How to get RequestSecurityToken.AppliesTo from a custom SecurityTokenHandler

Question

I'm implementing a custom UserNameSecurityTokenHandler which validates a request token based on 3 things: username, password, and the AppliesTo value of a RequestSecurityToken. While the username and password values are available for me to use, I have found no way to get the AppliesTo value by the time the ValidateToken method is called. I couldn't find an extensible point where I can get that value before execution of the ValidateToken. Could anyway please tell me if it is possible to do so? Or what alternatives can I have? Thank you very much!

public override ClaimsIdentityCollection ValidateToken(SecurityToken token)
{
    UserNameSecurityToken userNameToken = token as UserNameSecurityToken;
    if (userNameToken == null)
    {
        throw new ArgumentException("The security token is not a valid username security token.", "token");
    }

    string userName = userNameToken.UserName;
    string password = userNameToken.Password;
    // Oops, how to get the AppliesTo value?
}

score 1 · Accepted Answer · answered Jun 04 '13 at 20:02

1

AppliesTo is part of the token request. Not the credentials. So I see no way of accessing it inside a token handler.

answered Jun 04 '13 at 20:02

leastprivilege

18,196
1
34
50

Thank you. I will need to change the design then. – Thuan Jun 07 '13 at 09:30

How to get RequestSecurityToken.AppliesTo from a custom SecurityTokenHandler

1 Answers1