assertion. [Saml2Core, 2.4.1.2]

A string that contains the address.

Gets or sets the ID of a SAML protocol message in response to which an attesting entity can present the assertion. [Saml2Core, 2.4.1.2]

A that represents the ID.

Gets the collection of cryptographic keys that are used in some way to authenticate an attesting entity. [Saml2Core, 2.4.1.3]

A collection of type that contains the keys.

Gets or sets a time instant before which the subject cannot be confirmed. [Saml2Core, 2.4.1.2]

A nullable that contains the time instant in UTC.

Gets or sets the time instant at which the subject can no longer be confirmed. [Saml2Core, 2.4.1.2]

A nullable that contains the time instant in UTC.

Gets or sets a URI that specifies the entity or location to which an attesting entity can present the assertion. [Saml2Core, 2.4.1.2]

A that specifies the entity or location. An attempt to set a value that is not and is not an absolute URI occurs.

Represents the SubjectLocality element specified in [Saml2Core, 2.7.2.1].

Initializes a new instance of the class.

Initializes a new instance of the class from an address and DNS name.

A string that contains the address. A string that contains the DNS name.

Gets or sets the network address of the system from which the principal identified by the subject was authenticated. [Saml2Core, 2.7.2.1]

A string that contains the address.

Gets or sets the DNS name of the system from which the principal identified by the subject was authenticated. [Saml2Core, 2.7.2.1]

A string that contains the DNS name.

Specifies whether the subject of a security token is granted access to a given resource.

Specifies that access to a resource is denied.

Specifies that the security token service that issued the security token does not have enough information to determine the access permissions for a particular resource. A recipient of the security token must use other means to determine the user's access permissions.

Specifies that access to a resource is granted.

Represents the element within a SAML assertion that contains an action on a specified resource.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified action.

The action that the subject of the security token seeks to perform on the specified resource. is . -or- is .

Initializes a new instance of the class using the specified action.

The action that the subject of the security token seeks to perform on the specified resource. The XML namespace in which the parameter is defined. is . -or- is .

Gets or sets the action that the subject of the can perform on the specified resource.

The action that the subject of the security token seeks to perform on the specified resource. The property is set to . -or- The property is set to . The value of the property is and the property is set.

Gets a value that indicates whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, .

Causes this instance to be read-only.

Gets or sets the XML namespace in which the property is defined.

The XML namespace in which the property is defined. The property is and the property is set.

Reads the element using the specified XML reader.

A to read the XML element. A that is capable of reading XML elements in the SAML assertion that are defined in the SAML specification. A that can read a clause. A that determines the security token that created the digital signature for SAML assertions referenced by the XML element. is . -or- is .

Writes the into the specified XML writer as a element.

A to write the element. A that is capable of writing the element and its child elements and attributes that are defined in the SAML specification. A that is capable of writing clauses. is . -or- is .

Represents the element within a SAML assertion that contains additional information provided by the SAML authority.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified collection of SAML assertions.

An of type that contains SAML assertions that provides additional information for a SAML assertion. contains a element.

Initializes a new instance of the class.

An of type that contains a collection of references to SAML assertions that provide additional information on a SAML assertion. contains a element.

Initializes a new instance of the class using the specified collections of SAML assertions and SAML assertion references.

An of type that contains a collection of references to SAML assertions that provide additional information on a SAML assertion. An of type that contains SAML assertions that provide additional information for a SAML assertion. contains a element. -or- contains a element.

Gets a collection of references to SAML assertions.

An of type that contains a collection of references to SAML assertions that provide additional information on a SAML assertion.

Gets a collection of SAML assertions.

An of type that contains SAML assertions that provides additional information for a SAML assertion.

Gets a value indicating whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, . The default is .

Causes this instance to be read-only.

Reads the XML element using the specified XML reader.

An to read the XML element. A that is capable of reading XML elements in the SAML assertion that are defined in the SAML specification. A that can read a clause. A that determines the security token that created the digital signature for SAML assertions that contain this XML element. is -or- is The element does not conform to the XML schema for the element.

Writes this into the specified XML writer as an element.

A to write the element. A that is capable of writing the element and its child elements and attributes that are defined in the SAML specification. A that is capable of writing clauses. is -or- is

Represents a Security Assertion Markup Language 1.1 (SAML 1.1) assertion.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified SAML assertion identifier, issuer of the assertion, the date and time when the assertion was issued, a set of processing conditions, additional information, and a collection of SAML statements.

The identifier for the assertion. The SAML authority that issued this SAML assertion. A that specifies when the SAML assertion was issued. A that specifies a set of conditions that may be taken into account when assessing the validity of the SAML assertion. A that specifies additional information supplied by the SAML authority that can aide in the processing of the SAML assertion. An of type that contain SAML statements. is . -or- is . -or- does not start with a letter or the "_" character. -or- is . -or- is . -or- is . -or- does not contain any elements. -or- contains a element.

Gets or sets additional information related to the that is supplied by the SAML authority that can aide in the processing of the SAML assertion.

A that specifies additional information that is supplied by the SAML authority that can aide in the processing of the SAML assertion. The property is set and the property is .

Gets or sets the identifier for this assertion.

The identifier for this assertion. The value of the property is and an attempt is made to set the property. An attempt is made to set the property to or an empty string.

Gets a value that indicates whether this assertion was deserialized from XML source and can re-emit the XML data unchanged.

if this assertion can re-emit the XML source data unchanged; otherwise, .

Gets or sets a set of conditions that may be taken into account when assessing the validity of the SAML assertion.

A that specifies a set of conditions that may be taken into account when assessing the validity of the SAML assertion. The property is and an attempt is made to set the property.

Gets a value indicating whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, . The default is .

Gets or sets the date and time when the SAML assertion was issued.

A expressed in the Coordinated Universal Time (UTC) that specifies when the SAML assertion was issued. The property is and an attempt is made to set the property.

Gets or sets the name of the SAML authority that issued this SAML assertion.

The SAML authority that issued this SAML assertion. The property is and an attempt is made to set the property. An attempt is made to set the property to or an empty string.

Gets the major version of the SAML specification to which this SAML assertion conforms.

The major version of the SAML specification to which this SAML assertion conforms. The default value is the value of the property.

Causes this instance to be read-only.

Gets the minor version of the SAML specification to which this SAML assertion conforms.

The minor version of the SAML specification to which this SAML assertion conforms. The default value is the value of the property.

Reads the digital signature for a SAML assertion from an XML reader.

A to read the digital signature. A that reads the clause of the digital signature. A that determines the security token that created the digital signature. A that is capable of reading XML elements that are defined in the SAML specification. is -or- is -or- the digital signature has not been read from the SAML assertion yet.

Reads a SAML assertion from the specified XML reader.

A to read the SAML assertion. A that is capable of reading XML elements in the SAML assertion that are defined in the SAML specification. A that reads the clause of the digital signature. A that determines the security token that created the digital signature. is -or- is the method had been previously called and that SAML assertion was digitally signed. does not refer to a SAML assertion that is compliant with the SAML 1.1 specification.

Gets or sets the security credentials that are used to digitally sign the SAML assertion.

A that is used to digitally sign the SAML assertion. The property is and an attempt is made to set the property.

Gets the security token contained in or referenced by a digitally signed SAML assertion.

A contained in or referenced by a digitally signed SAML assertion.

Gets the set of SAML statements associated with the SAML assertion.

An of type that contains the SAML statements associated with the SAML assertion.

Writes the source data, if available.

The XML writer with which to write the source data. No source data is available

Writes the SAML assertion into the specified XML writer as a element.

A to write the SAML assertion. A that is capable of writing the objects in the to XML. A that is capable of writing clauses. is -or- is the is configured such that serializing it into XML would result non-compliance with the SAML v1.1 specification.

Represents a element that references a element in a SOAP message.

Initializes a new instance of the class using the specified SAML assertion identifier.

The identifier of the that contains the key identifier is .

Initializes a new instance of the class using the specified SAML assertion identifier, nonce, and key length.

The identifier of the that contains the key identifier. An array of that contains the nonce that was used to create a derived key. The size of the derived key. is .

Gets the identifier for the that contains the key identifier.

The identifier for the that contains the key identifier.

Determines whether the specified key identifier is the same as the current instance.

A to be compared. when the specified key identifier is the same as the current instance; otherwise, .

Determines whether the specified SAML assertion identifier is the same as the current instance.

The SAML assertion identifier to be compared. when has the same value as the current instance's property; otherwise, .

Returns a that includes the SAML assertion identifier that represents the current key identifier clause.

A that includes the SAML assertion identifier that represents the current instance.

Represents an attribute that is associated with the subject of a .

Initializes a new instance of the class.

Initializes a new instance of the class using the specified claim.

A that represents an attribute of the subject for a security token. is . The property of is not of type . -or- The property of is not . -or- The property of does not have a '/' character or it is in the first or last index positions.

Initializes a new instance of the class using the specified attribute name, XML namespace, and attribute values.

The XML namespace in which the parameter is defined. The name of the SAML attribute. An that contains the values of the SAML attribute. is . -or- is . -or- is . The property of is not of type . -or- The property of is not . -or- The property of does not have a '/' character or it is in the first or last index positions.

Gets a collection of attribute values for the SAML attribute.

A that contains the set of attribute values for the SAML attribute.

Gets or sets the xsi:type of the values contained in the SAML Attribute.

A string that contains the xsi:type. The default is . An attempt to set a value that is or empty occurs. -or- An attempt to set a value that is malformed occurs.

Gets a collection of claims that this SAML attribute represents.

A of type that contains the set of claims that this SAML attribute represents.

Gets a value that indicates whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, . The default is .

Causes this instance to be read-only.

Gets or sets the name of the SAML attribute.

The name of the SAML attribute. The property is set and the property is . The property is set to .

Gets or sets the XML namespace in which the name of the SAML attribute is defined.

The XML namespace in which the name of the SAML attribute is defined.

Gets or sets the string that represents the OriginalIssuer of the SAML attribute.

The original issuer of the SAML attribute. An attempt to set a value that is an empty string occurs.

Reads the SAML attribute from the specified XML reader.

A to read the SAML attribute. A that is capable of reading XML elements in the SAML specification. A that reads the clause of the digital signature. A that determines the security token that created the digital signature. is . -or- is . refers to an XML element that does not have the and attributes.

Writes the SAML attribute into the specified XML serializer.

A to write the SAML attribute. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing clauses. is . -or- is .

Contains a set of attributes associated with a particular .

Initializes a new instance of the class.

Initializes a new instance of the class using the specified subject and set of attributes associated with the subject.

A that specifies the subject of the claim. An of type that contains a set of attributes associated with the subject. is . contains a member that is . -or- contains zero members.

Adds the specified set of claims as attributes to this SAML statement.

An of type that contains the set of claims to add to the SAML statement.

Gets a collection of attributes associated with the subject of the SAML assertion.

An of type that contains a set of attributes associated with the subject.

Gets a value indicating whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, . The default is .

Causes this instance to be read-only.

Reads the SAML attribute statement from the specified XML reader.

An to read the SAML attribute statement. A that is capable of reading XML elements in the SAML attribute statement that is defined in the SAML specification. A that reads the clause of the digital signature. A that determines the security token that created the digital signature. is -or- is refers to an XML element that does not contain a element -or- refers to an XML element that contains a element that does not have an attribute value.

Writes the SAML attribute statement into the specified XML serializer.

An to write the SAML attribute statement. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing clauses. is -or- is

Specifies that a SAML assertion is addressed to a particular audience.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified set of audiences a SAML assertion is intended for.

An of type that contain a set of intended audiences. is .

Gets the set of audiences a SAML assertion is intended for.

An of type that contain a set of intended audiences.

Gets a value that indicates whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, .

Causes this instance to be read-only.

Reads the element from the specified XML reader.

A to read the element. A that is capable of reading XML elements in the SAML assertion that are defined in the SAML specification. A that reads the clause of the digital signature. A that determines the security token that created the digital signature. is . -or- is . The element has a child element does not have a value.

Writes the element into the specified XML serializer.

A to write the element. A that is capable of writing XML elements in the SAML assertion that is defined in the SAML specification. A that is capable of writing clauses. is . -or- is .

Represents the resource type for a claim that is created from a .

Initializes a new instance of the class using the specified instant in time, authentication method, DNS domain name, and IP address.

A that specifies the instant in time at which the subject was authenticated. A URI reference that specifies how the subject was authenticated. The DNS domain name in which the computer that authenticated the subject resides. The IP address of the computer that authenticated the subject.

Initializes a new instance of the class using the specified instant in time, authentication method, DNS domain name, IP address, and reference to additional information.

Gets the instant in time at which the subject was authenticated.

A that specifies the instant in time at which the subject was authenticated.

Gets or sets the method that was used to authenticate the subject.

The method that was used to authenticate the subject.

Gets additional information about the subject.

An of type that contains additional information about the subject.

Gets the DNS domain name in which the computer that authenticated the subject resides.

The DNS domain name in which the computer that authenticated the subject resides.

Returns a value that indicates whether the instance is equal to the specified object.

An object to compare to this instance. if is a and has the same value as this instance; otherwise, .

Returns the hash code for the .

A hash code for the .

Gets or sets the IP address of the computer that authenticated the subject.

The IP address of the computer that authenticated the subject.

Represents a claim for a security token that asserts that the subject was authenticated by a particular means at a particular time.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified authentication details.

A that represents the subject of the claim. A URI reference that specifies how the subject was authenticated. A that specifies the instant in time at which the subject was authenticated. The DNS domain name in which the computer that authenticated the subject resides. The IP address of the computer that authenticated the subject. An of type that contains additional information about the subject. contains a member that is .

Adds a claim based on the properties of this instance to the specified collection of claims.

An of type that contains the set of claims to add to. is .

Gets or sets the instant in time at which the subject was authenticated.

A that specifies the instant in time at which the subject was authenticated. Exception type Condition The property is set and the property is .

Gets or sets the method used to authenticate the subject.

The method used to authenticate the subject. The default value is . The property is set and the property is .

Gets additional information about the subject.

An of type that contains additional information about the subject.

Gets the type of security claim.

A that specifies the type of security claim. Always http://schemas.microsoft.com/mb/2005/09/ClaimType/SamlAuthentication.

Gets or sets the DNS domain name in which the computer that authenticated the subject resides.

The DNS domain name in which the computer that authenticated the subject resides. The property is set and the property is .

Gets or sets the IP address of the computer that authenticated the subject.

The IP address of the computer that authenticated the subject.

Gets a value that indicates whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, . The default is .

Causes this instance to be read-only.

Reads the SAML authentication statement from the specified XML reader.

A to read the SAML authentication statement. A that is capable of reading XML elements in the SAML authentication statement that is defined in the SAML specification. A that reads the clause of the digital signature. A that determines the security token that created the digital signature. is -or- is refers to an XML element that does not contain the and attributes. -or- refers to an XML element that does not have a child element.

Writes the SAML authentication statement into the specified XML serializer.

A to write the SAML authentication statement. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing clauses. is -or- is .

Specifies how to retrieve additional information about the subject of a security token.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified query types, protocol binding, and SAML authority location.

An that represents the type of queries that the SAML authority that has additional information about the subject responds to. A URI reference that identifies the SAML protocol binding to use when communicating with the SAML authority that has additional information about the subject. A URI reference that describes how to locate and communicate with the SAML authority that has additional information about the subject.

Gets or sets the type of queries that the SAML authority that has additional information about the subject, responds to.

An that represents the type of queries that the SAML authority that has additional information about the subject, responds to. The property is set and the property is . The property is set to .

Gets or sets the SAML protocol binding to use when communicating with the SAML authority that has additional information that has additional information about the subject.

A URI reference that identifies the SAML protocol binding to use when communicating with the SAML authority that has additional information that has additional information about the subject. The property is set and the property is . The property is set to .

Gets a value indicating whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, . The default is .

Gets or sets how to locate and communicate with the SAML authority that has additional information that has additional information about the subject.

A URI reference that describes how to locate and communicate with the SAML authority that has additional information about the subject. The property is set and the property is . The property is set to .

Causes this instance to be read-only.

Reads the element from the specified XML reader.

A to read the element. A that is capable of reading XML elements in the SAML assertion that are defined in the SAML specification. A that reads the clause of the digital signature. A that determines the security token that created the digital signature. is -or- is does not refer to a SAML assertion. -or- The element does not have one of the , , or attributes.

Writes the element into the specified XML serializer.

A to write the element. A that is capable of writing XML elements in the SAML assertion that is defined in the SAML specification. A that is capable of writing clauses. is -or- is

Represents a claim for a security token that asserts an authorization decision regarding access to a specific resource.

Initializes a new instance of the class using the specified resource the subject is seeking access to, the authorization decision regarding the resource, the action sought on the resource, and the XML namespace in which the action is defined.

The resource the subject is seeking access to. The authorization decision rendered by the SAML authority regarding the access to the resource by the subject. The action sought by the subject on the resource specified in the parameter. The XML namespace in which the action specified in the parameter is defined. or is or an empty string.

Gets the authorization decision rendered by the SAML authority regarding the access to the resource by the subject.

The authorization decision rendered by the SAML authority regarding the access to the resource by the subject.

Gets the action sought by the subject on the resource specified in the property.

The action sought by the subject on the resource specified in the property.

Gets the XML namespace in which the action specified in the property is defined.

The XML namespace in which the action specified in the property is defined.

Returns a value that indicates whether the instance is equal to the specified object.

An object to compare to this instance. if is a and has the same value as this instance; otherwise, .

Returns the hash code for the .

A hash code for the .

Gets the resource the subject is seeking access to.

A URI that represents the resource the subject is seeking access to.

Represents a claim for a security token that asserts that an authorization decision regarding access by the subject to the specified resource has been made.

Initializes a new instance of the class.

Initializes a new instance of the class. using the specified subject, resource, authorization decision, and the actions sought by the subject on the resource.

A that represents the subject of the claim. Sets the property. A URI reference that identifies the resource to which access is sought. Sets the property. A that specifies the authorization decision rendered by the SAML authority with respect to access by the subject to the specified resource. Sets the property. An of type that specifies the set of actions that the subject is authorized to perform on the resource. Sets the property. is . -or- contains a member that is . -or- is . contains a member that is . -or- is or empty.

Initializes a new instance of the class. using the specified subject, resource, authorization decision, and the actions sought by the subject on the resource.

A that represents the subject of the claim. Sets the property. A URI reference that identifies the resource to which access is sought. Sets the property. A that specifies the authorization decision rendered by the SAML authority with respect to access by the subject to the specified resource. Sets the property. An of type that specifies the set of actions that the subject is authorized to perform on the resource. Sets the property. A that contains a set of SAML assertions that the SAML authority relied on to render the authorization decision. Sets the property.

Gets or sets the authorization decision rendered by the SAML authority with respect to access by the subject to the specified resource.

One of the values that specify the authorization decision rendered by the SAML authority with respect to access by the subject to the specified resource. Exception type Condition The property is set and the property is .

Adds claims based on the properties of this instance to the specified collection of claims.

An of type that contains the set of claims to add to. is .

Gets the type of security claim.

The type of security claim. Always http://schemas.microsoft.com/mb/2005/09/ClaimType/SamlAuthorizationDecision.

Gets or sets the evidence that the SAML authority relied on to render the authorization decision.

A that contains a set of SAML assertions that the SAML authority relied on to render the authorization decision.

Gets a value that indicates whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, . The default is .

Causes this instance to be read-only.

Reads the SAML authorization statement from the specified XML reader.

A to read the SAML authorization statement. A that is capable of reading XML elements in the SAML authorization statement that is defined in the SAML specification. A that reads the clause of the digital signature. A that determines the security token that created the digital signature. is . -or- is . refers to an XML element that does not contain the and attributes. -or- refers to an XML element that does not have , , and child elements.

The resource to which access is sought by the subject of the security token.

A URI reference that identifies the resource to which access is sought.

Gets the set of actions that the subject is authorized to perform on the resource.

An of type that specifies the set of actions that the subject is authorized to perform on the resource.

Writes the SAML authorization statement into the specified XML serializer.

A to write the SAML authorization statement. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing clauses. is . -or- is .

Represents a condition that must be taken into account when assessing the validity of a SAML assertion.

Initializes a new instance of the class.

When overridden in a derived class, gets a value indicating whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, . The default is .

When overridden in a derived class, causes this instance to be read-only.

When overridden in a derived class, reads the condition from the specified XML reader.

A to read the condition. A that is capable of reading XML elements in the SAML authorization statement that is defined in the SAML specification. A that reads the clause of the digital signature. A that determines the security token that created the digital signature.

When overridden in a derived class, writes the condition into the specified XML serializer.

A to write the condition. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing clauses.

Represents a set of conditions that must be taken into account when assessing the validity of a SAML assertion.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified timeframe that the SAML assertion is valid.

A that specifies the earliest instant in time when the SAML assertion is valid. Sets the property. A that specifies the instant in time when the SAML assertion expires. Sets the property.

Initializes a new instance of the class using the specified timeframe and conditions when the SAML assertion is valid.

A that specifies the earliest instant in time when the SAML assertion is valid. Sets the property. A that specifies the instant in time when the SAML assertion expires. Sets the property. An of type that specifies a set of conditions that a recipient of a SAML assertion must take into account in assessing the validity of the assertion. Sets the property. contains a member that is .

Gets the set of conditions that must be taken into consideration when assessing the validity of a SAML assertion.

An of type that specifies a set of conditions that a recipient of a SAML assertion must take into account when assessing the validity of the assertion.

Gets a value that indicates whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, . The default is .

Causes this instance to be read-only.

Gets the earliest instant in time when the SAML assertion is valid.

A that specifies the earliest instant in time when the SAML assertion is valid.

Gets the instant in time when the SAML assertion expires.

A that specifies the instant in time when the SAML assertion expires.

Reads the element from the specified XML reader.

An to read the element. A that is capable of reading XML elements in the SAML authorization statement that is defined in the SAML specification. A that reads the clause of the digital signature. A that determines the security token that created the digital signature. is -or- is .

Writes the element into the specified XML serializer.

A to write the element. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing clauses. is -or- is .

Represents a set of constants that are used to set properties of a security token. This class cannot be inherited.

Gets the name of the attribute used to specify that the subject of a SAML assertion is specified as an email address. This field is constant.

The name of the attribute used to specify that the subject of a SAML assertion is specified as an email address. This field is constant.

Gets a URI that states the subject of a SAML assertion is specified as an email address. This field is constant.

A URI that states the subject of a SAML assertion is specified as an email address.

Gets a URI that specifies that the recipient of a SAML security token should use the element to confirm that the SOAP message was sent by the SAML assertion's subject. This field is constant.

A URI that specifies that the recipient of a security token should use the element to confirm that the SOAP message was sent by the SAML assertion's subject.

Gets the major version of the SAML specification that security tokens conform to. This field is constant.

The major version of the SAML specification that security tokens conform to. Always 1.

Gets the minor version of the SAML specification used by security tokens. This field is constant.

The minor version of the SAML specification. Always 1. The combination of the and properties comprises the version of the SAML specification that security tokens conform to.

Gets the XML namespace in which SAML assertions are defined. This field is constant.

The XML namespace in which SAML assertions are defined.

The SAML namespace prefix. This field is constant.

Gets a URI that specifies that additional information is not available for a recipient of a SAML security token to confirm that the SOAP message was sent by the SAML assertion's subject. This field is constant.

A URI that specifies that additional information is not available for a recipient of a SAML security token to confirm that the SOAP message was sent by the SAML assertion's subject.

Gets the name of the attribute used to specify that the subject of a SAML assertion is specified as a Windows domain account. This field is constant.

The name of the attribute used to specify that the subject of a SAML assertion is specified as a Windows domain account. This field is constant.

Gets a URI that states the subject of a SAML assertion is specified using a Windows domain account. This field is constant.

A URI that states the subject of a SAML assertion is specified using a Windows domain account.

Represents a condition that must be taken into account when assessing the validity of a SAML assertion.

Initializes a new instance of the class.

Gets a value indicating whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, . The default is .

Causes this instance to be read-only.

Reads the element from the specified XML reader.

A to read the . A that is capable of reading XML elements in the SAML authorization statement that is defined in the SAML specification. A that reads the clause of the digital signature. A that determines the security token that created the digital signature. is -or- is does not point to a element.

Writes the element into the specified XML serializer.

A to write the element. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing clauses. is -or- is

Represents the evidence used to render an authorization decision for a security token.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified set of SAML assertions.

An of type that contains the evidence that the SAML authority relied on to render the authorization decision. Sets the property. contains a member that is .

Initializes a new instance of the class using the specified set of SAML assertion references.

Initializes a new instance of the class using the specified set of SAML assertion references and SAML assertions.

An of type that contains an identifier for a SAML assertion that specifies the evidence that the SAML authority relied on to render the authorization decision. Sets the property. An of type that contains the evidence that the SAML authority relied on to render the authorization decision. Sets the property. contains a member that is or empty. -or- contains a member that is . -or- and are both .

Gets a collection of identifiers for SAML assertions that specify the evidence that the SAML authority relied on to render the authorization decision.

An of type that contains identifiers for SAML assertions that specify the evidence that the SAML authority relied on to render the authorization decision.

Gets the collection of SAML assertions that comprise the evidence that the SAML authority relied on to render the authorization decision.

An of type that contains the evidence that the SAML authority relied on to render the authorization decision.

Gets a value that indicates whether the properties of this instance are read-only.

if the properties of this instance are read-only; otherwise, . The default is .

Causes this instance to be read-only.

Reads the evidence from the specified XML reader.

A to read the evidence. A that is capable of reading XML elements in the SAML authorization statement that is defined in the SAML specification. A that reads the clause of the digital signature. A that determines the security token that created the digital signature. is . -or- is . refers to an XML element that does not have at least one or child element.

Writes the evidence into the specified XML serializer.

A to write the evidence. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing clauses. is . -or- is .

Represents a claim for a SAML security token that asserts the subject's name.

Initializes a new instance of the class using the specified name, the domain in which the name resides, and the format the name is in.

The subject name. Sets the property. The domain in which the parameter resides. Sets the property. A URI reference that represents the format that the parameter is in. Sets the property. is or is .

Returns a value that indicates whether the instance is equal to the specified object.

An object to compare to this instance. if is a and has the same value as this instance; otherwise, .

Gets a URI reference that represents the format that the subject name of a SAML security token is in.

A URI reference that represents the format that the subject name of a SAML security token is in.

Returns the hash code for the .

A hash code for the .

Gets the subject name of a SAML security token.

The subject name of a security token.

Gets the domain in which the subject name of a SAML security token resides in.

The domain in which the subject name of a SAML security token resides in.

This class is used when a SamlAssertion is received without a <ds:KeyInfo> element inside the signature element. The KeyInfo describes the key required to check the signature. When the key is needed this clause will be presented to the current . It will contain the SamlAssertion fully read which can be queried to determine the key required.

Initializes a new instance of the class.

The assertion that is currently being processed. Sets the value of the property.

Gets the SamlAssertion that is currently associated with this instance.

The SamlAssertion that is currently associated with this instance. Can be .

Represents a security token that is based upon a SAML assertion.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified SAML assertion.

A that represents the SAML assertion for this security token.

Gets the SAML assertion for this security token.

A that represents the SAML assertion for this security token.

Gets a value indicating whether this security token is capable of creating the specified key identifier.

A that specifies the key identifier to create. when is of type ; otherwise, .

Creates the specified key identifier clause.

A that specifies the key identifier to create. A that is a key identifier clause for a SAML security token. is not of type .

Gets a unique identifier of the security token.

The unique identifier of the security token.

Initializes the properties of the class using the specified SAML assertion.

A that represents the SAML assertion for this security token. is .