下面的代码说明如何为 X509SecurityTokenHandler 和 Saml11SecurityTokenHandler 创建自定义颁发者名称注册表。DBHelper.IsIssuerTokenValid 是用于验证颁发者令牌的帮助程序方法的占位符。
using Microsoft.IdentityModel.Tokens; using System.IdentityModel.Tokens;
class SampleIssuerNameRegistry : IssuerNameRegistry { // called by X509SecurityTokenHandler.Validate public override string GetIssuerName(SecurityToken securityToken) { if (!(securityToken is X509SecurityToken)) { throw new SecurityTokenValidationException("Invalid token."); }
X509SecurityToken x509Token = securityToken as X509SecurityToken;
// in the X509 case, the X509 token has no notion of issuer name bool issuerTokenValid = DBHelper.IsIssuerTokenValid(x509Token);
if (!issuerTokenValid) { throw new SecurityTokenValidationException("Untrusted issuer token."); }
return x509Token.Certificate.FriendlyName; }
// called by Saml11SecurityTokenHandler.Validate and Saml2SecurityTokenHandler.Validate public override string GetIssuerName(SecurityToken securityToken, string requestedIssuerName) { bool issuerTokenValid = DBHelper.IsIssuerTokenValid(securityToken);
if (!issuerTokenValid) { throw new SecurityTokenValidationException("Untrusted issuer token."); }
return requestedIssuerName; }
public override string GetWindowsIssuerName() { return "WINDOWS AUTHORITY"; }
}