// helpers protected virtual void IssueServiceToken(SspiNegotiationTokenAuthenticatorState sspiState, ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies, out SecurityContextSecurityToken serviceToken, out WrappedKeySecurityToken proofToken, out int issuedKeySize) { UniqueId contextId = SecurityUtils.GenerateUniqueId(); string id = SecurityUtils.GenerateId(); if (sspiState.RequestedKeySize == 0) { issuedKeySize = SecurityAlgorithmSuite.DefaultSymmetricKeyLength; } else { issuedKeySize = sspiState.RequestedKeySize; } byte[] key = new byte[issuedKeySize / 8]; CryptoHelper.FillRandomBytes(key); DateTime effectiveTime = DateTime.UtcNow; DateTime expirationTime = TimeoutHelper.Add(effectiveTime, ServiceTokenLifetime); serviceToken = IssueSecurityContextToken(contextId, id, key, effectiveTime, expirationTime, authorizationPolicies, EncryptStateInServiceToken); proofToken = new WrappedKeySecurityToken(string.Empty, key, sspiState.SspiNegotiation); }