protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
        {
            WindowsSspiNegotiation windowsNegotiation = (WindowsSspiNegotiation)sspiNegotiation;

            if (!windowsNegotiation.IsValidContext)
            {
                throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperWarning(new SecurityNegotiationException(System.ServiceModel.SR.GetString("InvalidSspiNegotiation")));
            }
            SecurityTraceRecordHelper.TraceServiceSpnego(windowsNegotiation);
            if (base.IsClientAnonymous)
            {
                return(System.ServiceModel.Security.EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance);
            }
            using (System.IdentityModel.SafeCloseHandle handle = windowsNegotiation.GetContextToken())
            {
                WindowsIdentity identity = new WindowsIdentity(handle.DangerousGetHandle(), windowsNegotiation.ProtocolName);
                System.ServiceModel.Security.SecurityUtils.ValidateAnonymityConstraint(identity, this.AllowUnauthenticatedCallers);
                List <IAuthorizationPolicy> list     = new List <IAuthorizationPolicy>(1);
                WindowsClaimSet             issuance = new WindowsClaimSet(identity, windowsNegotiation.ProtocolName, this.extractGroupsForWindowsAccounts, false);
                list.Add(new UnconditionalPolicy(issuance, TimeoutHelper.Add(DateTime.UtcNow, base.ServiceTokenLifetime)));
                return(list.AsReadOnly());
            }
        }