protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
        {
            global::Common.Lib.Common.UsernameToken.UsernameToken usernameToken = token as global::Common.Lib.Common.UsernameToken.UsernameToken;

            // Note that we cannot authenticate the token w/o a password, so it must be retrieved from somewhere
            if (usernameToken.ValidateToken(_passwordProvider.RetrievePassword("User1")) != true)
            {
                throw new SecurityTokenValidationException("Token validation failed");
            }

            // add claims about user here
            DefaultClaimSet UserClaimSet = new DefaultClaimSet(new Claim(ClaimTypes.Name, usernameToken.UsernameInfo.Username, Rights.PossessProperty));

            List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1);

            policies.Add(new UserNameTokenAuthorizationPolicy(UserClaimSet));
            return(policies.AsReadOnly());
        }
Example #2
0
        protected override SecurityToken GetTokenCore(TimeSpan timeout)
        {
            SecurityToken result = new global::Common.Lib.Common.UsernameToken.UsernameToken(this._usernameInfo);

            return(result);
        }