protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
{
global::Common.Lib.Common.UsernameToken.UsernameToken usernameToken = token as global::Common.Lib.Common.UsernameToken.UsernameToken;
// Note that we cannot authenticate the token w/o a password, so it must be retrieved from somewhere
if (usernameToken.ValidateToken(_passwordProvider.RetrievePassword("User1")) != true)
{
throw new SecurityTokenValidationException("Token validation failed");
}
// add claims about user here
DefaultClaimSet UserClaimSet = new DefaultClaimSet(new Claim(ClaimTypes.Name, usernameToken.UsernameInfo.Username, Rights.PossessProperty));
List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1);
policies.Add(new UserNameTokenAuthorizationPolicy(UserClaimSet));
return(policies.AsReadOnly());
}
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
SecurityToken result = new global::Common.Lib.Common.UsernameToken.UsernameToken(this._usernameInfo);
return(result);
}