/// <summary> /// Validates the token using the wrapped token handler and generates IAuthorizationPolicy /// wrapping the returned ClaimsIdentities. /// </summary> /// <param name="token">Token to be validated.</param> /// <returns>Read-only collection of IAuthorizationPolicy</returns> protected override ReadOnlyCollection <IAuthorizationPolicy> ValidateTokenCore(SecurityToken token) { ReadOnlyCollection <ClaimsIdentity> identities = null; try { identities = _wrappedX509SecurityTokenHandler.ValidateToken(token); } catch (Exception ex) { if (!_exceptionMapper.HandleSecurityTokenProcessingException(ex)) { throw; } } // tlsnego will dispose of the x509, when we write out the bootstrap we will get a dispose error. bool shouldSaveBootstrapContext = SecurityTokenHandlerConfiguration.DefaultSaveBootstrapContext; if (_wrappedX509SecurityTokenHandler.Configuration != null) { shouldSaveBootstrapContext = _wrappedX509SecurityTokenHandler.Configuration.SaveBootstrapContext; } if (shouldSaveBootstrapContext) { X509SecurityToken x509Token = token as X509SecurityToken; SecurityToken tokenToCache; if (x509Token != null) { tokenToCache = new X509SecurityToken(x509Token.Certificate); } else { tokenToCache = token; } BootstrapContext bootstrapContext = new BootstrapContext(tokenToCache, _wrappedX509SecurityTokenHandler); foreach (ClaimsIdentity identity in identities) { identity.BootstrapContext = bootstrapContext; } } List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1); policies.Add(new AuthorizationPolicy(identities)); return(policies.AsReadOnly()); }