/// <summary>
        /// Deserializes the SecurityToken from the given XmlReader.
        /// </summary>
        /// <param name="reader">Reader to a Security token.</param>
        /// <param name="tokenResolver">Instance of SecurityTokenResolver.</param>
        /// <returns>'True' if the serializer can read the given Security Token.</returns>
        /// <exception cref="ArgumentNullException">The input parameter 'reader' is null.</exception>
        protected override SecurityToken ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver)
        {
            if (reader == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
            }

            try
            {
                foreach (SecurityTokenHandler securityTokenHandler in _securityTokenHandlers)
                {
                    if (securityTokenHandler.CanReadToken(reader))
                    {
                        SecurityToken        token        = securityTokenHandler.ReadToken(reader, tokenResolver);
                        SessionSecurityToken sessionToken = token as SessionSecurityToken;

                        if (sessionToken != null)
                        {
                            if (sessionToken.SecureConversationVersion.AbsoluteUri != _scVersion.Namespace.Value)
                            {
                                throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4053, sessionToken.SecureConversationVersion, _scVersion));
                            }

                            return(SecurityContextSecurityTokenHelper.ConvertSessionTokenToSecurityContextSecurityToken(sessionToken));
                        }
                        else
                        {
                            return(token);
                        }
                    }
                }

                return(base.ReadTokenCore(reader, tokenResolver));
            }
            catch (Exception ex)
            {
                if (!(MapExceptionsToSoapFaults && _exceptionMapper.HandleSecurityTokenProcessingException(ex)))
                {
                    throw;
                }
                Fx.Assert(false, "ExceptionMapper did not handle an exception correctly.");
                // This should never happen. ExceptionMapper will handle the exception, in which case,
                // a fault exception is thrown or the original exception gets thrown.
            }

            return(null);
        }
        /// <summary>
        /// Validates the token using the wrapped token handler and generates IAuthorizationPolicy
        /// wrapping the returned ClaimsIdentities.
        /// </summary>
        /// <param name="token">Token to be validated.</param>
        /// <returns>Read-only collection of IAuthorizationPolicy</returns>
        protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
        {
            ReadOnlyCollection <ClaimsIdentity> identities = null;

            try
            {
                identities = _wrappedX509SecurityTokenHandler.ValidateToken(token);
            }
            catch (Exception ex)
            {
                if (!_exceptionMapper.HandleSecurityTokenProcessingException(ex))
                {
                    throw;
                }
            }

            // tlsnego will dispose of the x509, when we write out the bootstrap we will get a dispose error.

            bool shouldSaveBootstrapContext = SecurityTokenHandlerConfiguration.DefaultSaveBootstrapContext;

            if (_wrappedX509SecurityTokenHandler.Configuration != null)
            {
                shouldSaveBootstrapContext = _wrappedX509SecurityTokenHandler.Configuration.SaveBootstrapContext;
            }

            if (shouldSaveBootstrapContext)
            {
                X509SecurityToken x509Token = token as X509SecurityToken;
                SecurityToken     tokenToCache;
                if (x509Token != null)
                {
                    tokenToCache = new X509SecurityToken(x509Token.Certificate);
                }
                else
                {
                    tokenToCache = token;
                }

                BootstrapContext bootstrapContext = new BootstrapContext(tokenToCache, _wrappedX509SecurityTokenHandler);
                foreach (ClaimsIdentity identity in identities)
                {
                    identity.BootstrapContext = bootstrapContext;
                }
            }

            List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1);

            policies.Add(new AuthorizationPolicy(identities));

            return(policies.AsReadOnly());
        }
        /// <summary>
        /// Validates the token using the wrapped token handler and generates IAuthorizationPolicy
        /// wrapping the returned ClaimsIdentities.
        /// </summary>
        /// <param name="token">Token to be validated. This is always a SecurityContextSecurityToken.</param>
        /// <returns>Read-only collection of IAuthorizationPolicy</returns>
        protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
        {
            SecurityContextSecurityToken sct          = token as SecurityContextSecurityToken;
            SessionSecurityToken         sessionToken = SecurityContextSecurityTokenHelper.ConvertSctToSessionToken(sct);
            IEnumerable <ClaimsIdentity> identities   = null;

            try
            {
                identities = _sessionTokenHandler.ValidateToken(sessionToken, _sctClaimsHandler.EndpointId);
            }
            catch (Exception ex)
            {
                if (!_exceptionMapper.HandleSecurityTokenProcessingException(ex))
                {
                    throw;
                }
            }

            return(new List <IAuthorizationPolicy>(new AuthorizationPolicy[] { new AuthorizationPolicy(identities) }).AsReadOnly());
        }
        protected sealed override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
        {
            IEnumerable <ClaimsIdentity> subjectCollection = null;

            try
            {
                subjectCollection = _securityTokenHandler.ValidateToken(token);
            }
            catch (Exception ex)
            {
                if (!_exceptionMapper.HandleSecurityTokenProcessingException(ex))
                {
                    throw;
                }
            }

            List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1);

            policies.Add(new AuthorizationPolicy(subjectCollection));
            return(policies.AsReadOnly());
        }
        /// <summary>
        /// Validates the token using the wrapped token handler and generates IAuthorizationPolicy
        /// wrapping the returned ClaimsIdentities.
        /// </summary>
        /// <param name="token">Token to be validated.</param>
        /// <returns>Read-only collection of IAuthorizationPolicy</returns>
        protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token)
        {
            ReadOnlyCollection <ClaimsIdentity> identities = null;

            try
            {
                identities = _wrappedUserNameSecurityTokenHandler.ValidateToken(token);
            }
            catch (Exception ex)
            {
                if (!_exceptionMapper.HandleSecurityTokenProcessingException(ex))
                {
                    throw;
                }
            }

            List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1);

            policies.Add(new AuthorizationPolicy(identities));

            return(policies.AsReadOnly());
        }