protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token) { global::Common.Lib.Common.UsernameToken.UsernameToken usernameToken = token as global::Common.Lib.Common.UsernameToken.UsernameToken; // Note that we cannot authenticate the token w/o a password, so it must be retrieved from somewhere if (usernameToken.ValidateToken(_passwordProvider.RetrievePassword("User1")) != true) { throw new SecurityTokenValidationException("Token validation failed"); } // add claims about user here DefaultClaimSet UserClaimSet = new DefaultClaimSet(new Claim(ClaimTypes.Name, usernameToken.UsernameInfo.Username, Rights.PossessProperty)); List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1); policies.Add(new UserNameTokenAuthorizationPolicy(UserClaimSet)); return(policies.AsReadOnly()); }
protected override SecurityToken GetTokenCore(TimeSpan timeout) { SecurityToken result = new global::Common.Lib.Common.UsernameToken.UsernameToken(this._usernameInfo); return(result); }