System.IdentityModel

Represents a claim that is associated with an entity.

Initializes a new instance of the class with the specified type, resource, and right.

A uniform resource identifier (URI) that represents a claim type. The object with which the new claim is associated. The URI of the right associated with the claim. is null.-or- is null. is zero length.-or- is zero length. 2

Gets the type of the claim.

A URI that represents the type of the claim.

Creates a object that represents a deny-only specified security identifier (SID).

A that represents the SID specified in the parameter. A that represents the deny-only SID. is null. 2

Creates a object that represents the specified Domain Name System (DNS) name.

The object this method creates. The DNS name of the entity associated with the claim. This parameter must not be null. If this parameter is null, this method throws a exception. The parameter is null. 2

Creates a object that represents the specified hash value.

The object this method creates. An array of byte values that specifies a hash value. This parameter must not be null. If this parameter is null, this method throws a exception. The parameter is null. 2

Creates a object that represents the specified email address.

The object this method creates. A that specifies the email address this claim represents. This parameter must not be null. If this parameter is null, this method throws an exception. The parameter is null. 2

Creates a object that represents the specified name.

The object this method creates. The name of the entity associated with the claim. This parameter must not be null. If this parameter is null, this method throws an exception. The parameter is null. 2

Creates a object that represents the specified RSA key.

The object this method creates. An object that represents an RSA cryptographic key. This parameter must not be null. If this parameter is null, this method throws an exception. The parameter is null. 2

Creates a object that represents the specified Service Principal Name (SPN).

The object this method creates. The SPN of the entity associated with this claim. This parameter must not be null. If this parameter is null, this method throws an exception. The parameter is null. 2

Creates a object that represents the specified thumbprint.

The object this method creates. An array of byte values that specifies the thumbprint of the entity associated with the claim. This parameter must not be null. If this parameter is null, this method throws an exception. The parameter is null. 2

Creates a object that represents the specified Universal Principal Name (UPN).

The object this method creates. The UPN of the entity associated with this claim. This parameter must not be null. If this parameter is null, this method throws an exception. The parameter is null. 2

Creates a object that represents the specified Uniform Resource Locator (URL).

The object this method creates. A that represents the URL of the entity associated with this claim. This parameter must not be null. If this parameter is null, this method throws an exception. The parameter is null. 2

Creates a object that represents the specified security identifier (SID).

A that represents the SID specified in the parameter. A that represents the SID. is null. 2

Creates a object that represents the specified X.500 distinguished name.

The object this method creates. A that specifies the X.500 distinguished name of the entity associated with the claim. This parameter must not be null. If this parameter is null, this method throws an exception. The parameter is null. 2

Gets an object that can compare two objects for equality.

A interface implementation that compares two objects. 2

Determines whether the specified object represents the same claim as the current object.

true if represents the same claim as the current ; otherwise false. The object to compare with the current . 2

Returns a hash code for the current claim.

The hash code for the claim. 2

Gets the resource with which this object is associated.

The resource with which this object is associated.

A string representation of a uniform resource identifier (URI) that specifies the right associated with this object. Pre-defined rights are available as static properties of the class.

A URI that specifies the right associated with this object.

A pre-defined claim that represents the system entity.

A object that represents the system entity. This object has the property values shown in the following table.PropertyValueSystem 2

Returns a string representation of this object.

This object. 2

Represents the collection of claims that are associated with an entity.

Initializes a new instance of the class.

Determines whether the contains the specified .

true if the specified claim is contained in the ; otherwise false. The for which to search.

Determines whether the contains the specified , by using the specified object.

true if the specified claim is contained in the ; otherwise false. The for which to search. The object used to make the comparison.

When overridden in a derived class, gets the number of claims in this claim set.

The number of claims in this .

When overridden in a derived class, searches for a object that matches the specified claim type and rights in the .

A of type that enables you to enumerate the claims that matches the specified criteria. The uniform resource identifier (URI) of a claim type. Several claim types are available as static properties of the class. The URI of the right associated with the new claim. Several rights are available as static properties of the class.

When overridden in a derived class, gets a that can be used to enumerate the object in the .

A that can be used to enumerate the object in the . 2

When overridden in a derived class, gets the entity that issued this .

The object that issued this object.

When overridden in a derived class, gets the for the specified index.

The at the specified index. The index of the claim to be retrieved.

Gets a object that represents an application trusted issuer.

The system object. 2

Gets an that can be used to enumerate the object in the .

A that can be used to enumerate the object in the .

Gets a set of claims that contains Windows security identifiers.

A that contains at least one claim of type . 2

Represents the pre-defined types of claims that an entity can claim. This class cannot be inherited.

Gets the URI for a claim that specifies the anonymous user.

The URI for a claim that specifies the anonymous user.

Gets the URI for a claim that specifies details about whether an identity is authenticated.

The URI for a claim that specifies details about whether an identity is authenticated.

Gets the URI for a claim that specifies an authorization decision on an entity.

The URI for a claim that specifies an authorization decision on an entity.

Gets the URI for a claim that specifies the country/region in which an entity resides.

The URI for a claim that specifies a country/region in which an entity resides.

Gets the URI for a claim that specifies the date of birth of an entity.

The URI for a claim that specifies the date of birth of an entity.

Gets the URI for a claim that specifies a deny-only security identifier (SID) for an entity.

The URI for a claim that specifies a deny-only SID for an entity.

Gets the URI for a claim that specifies the DNS name associated with the computer name or with the alternative name of either the subject or issuer of an X.509 certificate.

The URI for a claim that specifies the DNS name associated with the computer name or with the alternative name of either the subject or issuer of an X.509 certificate.

Gets the URI for a claim that specifies the email address of an entity.

The URI for a claim that specifies the email address of an entity.

Gets the URI for a claim that specifies the gender of an entity.

The URI for a claim that specifies the gender of an entity.

Gets the URI for a claim that specifies the given name of an entity.

The URI for a claim that specifies the given name of an entity.

Gets the URI for a claim that specifies a hash value.

The URI for a claim that specifies a hash value.

Gets the URI for a claim that specifies the home phone number of an entity.

The URI for a claim that specifies the home phone number of an entity.

Gets the URI for a claim that specifies the locale in which an entity resides.

The URI for a claim that specifies the locale in which an entity resides.

Gets the URI for a claim that specifies the mobile phone number of an entity.

The URI for a claim that specifies the mobile phone number of an entity.

Gets the URI for a claim that specifies the name of an entity.

The URI for a claim that specifies the name of an entity.

Gets the URI for a claim that specifies the name of an entity.

The URI for a claim that specifies the name of an entity.

Gets the URI for a claim that specifies the alternative phone number of an entity.

The URI for a claim that specifies the alternative phone number of an entity.

Gets the URI for a claim that specifies the postal code of an entity.

The URI for a claim that specifies the postal code of an entity.

Gets the URI for a claim that specifies the private personal identifier (PPI) of an entity.

The URI for a claim that specifies the private personal identifier (PPI) of an entity.

Gets the URI for a claim that specifies an RSA key.

The URI for a claim that specifies an RSA key.

Gets the URI for a claim that specifies a security identifier (SID).

The URI for a claim that specifies a security identifier (SID).

Gets the URI for a claim that specifies a service principal name (SPN) claim.

The URI for a claim that specifies a service principal name (SPN) claim.

Gets the URI for a claim that specifies the state or province in which an entity resides.

The URI for a claim that specifies the state or province in which an entity resides.

Gets the URI for a claim that specifies the street address of an entity.

The URI for a claim that specifies the street address of an entity.

Gets the URI for a claim that specifies the surname of an entity.

The URI for a claim that specifies the surname of an entity.

Gets the URI for a claim that identifies the system entity.

The URI for a claim that identifies the system entity.

Gets the URI for a claim that specifies a thumbprint.

The URI for a claim that specifies a thumbprint.

Gets the URI for a claim that specifies a user principal name (UPN).

The URI for a claim that specifies UPN.

Gets the URI for a claim that specifies a URI.

The URI for a claim that specifies a URI.

Gets the URI for a claim that specifies the Web page of an entity.

The URI for a claim that specifies the Web page of an entity.

Gets the string that contains the URI for a distinguished name claim of an X.509 certificate.

The URI for a distinguished name claim of an X.509 certificate.

Provides a default implementation of the class.

Initializes a new instance of the class, using the specified claims.

An of type that contains the claims to add to this claim set. is null. 2

Initializes a new instance of the class, using the specified claims.

An array of that represents the claims to be added to this claim set. is null. 2

Initializes a new instance of the class, using the specified claims.

A object that specifies the issuer of the specified in the parameter. An of type that contains the claims to add to this claim set. is null.-or- is null. 2

Initializes a new instance of the class, using the specified claims.

A object that specifies the issuer of the specified in the parameter. An array of that represents the claims to be added to this claim set. is null.-or- is null. 2

Determines whether the specified claim is contained within this claim set.

true if the claim is contained in this claim set; otherwise false. The to determine whether it exists in this collection. is null. 2

Gets the number of objects in this claim set.

The number of objects in this claim set. 2

Searches for the object that matches the specified claim type and rights in the .

An of type that enables you to enumerate the claims that match the specified criteria. The uniform resource identifier (URI) of a claim type. Several claim types are available as static properties of the class. The URI of the right associated with the new claim. Several rights are available as static properties of the class. 2

Gets an that can be used to enumerate the object in the .

An that can be used to enumerate the object in the . 2

Initializes an instance of the class, using the specified claims.

The object that issued the specified in the parameter. The set of objects to be included in this claim set. is null.-or- is null.

Gets the object that issued this claim set.

The object that issued this claim set. 2

Gets the for the specified index.

The specified by the index. The index of the claim to be retrieved.

Returns this object.

This object. 2

Defines the pre-defined types of rights that can be associated with a object.

Gets a string that specifies that the right represents an identity.

The right that represents an identity.

Gets a string that specifies that the right represents a property that the entity associated with a claim possesses.

The right that represents a property that the entity associated with a object possesses.

Represents a collection of Windows claims that are associated with an entity.

Initializes a new instance of the class by using the Windows user identity specified by the object.

A that specifies the Windows identity. 2

Initializes a new instance of the class by using the Windows user identity specified by the object.

A that specifies the Windows identity. true to include the claims representing the Windows groups to which this user belongs; otherwise, false. 2

Initializes a new instance of the class by using the Windows user identity specified by the object.

A that specifies the Windows identity. true to include the Windows groups to which this user belongs; otherwise, false. A that specifies the expiration time for the claim set. 2

Initializes a new instance of the class by using the Windows user identity specified by the object.

A that specifies the Windows identity. A that specifies the expiration time for the claim set. 2

Gets the number of claims in this collection.

The number of claims in this collection. 2

Releases all resources used by the .

Gets the expiration time for this .

The in which this expires. 2

Searches for the claim that matches the specified claim type and rights in the .

A System.Collections.Generic.IEnumerable<Claim> object that enables you to enumerate the claims that match the specified criteria. The uniform resource identifier (URI) of a claim type. The URI of the right associated with the new claim. 2

Gets an that can be used to enumerate the Windows claims in the .

An that can be used to enumerate the Windows claims in the . 2

Gets the issuer for this .

A that represents the issuer of this claim set. 2

Gets the claim for the specified index.

The claim for the specified index. The index of the Windows claim to be retrieved.

Returns this object.

This object. 2

Gets the Windows identity for this claim set.

The for this claim set. 2

Represents a collection of claims extracted from an X.509 certificate that are associated with an entity.

Initializes a new instance of the class by using the specified X.509 certificate.

The X.509 certificate that is added to the claim set. 2

Gets the number of X.509 certificate claims in this object.

The number of X.509 certificate claims in this object. 2

Releases all resources used by the .

Gets the expiration time for this .

The expiration time for this . 2

Searches for the claim that matches the specified claim type and rights in the .

Gets an that can be used to enumerate the Windows claims in the .

An that can be used to enumerate the Windows claims in the . 2

Gets the issuer for this .

The issuer for this . 2

Gets the claim for the specified index.

The claim for the specified index. The index of the claim to be retrieved.

Gets the number of X.509 certificate claims in this object.

The number of X.509 certificate claims in this object. 2

Gets the X.509 certificate associated with this claim set.

The X.509 certificate associated with this claim set. 2

The result of evaluating all authorization policies available from the tokens in the sent message and by calling the method.

Initializes a new instance of the class.

Gets the set of claims associated with an authorization policy.

A of type that contains the set of claims.

Evaluate all of the specified authorization policies and create an .

An that contains the result of evaluating all the specified authorization policies. An of that contains the set of authorization policies. 2

Gets the date and time at which this object is no longer valid.

A value that indicates the date and time when this object is no longer valid.

Gets a unique identifier for this object.

A object.

Gets a collection of non-claim properties associated with this object.

A that specifies a collection of non-claim properties.

When overridden in a derived class, represents the results of the authorization policies that have been evaluated.

Initializes a new instance of the class.

Adds a set of claims to the evaluation context.

An that represents the authorization policy that is adding claims to the evaluation context. A that contains a set of claims. 2

Gets a read-only collection of objects that contains the claims added by authorization policies that have been evaluated.

A objects that contains the claims added by authorization policies that have been evaluated. 2

Gets the number of times that claims have been added to the evaluation context.

The number of times that claims have been added to the evaluation context. 2

Gets a collection of non-claim properties associated with this .

A that specifies a collection of non-claim properties. 2

Sets the date and time at which this is no longer valid.

A value that indicates the date and time when this object is no longer valid. 2

Represents a component that is used to authorize users.

Gets a string that identifies this authorization component.

A string that identifies this authorization component. 2

Defines a set of rules for authorizing a user, given a set of claims.

Evaluates whether a user meets the requirements for this authorization policy.

false if the method for this authorization policy must be called if additional claims are added by other authorization policies to ; otherwise, true to state no additional evaluation is required by this authorization policy. An that contains the claim set that the authorization policy evaluates. A , passed by reference that represents the custom state for this authorization policy. 2

Gets a claim set that represents the issuer of the authorization policy.

A that represents the issuer of the authorization policy. 2

Authenticates a security token using a custom authentication scheme.

Initializes a new instance of the class using the specified validator.

A that authenticates the user name and password using a custom authentication scheme. is null. 2

Authenticates the specified user name and password and returns the set of authorization policies for security tokens.

A of type that contains the set of authorization policies in effect for this application. The user name associated with the security token. The password associated with the security token. is null. and combination are not valid.

Authenticates a security token.

Initializes a new instance of the class.

Initializes a new instance of the class by specifying whether the groups that the Windows user belongs to are obtained when the user is authenticated.

true to get the groups the Windows user belongs to; otherwise, false. 2

Gets a value that indicates whether the specified security token can be validated by this security token authenticator.

true when is a security token; otherwise, false. The to authenticate.

Represents a security token provider that provides security tokens for a SOAP message sender.

Initializes a new instance of the class using the specified service principal name.

The service principal name to get a security token for. is null. 2

Initializes a new instance of the class using the specified service principal name and whether a client allows a recipient of the security token to impersonate the client's credentials.

The service principal name to get a security token for. A that specifies the degree to which a recipient of the security token can act on behalf of the client. is not Identification or Impersonation. is null. 2

Initializes a new instance of the class using the specified service principal name, client identity, and whether a client allows a recipient of the security token to impersonate the client's credentials.

The service principal name to get a security token for. A that specifies the degree to which a recipient of the security token can act on behalf of the client process. A that represents the identity of the . is not Identification or Impersonation. is null. 2

Gets a security token.

The that represents the security token to get. A that specifies the timeout value for the message that gets the security token.

Gets the identity of the security token.

A that represents the identity of the . 2

Gets the service principal name of the security token to get.

The service principal name of the security token to get. 2

Gets a value that specifies the degree to which a recipient of the security token can act on behalf of the client.

A that specifies the degree to which a recipient of the security token can act on behalf of the client. 2

Authenticates a security token.

Initializes a new instance of the class.

Gets a value indicating whether the specified security token can be validated by this security token authenticator.

true when is a security token; otherwise, false. The to be validated.

Authenticates the specified security token and returns the set of authorization policies for the security token.

A of type that contains the set of authorization policies in effect for this application. The to be validated.

Authenticates a security token.

Initializes a new instance of the class using the specified set of authenticators.

An of that contains the authenticators to authenticate the issuer's security tokens. 2

Initializes a new instance of the class using the specified set of authenticators and the maximum allowable difference between the sender's and receiver's clocks.

An of that contains the authenticators to authenticate the issuer's security tokens. A that represents the maximum allowable difference between the sender's and receiver's clocks. 2

Gets a value that indicates whether the specified security token can be validated by this security token authenticator.

true when is a security token; otherwise, false. The to be validated.

Resolves the identity associated with the specified key identifier using the supporting security authenticators provided when the instance was created and returns it as a .

A that represents the identity of the specified key identifier. A to get the identity of. 2

Resolves the identity associated with the specified security token using the supporting token authenticators provided when the instance was created and returns it as a .

A that represents the identity of the specified security token. The to get the identity of. 2

Resolves the identity associated with the specified key identifier using the supporting security token authenticators provided when the instance was created and returns it as an .

An that represents the identity of the specified key identifier. A to get the identity of. 2

Resolves the identity associated with the specified security token using the supporting security token authenticators provided when the instance was created and returns it as an .

An that represents the identity of the specified security token. The to get the identity of. 2

Authenticates the specified security token and returns the set of authorization policies for the security token.

A of type that contains the set of authorization policies that result from the security token authentication. The to be validated.

Authenticates a security token.

Initializes a new instance of the class.

Gets a value indicating whether the specified security token can be validated by this security token authenticator.

true when token can be validated; otherwise, false. The to be validated. is null. 2

When overridden in a derived class, gets a value indicating whether the specified security token can be validated by this security token authenticator.

true when can be validated; otherwise, false. The to be validated.

Authenticates the specified security token and returns the set of authorization policies for the security token.

A of type that contains the set of authorization policies in effect for this application. The to be validated. is null. cannot be authenticated by this security token authenticator-or- is not authenticated. 2

When overridden in a derived class, authenticates the specified security token and returns the set of authorization policies for the security token.

A of type that contains the set of authorization policies in effect for this application. The to be validated.

Represents a security token manager that specifies how security tokens are provided, authenticated, and serialized.

Initializes a new instance of the class.

Gets a security token authenticator that meets the specified security token requirements.

A that authenticates security tokens in incoming SOAP messages that meet the specified requirements. A that specifies the security token requirements. A that determines the security token that matches the specified security token requirements. 2

Gets a security token provider that meets the specified security token requirements.

A that provides security tokens that meet the specified requirements for outgoing SOAP messages. A that specifies the security token requirements. 2

Gets an XML serializer that can serialize security tokens in the specified version of the WS-* specifications.

A to serialize the security tokens. A that specifies the WS-* specification versions that security tokens adhere to. 2

Represents a security token provider that handles security tokens for a SOAP message sender.

Initializes a new instance of the class.

Begins an asynchronous operation to cancel a security token.

The that references the asynchronous cancel operation. A that specifies the timeout value for the message that cancels the security token. The to cancel. The delegate that receives notification of the completion of the asynchronous close operation. An object, specified by the application, that contains state information associated with the asynchronous close operation. 2

Begins an asynchronous operation to cancel a security token.

Begins an asynchronous operation to get a security token.

The that references the asynchronous close operation. A that specifies the timeout value for the message that gets the security token. The delegate that receives notification of the completion of the asynchronous close operation. An object, specified by the application, that contains state information associated with the asynchronous close operation. 2

Begins an asynchronous operation to get a security token.

The that references the asynchronous operation. A that specifies the timeout value for the message that gets the security token. The delegate that receives notification of the completion of the asynchronous close operation. An object, specified by the application, that contains state information associated with the asynchronous close operation.

Begins an asynchronous operation that renews a security token.

The that references the asynchronous operation. A that specifies the timeout value for the message that renews the security token. The to renew. The delegate that receives notification of the completion of the asynchronous close operation. An object, specified by the application, that contains state information associated with the asynchronous close operation. 2

Begins an asynchronous operation that renews a security token.

Cancels a security token.

A that specifies the timeout value for the message that cancels the security token. The to cancel. 2

Cancels a security token.

A that specifies the timeout value for the message that cancels the security token. The to cancel.

Completes an asynchronous operation to cancel a security token.

The that is returned by a call to the method. 2

Completes an asynchronous operation to cancel a security token.

The that is returned by a call to the method.

Completes an asynchronous operation to get a security token.

The that represents the security token. The that is returned by a call to the method. 2

Completes an asynchronous operation to get a security token.

The that represents the security token. The that is returned by a call to the method.

Completes an asynchronous operation to renew a security token.

The that represents the security token that is renewed. The that is returned by a call to the method. 2

Completes an asynchronous operation to renew the security token.

The that represents the security token that is renewed. The that is returned by a call to the method.

Gets a security token.

The that represents the security token to get. A that specifies the timeout value for the message that gets the security token. 2

Gets a security token.

The that represents the security token to get. A that specifies the timeout value for the message that gets the security token.

Renews a security token.

The that represents the security token that is renewed. A that specifies the timeout value for the message that renews the security token. The to renew. 2

Renews a security token.

The that represents the security token that is renewed. A that specifies the timeout value for the message that renews the security token. The to renew.

Gets a value that indicates whether the security token can be cancelled.

true if the security token can be cancelled; otherwise, false. The default is false. 2

Gets a value that indicates whether the security token is renewable.

true if the security token can be renewed; otherwise, false. The default is false. 2

Specifies security token requirements.

Initializes a new instance of the class.

Gets the specified property for the current instance.

The value of the property to get. The name of the property to get. The type of the property to get. is null. 2

Gets or sets the required size of the key associated with a security token.

The size of the key, in bits, associated with a security token. The default value is 0. The property is set to a value less than 0. 2

Gets a value that specifies the name of the index in the collection for the property.

The name of the index in the collection for the property. 2

Gets or sets the type of key (asymmetric or symmetric) associated with a security token.

A that specifies the type of key (asymmetric or symmetric) associated with a security token. The default value is SymmetricKey. 2

Gets a value that specifies the name of the index in the collection for the property.

The name of the index in the collection for the property. 2

Gets or sets a value that specifies how the key associated with a security token can be used.

A that specifies how the key associated with a security token can be used. The default value is . 2

Gets a value that specifies the name of the index in the collection for the property.

The name of the index in the collection for the property. 2

Gets the name of the index in the collection for a property that specifies the peer authentication method.

The name of the index in the collection for a property that specifies the peer authentication method. 2

Gets a collection of the non-static properties for the current instance.

An that contains a collection of the non-static properties for the current instance. 2

Gets or sets a value that indicates whether the security token must be capable of performing cryptographic operations, such as encryption.

true if the security token must be capable of performing cryptographic operations; otherwise, false. The default is false. 2

Gets the name of the index in the collection for the property.

The name of the index in the collection for the property. 2

Gets or sets the required security token type.

The required security token type. 2

Gets a value that specifies the name of the index in the collection for the property.

The name of the index in the collection for the property. 2

Gets the specified property for the current instance.

true if the property contains a property value for the property specified in the property; otherwise, false. The name of the property to get. The value of the property specified in the property. The type of property to return in the parameter. A properties exists with the name specified in the parameter, but it is not of the same type that is specified in the parameter. 2

Represents a utility class that can retrieve security tokens or keys when you have a key identifier or key identifier clause.

Initializes a new instance of the class.

Creates a default security token resolver for the specified security tokens.

A that resolves key identifiers and clauses that match the security tokens specified in the parameter. A of type that contains the set of security tokens for which this security token resolver can resolve key identifiers and key identifier clauses to. true to resolve the <SecurityTokenReference> key identifier clauses that reference a security key that is located somewhere else in the SOAP message; otherwise, false. 2

Obtains the key that is referenced in the specified key identifier clause.

A that is the key referenced in the specified key identifier clause. A to retrieve the key for. is null. A key could not be retrieved for the key identifier clause specified in the parameter. 2

Retrieves a security token that matches one of the security key identifier clauses contained within the specified key identifier.

A that represents the specified key identifier. The to create a security token for. is null. A security token cannot be created for the specified key identifier. 2

Retrieves the security token that matches the specified key identifier clause.

A that represents the specified key identifier clause. The to create a security token for. 2

Attempts to retrieve the key that is referenced in the specified key identifier clause.

true when a key can be retrieved for the specified key identifier clause; otherwise, false. A to retrieve the key for. When this method returns, contains a that contains the key that is referenced in the specified key identifier clause. This parameter is passed uninitialized. is null. 2

Attempts to retrieve the key that is referenced in the specified key identifier clause.

Attempts to retrieve the security token that matches one of the key identifier clauses contained within the specified key identifier.

true when a security token can be retrieved for the specified key identifier; otherwise, false. The to create a security token for. When this method returns, contains a that represents the specified key identifier. This parameter is passed uninitialized. is null. 2

Attempts to retrieve the security token that matches the specified key identifier clause.

true when a security token can be retrieved for the specified key identifier clause; otherwise, false. The to create a security token for. When this method returns, contains a that represents the specified key identifier clause. This parameter is passed uninitialized. is null. 2

When overridden in a derived class, attempts to retrieve the security token that matches at least one of the key identifier clauses contained within the specified key identifier.

When overridden in a derived class, attempts to resolve the security token that matches the specified key identifier clause.

Represents a class that can read and write key identifiers, key identifier clauses, and security tokens.

Initializes a new instance of the class.

Determines whether this serializer can read the <KeyIdentifier> element referred to by the specified XML reader.

true when the specified <KeyIdentifier> XML element can be read; otherwise, false. An to read the key identifier. is null. 2

Determines whether this serializer can read a clause in a <KeyIdentifier> element referred to by the specified XML reader.

true when the specified key identifier clause can be read; otherwise, false. An to read the key identifier clause. is null. 2

Determines whether this serializer can read the <KeyIdentifier> element referred to by the specified XML reader. Called by the base class.

true when the specified <KeyIdentifier> element can be read; otherwise, false. An to read the key identifier clause. is null.

Determines whether this serializer can read the <KeyIdentifier> element referred to by the specified XML reader. Called by the base class.

true when the specified key identifier clause can be read; otherwise, false. An to read the key identifier. is null.

Determines whether this serializer can read the security token pointed at by the specified XML reader.

true when the security token can be read; otherwise, false. An to read the security token. is null. 2

Determines whether this serializer can read the security token pointed at by the specified XML reader. Called by the base class.

true when the security token can be read; otherwise, false. An to read the security token. is null.

Determines whether this serializer can write the specified key identifier.

true when this serializer can write the specified key identifier; otherwise, false. A that represents the key identifier to write. is null. 2

Determines whether this serializer can write the specified key identifier clause.

true when this serializer can write the specified key identifier clause; otherwise, false. A that represents the key identifier clause to write. is null. 2

Determines whether this serializer can write the specified key identifier clause. Called by the base class.

true when this serializer can write the specified key identifier clause; otherwise, false. A that represents the key identifier clause to write. is null.

Determines whether this serializer can write the specified key identifier. Called by the base class.

true when this serializer can write the specified key identifier; otherwise, false. A that represents the key identifier to write. is null.

Determines whether this serializer can write the specified security token to XML.

true when the security token can be written; otherwise, false. The to convert to XML. is null. 2

Determines whether this serializer can write the specified security token to XML. Called by the base class.

true when the security token can be written; otherwise, false. The to convert to XML. is null.

Reads the key identifier using specified XML reader.

A that represents the key identifier that is read. An to read the key identifier. is null. 2

Reads the key identifier clause using specified XML reader.

A that represents the key identifier that is read. An to read the key identifier. is null. 2

Reads the key identifier clause using specified XML reader. Called by the base class.

A that represents the key identifier that is read. An to read the key identifier. is null.

Reads the key identifier clause using specified XML reader. Called by the base class.

A that represents the key identifier that is read. An to read the key identifier. is null.

Reads the security token pointed at by the specified XML reader.

A that represents the security token that is read. An to read the security token. A that determines the security token type. is null.-or- is null. 2

Reads the security token pointed at by the specified XML reader. Called by the base class.

A that represents the security token that is read. An to read the security token. A that determines the security token type. is null.-or- is null.

Writes the specified key identifier using the specified XML writer.

A to write the key identifier. A that represents the key identifier to write. is null.-or- is null. 2

Writes the specified key identifier clause using the specified XML writer.

A to write the key identifier clause. A that represents the key identifier clause to write. is null.-or- is null. 2

Writes the specified key identifier clause using the specified XML writer. Called by the base class.

A to write the key identifier clause. A that represents the key identifier clause to write. is null.-or- is null.

Writes the specified key identifier using the specified XML writer. Called by the base class.

A to write the key identifier. A that represents the key identifier to write. is null.-or- is null.

Writes the specified security token using the specified XML writer.

A to write the security token. A that represents the security token to write. is null.-or- is null. 2

Writes the specified security token using the specified XML writer. Called by the base class.

A to write the security token. A that represents the security token to write. is null.-or- is null.

Represents the specifications, such as the WS-*specifications, that security tokens are defined in.

Initializes a new instance of the class.

Gets the collection of supported security specifications.

A of type that contains the set of supported security specifications. 2

Validates a username and password.

Initializes a new instance of the class.

Gets an instance of a that validates a username and password using the specified membership provider.

An that validates a username and password using . A to validate the username and password. 2

Gets a validator that performs no validation on the username and password. As a result, the username and password are always deemed valid.

An that performs no validation on the username and password.

When overridden in a derived class, validates the specified username and password.

The username to validate. The password to validate.

Authenticates a security token.

Initializes a new instance of the class.

Gets a value indicating whether the specified security token can be validated by this security token authenticator.

true when is a security token; otherwise, false. The to be validated.

Authenticates the specified security token and returns the set of authorization policies for the security token.

A of type that contains the set of authorization policies in effect for this application. The to be validated.

When overridden in a derived class, authenticates the specified user name and password and returns the set of authorization policies for security tokens.

A of type that contains the set of authorization policies in effect for this application. The user name associated with the security token. The password associated with the security token.

Represents a security token provider that provides security tokens for a SOAP message sender.

Initializes a new instance of the class using the specified username and password.

The username to get security token for. The password of the user to get a security token for. 2

Gets a security token based on the username and password specified in the constructor.

The that represents the security token to get. A that specifies the timeout value for the message that gets the security token.

Uses Windows authentication to authenticate the security token.

Initializes a new instance of the class.

Initializes a new instance of the class by specifying whether the groups that the Windows user belongs to are added to the property when the user is authenticated.

true to get the groups the Windows user belongs to; otherwise, false. 2

Gets a value indicating whether the specified security token can be validated by this security token authenticator.

true when is a security token; otherwise, false. The to be validated.

Authenticates the specified security token and returns the set of authorization policies for the security token.

A of type that contains the set of authorization policies in effect for this application. The to be validated.

Uses Windows authentication to authenticate the user name and password in a security token.

Initializes a new instance of the class

Initializes a new instance of the class by specifying whether the claims that identify the Windows groups that a user belongs to are initially added to the property when the user is authenticated.

true to get the groups the Windows user belongs to; otherwise, false. 2

Authenticates the specified user name and password and returns the set of authorization policies for security tokens.

Validates an X.509 certificate.

Initializes a new instance of the class.

Gets a validator that validates the X.509 certificate using a trust chain.

A that validates the X.509 certificate using a trust chain.

Gets a validator that verifies the X.509 certificate by specifying the context and chain policy that is used to build and verify a trust chain.

A that validates the X.509 certificate using a trust chain. true to use the machine context; false to use the current user context. An that specifies the policy used to build and verify the trust chain. 2

Gets a validator that verifies the certificate is in the TrustedPeople certificate store or by specifying the context and chain policy that is used to build a certificate trust chain. The certificate is trusted if it passes either verification method.

A that verifies the certificate is in the TrustedPeople certificate store or by building a certificate trust chain. true to use the machine context; false to use the current user context. An that specifies the policy used to build the trust chain. 2

Gets a validator that performs no validation on an X.509 certificate. As a result, an X.509 certificate is always considered to be valid.

A that performs no validation on the X.509 certificate.

Gets a validator that verifies the certificate is in the TrustedPeople certificate store or by building a certificate trust chain. The certificate is trusted if it passes either verification method.

A that verifies the certificate is in the TrustedPeople certificate store or by building a certificate trust chain.

Gets a validator that verifies the certificate is in the TrustedPeople certificate store

A that verifies the certificate is in the TrustedPeople certificate store.

When overridden in a derived class, validates the X.509 certificate.

The that represents the X.509 certificate to validate.

Authenticates an .

Initializes a new instance of the class.

Initializes a new instance of the class using the specified certificate validator.

A that verifies that the certificate is valid. 2

Initializes a new instance of the class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity.

A that verifies that the certificate is valid. true to map the identity of the certificate to a Windows identity; otherwise, false. 2

Initializes a new instance of the class using the specified certificate validation method and indicates whether the identity of the certificate is mapped to a Windows identity and the Windows groups the user belongs to.

A that verifies that the certificate is valid. true to map the identity of the certificate to a Windows identity; otherwise, false. true to include the groups the Windows user belongs to in the property that is constructed throughout the authentication process; otherwise, false. 2

Gets a value that indicates whether the specified security token can be validated by this security token authenticator.

true when is a security token or a class that derives from ; otherwise, false. The to be validated.

Gets a value that indicates whether to map the X.509 certificate to a Windows account.

true to map the X.509 certificate to a Windows account; otherwise, false. 2

Authenticates the specified security token and returns the set of authorization policies for the security token.

A of type that contains the set of authorization policies in effect for this application. The to be validated.

Represents a security token provider that provides security tokens for a SOAP message sender.

Initializes a new instance of the class by getting an X.509 certificate from the specified certificate store criteria.

One of the values that specifies the certificate store location. One of the values that specifies the certificate store name. One of the values that specifies how to search the certificate store. The value used to find the X.509 certificate in the certificate store. is null. No certificates match the specified criteria.-or-More than one certificate matches the specified criteria. 2

Initializes a new instance of the class using the specified X.509 certificate.

The to get a security token for. is null. 2

Gets the X.509 certificate associated with the security token.

Gets an that represents the X.509 certificate of a security token. 2

Releases all resources used by the .

Gets a security token using the X.509 certificate specified in the constructor.

The that represents the security token to get. A that specifies the timeout value for the message that gets the security token.

Specifies whether the security token's should be validated.

Never.

Always.

Only when the security token's key is of type BearerKey and there are no proof of possession keys in the security token.

A helper class for the class that verifies that the property is set to a valid value.

Gets a value that indicates whether the value of the specified is valid.

true when the is , , or ; otherwise, false. The to verify its validity.

Gets the set of target URIs for which the security token can be targeted for to be considered valid by this instance.

An of type that contains the target URIs for which the security token can be targeted for to be considered valid by this security token authenticator.

Gets or sets an that specifies whether the security token's should be validated.

An that specifies whether the security token's should be validated.

Validates that the security token was intended for this Web service.

true if the property of the parameter is in the collection; otherwise, false. A that specifies the set of target Web services for which the security token is intended.

Base class for asymmetric keys.

Initializes a new instance of the class.

When overridden in a derived class, gets the specified asymmetric cryptographic algorithm.

An that represents the specified asymmetric cryptographic algorithm.Typically, true is passed into the parameter, as a private key is typically required for decryption. The asymmetric algorithm to create. true when a private key is required to create the algorithm; otherwise, false. 2

When overridden in a derived class, gets a cryptographic algorithm that generates a hash for a digital signature.

A that generates hashes for digital signatures. The hash algorithm. 2

When overridden in a derived class, gets the deformatter algorithm for the digital signature.

An that represents the deformatter algorithm for the digital signature. The deformatter algorithm for the digital signature. 2

When overridden in a derived class, gets the formatter algorithm for the digital signature.

An that represents the formatter algorithm for the digital signature. The formatter algorithm for the digital signature. 2

When overridden in a derived class, gets a value that indicates whether the private key is available.

true when the private key is available; otherwise, false. 2

Represents a base class for key identifier clauses that are based upon binary data.

Initializes a new instance of the class using the specified key identifier clause type, binary data and a value that indicates whether the binary data must be cloned.

The key identifier clause type. Sets the value of the property. An array of that contains the binary data that represents the key identifier. true to clone the array passed into the parameter; otherwise, false. is null. is zero length.

Initializes a new instance of the class using the specified key identifier clause type, binary data, a value that indicates whether the binary data must be cloned, a nonce and the key length.

The key identifier clause type. Sets the value of the property. An array of that contains the binary data that represents the key identifier. Sets the binary data that is returned by the method. true to clone the array passed into the parameter; otherwise, false. An array of that contains the nonce that was used to create a derived key. Sets the value that is returned by the method. The size of the derived key. Sets the value of the property. is null. is zero length.

Gets the binary data that represents the key identifier.

An array of that contains the binary data that represents the key identifier. 2

Gets the binary data that represents the key identifier.

An array of that contains the binary data that represents the key identifier.

Returns a value that indicates whether the binary data for the current instance matches the specified binary data.

true if is equivalent to the binary data returned by the method; otherwise, false. An array of to compare to. 2

Returns a value that indicates whether the binary data for the current instance is equivalent to the specified binary data at the specified offset.

true if the binary data in the parameter starting at the index specified in the parameter is equivalent to the binary data returned by the method (starting at index zero); otherwise, false. An array of to compare to. The index in the array at which the comparison starts. 2

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified key identifier clause.

true if is of type and the binary data returned by the method is identical for the parameter and the current instance; otherwise, false. A to compare to. 2

Represents a key identifier clause that identifies an encrypted key.

Initializes a new instance of the class using the specified key that is encrypted and the cryptographic algorithm used to encrypt the key.

Initializes a new instance of the class using the specified key that is encrypted, the cryptographic algorithm used to encrypt the key, and a key identifier for the encrypting key.

Initializes a new instance of the class using the specified key that is encrypted, the cryptographic algorithm used to encrypt the key, a key identifier for the encrypting key and a user-readable name.

An array of that contains a key that is encrypted. Sets the value that is returned from the method. The cryptographic algorithm that is used to encrypt the key. Sets the value of the property. A that represents the key identifier for the encrypting key specified in the parameter. Sets the value of the property. A user-readable name that is associated with the key specified in the parameter. Sets the value of the property. is null.-or- is null. is zero length. 2

Initializes a new instance of the class using the specified key that is encrypted, the cryptographic algorithm used to encrypt the key, a key identifier for the key and a user-readable name.

An array of that contains a key that is encrypted. Sets the value that is returned from the method. The cryptographic algorithm that is used to encrypt the key. Sets the value of the property. A that represents the key identifier for the key specified in the parameter. Sets the value of the property. A user-readable name that is associated with the key specified in the parameter. Sets the value of the property. An array of that contains the nonce that was used to create a derived key. Sets the value that is returned by the method. The size of the derived key. Sets the value of the property. is null.-or- is null. is zero length. 2

Gets a user-readable name that is associated with the encrypted key.

A user-readable name that is associated with the encrypted key. 2

Gets a key identifier for the encrypting key.

A that represents the key identifier for the encrypting key. 2

Gets the cryptographic algorithm that is used to encrypt the key.

The cryptographic algorithm that is used to encrypt the key. 2

Gets the encrypted key.

An array of that contains the encrypted key. 2

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified encrypted key, encryption method and user-readable name.

true if the , and parameters have the same values returned by the method and the and the properties, respectively; otherwise, false. An array of that contains a key that is encrypted. The cryptographic algorithm that is used to encrypt the key. A user-readable name that is associated with the encrypted key. 2

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified key identifier clause.

true if is of type and has the same encrypted key, encryption method and user-readable name as the current instance; otherwise, false. A to compare to. is null. 2

Returns a string that represents the current object.

The current object. 2

Represents a security token that is based upon XML.

Initializes a new instance of the class.

An that represents the XML that is associated with the security token. Sets the property. A that represents the proof token for the security token. Sets the property. A that represents the first instant in time at which this security token is valid. Sets the property. A that represents the last instant in time at which this security token is valid. Sets the property. A that represents a reference to this security token when it is included in a SOAP message in which it is referenced. Sets the property. A that represents a reference to this security token when it is not included in a SOAP message in which it is referenced. Sets the property. A of type that contains the set authorization policies for this security token. is null.-or- is null. 2

Gets the collection of authorization policies for this security token.

A of type that contains the set authorization policies for this security token. 2

Gets a value that indicates whether this security token is capable of creating the specified key identifier clause.

true when is not null and the same type as either the or property values; otherwise, false. A that specifies the key identifier to create. 2

Creates the specified key identifier clause.

A that is a key identifier clause for a security token. A that specifies the key identifier to create. is not null and not the same type as one of the or property values. 2

Gets a security key identifier clause that references this security token when this security token is not included in the SOAP message in which it is referenced.

A that represents a reference to this security token when it is not included in a SOAP message in which it is referenced. 2

Gets a unique identifier of the security token.

The unique identifier of the security token. 2

Gets a security key identifier clause that references this security token when this security token is included in the SOAP message in which it is referenced.

A that represents a reference to this security token when it is included in a SOAP message in which it is referenced. 2

Returns a value that indicates whether the key identifier for this instance is equal to the specified key identifier.

true when is not null and matches either the or property values; otherwise, false. An to compare to this instance. 2

Gets the proof token for the security token.

A that represents the proof token for the security token. 2

Gets the cryptographic keys associated with the proof token.

A of type that contains the set of keys associated with the proof token. 2

Gets the XML that is associated with the security token.

An that represents the XML that is associated with the security token. 2

Returns the current object.

The current object. 2

Gets the first instant in time at which this security token is valid.

A that represents the first instant in time at which this security token is valid. 2

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid. 2

Represents keys that are generated using symmetric algorithms and are only stored in the local computer's random access memory.

Initializes a new instance of the class using the specified symmetric key.

An array of that contains the symmetric key. is null. is zero length. 2

Initializes a new instance of the class using the specified symmetric key and a value that indicates whether the binary data must be cloned.

An array of that contains the symmetric key. true to clone the array passed into the parameter; otherwise, false. is null. is zero length. 2

Decrypts the specified encrypted key.

An array of that contains the decrypted key. The cryptographic algorithm that was used to encrypt the key. An array of that contains the encrypted key. is not supported. The supported algorithms are , , , and . 2

Encrypts the specified key.

An array of that contains the encrypted key. The cryptographic algorithm to encrypt the key with. An array of that contains the key. is not supported. The supported algorithms are , , , or . 2

Generates a derived key using the specified cryptographic algorithm and parameters for the current key.

An array of that contains the derived key. A URI that represents the cryptographic algorithm to use to generate the derived key. An array of that contains the label parameter for the cryptographic algorithm. An array of that contains the nonce that is used to create a derived key. The size of the derived key. The position at which the derived key is located in the byte array that is returned from this method. is not supported. The supported algorithms is . 2

Gets a transform that decrypts cipher text using the specified cryptographic algorithm.

An that represents the decryption transform. A cryptographic algorithm that decrypts cipher text, such as encrypted XML. An array of that contains the initialization vector (IV) for the specified algorithm. is not supported. The supported algorithms are , , , and . 2

Gets a transform that encrypts XML using the specified cryptographic algorithm.

An that represents the encryption transform. A cryptographic algorithm that encrypts XML. An array of that contains the initialization vector (IV) for the specified algorithm. is not supported. The supported algorithms are , , , and . 2

Gets the size, in bits, of the initialization vector (IV) that is required for the specified cryptographic algorithm.

The size, in bits, of the initialization vector (IV) that is required for the cryptographic algorithm specified in the parameter. The cryptographic algorithm to get the size of the initialization vector (IV). is not supported. The supported algorithms are , , , and . 2

Gets an instance of the specified keyed hash algorithm.

A that represents the keyed hash algorithm. The keyed hash algorithm to get an instance of. is not supported. The supported algorithms is . 2

Gets an instance of the specified symmetric algorithm.

A that represents the symmetric algorithm. The symmetric algorithm to get an instance of. is not supported. The supported algorithms are , , , , , , , and 2

Gets the bytes that represent the symmetric key.

An array of that contains the symmetric key. 2

Gets a value that indicates whether the specified algorithm uses asymmetric keys.

true when the specified algorithm uses asymmetric keys; otherwise, false. The cryptographic algorithm. 2

Gets a value that indicates whether the specified algorithm is supported by this class.

true when the specified algorithm is supported by this class; otherwise, false. The cryptographic algorithm. 2

Gets a value that indicates whether the specified algorithm uses symmetric keys.

true when the specified algorithm uses symmetric keys; otherwise, false. The cryptographic algorithm. 2

Gets the size, in bits, of the key.

The size, in bits, of the key. 2

Represents a security token that is based upon a Kerberos ticket that is received in a SOAP message.

Initializes a new instance of the class using the specified Kerberos ticket.

An array of that contains a Kerberos ticket. 2

Initializes a new instance of the class using the specified Kerberos ticket and unique identifier.

An array of that contains the Kerberos ticket. A unique identifier of the security token. Sets the value of the property. 2

Gets a value that indicates whether this security token is capable of creating the specified key identifier.

true when is of type ; otherwise, false. A that specifies the type of key identifier to create. 2

Creates the specified key identifier clause.

A that is a key identifier clause for the security token. A that specifies the type of key identifier to create. 2

Gets the Kerberos ticket.

An array of that contains the Kerberos ticket. 2

Returns a value that indicates whether the key identifier for this instance matches the specified key identifier.

true if is of type and the Kerberos ticket match; otherwise, false. A to compare to this instance. 2

Gets the symmetric session key for the Kerberos ticket that is associated with this security token.

A that contains the symmetric session key for the Kerberos ticket that is associated with this security token. 2

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token. 2

Represents a security token that is based upon a Kerberos ticket that is sent in an SOAP request.

Initializes a new instance of the class using a service that is associated with the specified service principal name.

The service principal name for the security token. Sets the property. is null. A Kerberos ticket cannot be obtained for the current user. 2

Initializes a new instance of the class.

The service principal name for the security token. Sets the property. One of the values that specifies how the client allows the security token to be impersonated. A that specifies the user to get a security token for. A unique identifier of the security token. Sets the value of the property. is null.-or- is null. is not null, not equal to and the property is empty or null. A Kerberos ticket cannot be obtained for the specified user. is not Impersonation or Identity. 2

Gets a value that indicates whether this security token is capable of creating the specified key identifier.

true when is of type ; otherwise, false. A that specifies the key identifier to create. 2

Creates the specified key identifier clause.

A that is a key identifier clause for the security token. A that specifies the key identifier to create. 2

Gets the Kerberos ticket request.

An array of that contains the result Kerberos ticket request. 2

Gets a unique identifier of the security token.

A unique identifier of the security token. 2

Returns a value that indicates whether the key identifier for this instance matches the specified key identifier.

true if is of type and the results of the Kerberos ticket request match; otherwise, false. A to compare to this instance. 2

Gets the symmetric session key for the Kerberos ticket that is associated with this security token.

A that contains the symmetric session key for the Kerberos ticket that is associated with this security token. 2

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token. 2

Gets the service principal name for the security token.

The service principal name for the security token. 2

Gets the first instant in time at which this security token is valid.

A that represents the instant in time at which this security token is first valid. 2

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid. 2

Represents a key identifier clause that identifies a or security token.

Initializes a new instance of the class using the specified SHA-1 hash of a Kerberos service ticket.

An array of that contains the SHA-1 hash of a Kerberos service ticket. is null. 2

Initializes a new instance of the class using the specified Kerberos ticket, nonce, and key length.

An array of that contains the SHA-1 hash of a Kerberos service ticket. An array of that contains the nonce that was used to create a derived key. The size of the derived key. is null. is zero length. 2

Gets the SHA-1 hash of a Kerberos service ticket.

An array of that contains the SHA-1 hash of a Kerberos service ticket. 2

Returns the current object.

A that represents the current object. 2

Represents a key identifier clause that identifies a security tokens specified in the security header of the SOAP message.

Initializes a new instance of the class using the specified identifier and array of types.

The value of the wsu:Id attribute for an XML element within the current SOAP message. Sets the value of the property. is null. is empty. 2

Initializes a new instance of the class using the specified identifier, nonce, derived key length an owner security token type.

The value of the wsu:Id attribute for an XML element within the current SOAP message. Sets the value of the property. An array of that contains the nonce that was used to create a derived key. Sets the value that is returned by the method. The size of the derived key. Sets the value of the property. A that is the type of security token that is referred to by the parameter. Sets the value of the property. is null. is empty. 2

Initializes a new instance of the class using the specified identifier an owner security token type.

The value of the wsu:Id attribute for an XML element within the current SOAP message. Sets the value of the property. A that is the type of security token that is referred to by the parameter. Sets the value of the property. is null. is empty. 2

Gets the value of the wsu:Id attribute for an XML element within the current SOAP message.

The value of the wsu:Id attribute for an XML element within the current SOAP message. 2

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified key identifier clause.

true if is of type and the values of the and properties match the current instance; otherwise, false. See the remarks for more details. A to compare to. 2

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified reference and type.

true if the and parameters match the values of the and properties; otherwise, false. See the remarks for more details. The value of the wsu:Id attribute for an XML element within the current SOAP message. A that is the type of security token that is referred to by the parameter. 2

Gets the type of security token that is referred to by the property.

A that contains the type of security token that is referred to by the property. 2

Returns a string that represents the current object.

A that represents the current object. 2

Represents a key identifier clause that identifies a security token.

Initializes a new instance of the class using the specified RSA algorithm.

An that represents an RSA algorithm. Sets the value of the property. is null. 2

Gets a value that indicates whether a key can be created from the key identifier clause.

true in all cases. 2

Creates a key using the RSA algorithm.

A that is a key created using the RSA algorithm specified in the constructor. 2

Gets the Exponent parameter for the RSA algorithm.

An array of that contains the Exponent parameter for the RSA algorithm. 2

Gets the Modulus parameter for the RSA algorithm.

An array of that contains the Modulus parameter for the RSA algorithm. 2

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified key identifier clause.

true if is of type and the arrays returned by the and methods for the parameter are identical to the current instance; otherwise, false. A to compare to. 2

Returns a value that indicates whether the key identifier for this instance matches the specified RSA algorithm.

true if the and fields of the parameter match the values returned by the and methods for the current instance; otherwise, false. An that represents an RSA algorithm. 2

Gets the RSA algorithm that is associated with the key identifier clause.

An that represents an RSA algorithm. 2

Returns a string that represents the current object.

A that represents the current object. 2

Writes the Base64 encoded Exponent parameter of the RSA algorithm into the specified XML serializer.

A to write the Base64 encoded Exponent parameter of the RSA algorithm. is null. 2

Writes the Base64 encoded Modulus parameter of the RSA algorithm into the specified XML serializer.

A to write the Base64 encoded Modulus parameter of the RSA algorithm. is null. 2

Represents a security key that is generated using the RSA algorithm. This class cannot be inherited.

Initializes a new instance of the class using the specified RSA algorithm.

An that represents an RSA algorithm. is null. 2

Decrypts the specified encrypted key.

An array of that contains the decrypted key. The cryptographic algorithm that was used to encrypt the key. The supported algorithms are and . An array of that contains the encrypted key. is not supported. The supported algorithms are and . is null. 2

Encrypts the specified key using the specified algorithm.

An array of that contains the encrypted key. The cryptographic algorithm to encrypt the key with. An array of that contains the key. is not supported. The supported algorithms are and . is null. 2

Gets the specified asymmetric cryptographic algorithm.

Gets a cryptographic algorithm that generates a hash for a digital signature.

A that generates hashes for digital signatures. The hash algorithm. The supported algorithm is . is not supported. The supported algorithm is . 2

Gets the de-formatter algorithm for the digital signature.

An that represents the de-formatter algorithm for the digital signature. The de-formatter algorithm for the digital signature to get an instance of. The supported algorithm is . is not supported. The supported algorithm is . 2

Gets the formatter algorithm for the digital signature.

An that represents the formatter algorithm for the digital signature. The formatter algorithm for the digital signature to get an instance of. The supported algorithm is . is not supported. The supported algorithm is . 2

Gets a value that indicates whether the private key is available.

true when the private key is available; otherwise, false. 2

Gets a value that indicates whether the specified algorithm uses asymmetric keys.

true when the specified algorithm uses asymmetric keys; otherwise, false. The cryptographic algorithm. 2

Gets a value that indicates whether the specified algorithm is supported by this class.

true when the specified algorithm is , , or ; otherwise, false. The cryptographic algorithm. 2

Gets a value that indicates whether the specified algorithm uses symmetric keys.

true when the specified algorithm uses symmetric keys; otherwise, false. The cryptographic algorithm. 2

Gets the size, in bits, of the key.

The size, in bits, of the key. 2

Represents a security token that is based upon key that is created using the RSA algorithm.

Initializes a new instance of the class using the specified RSA algorithm.

A that represents a RSA algorithm that is capable of creating an asymmetric key. Sets the value of the property. is null. 2

Initializes a new instance of the class using the specified RSA algorithm and unique identifier.

A that represents a RSA algorithm that is capable of creating an asymmetric key. Sets the value of the property. A unique identifier of the security token. Sets the value of the property. is null.-or- is null. 2

Gets a value that indicates whether this security token is capable of creating the specified key identifier.

true when is of type ; otherwise, false. A that specifies the type of key identifier to create. 2

Creates the specified key identifier clause.

A that is a key identifier clause for the security token. A that specifies the key identifier to create. 2

Allows the to free resources before it is destroyed by the garbage collector.

Gets a unique identifier of the security token.

A unique identifier of the security token. 2

Returns a value that indicates whether the key identifier for this instance matches the specified key identifier.

true if is of type and the keys match; otherwise, false. A to compare to this instance. 2

Gets a RSA algorithm that is capable of creating an asymmetric key.

A that represents a RSA algorithm that is capable of creating an asymmetric key. 2

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token. 2

Gets the first instant in time at which this security token is valid.

A that represents the instant in time at which this security token is first valid. 2

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid. 2

Specifies whether the subject of a security token is granted access to a given resource.

Specifies that access to a resource is granted.

Specifies that access to a resource is denied.

Specifies that the security token service that issued the security token does not have enough information to determine the access permissions for a particular resource. A recipient of the security token must use other means to determine the user's access permissions.

Represents the <saml:Action> element within a SAML assertion that contains an action on a specified resource.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified action.

The action that the subject of the security token seeks to perform on the specified resource. is null.-or- is . 2

Initializes a new instance of the class using the specified action.

The action that the subject of the security token seeks to perform on the specified resource. The XML namespace in which the parameter is defined. is null.-or- is . 2

Gets or sets the action that the subject of the can perform on the specified resource.

Gets or sets the action that the subject of the security token seeks to perform on the specified resource. The property is set to null.-or-The property is set to . The value of the property is true and the property is set. 2

Gets a value that indicates whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. 2

Causes this instance to be read-only.

Gets or sets the XML namespace in which the property is defined.

The XML namespace in which the property is defined. The property is true and the property is set. 2

Reads the <saml:Action> element using the specified XML reader.

A to read the <saml:Action> XML element. A that is capable of reading XML elements in the SAML assertion that are defined in the SAML specification. A that can read a KeyInfo clause. A that determines the security token that created the digital signature for SAML assertions referenced by the <saml:Advice> XML element. is null.-or- is null. 2

Writes the into the specified XML writer as a <saml:Action> element.

A to write the <saml:Action> element. A that is capable of writing the <saml:Action> element and its child elements and attributes that are defined in the SAML specification. A that is capable of writing KeyInfo clauses. is null.-or- is null. 2

Represents the <saml:Advice> element within a SAML assertion that contains additional information provided by the SAML authority.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified collection of SAML assertions.

An of type that contains SAML assertions that provides additional information for a SAML assertion. contains a null element. 2

Initializes a new instance of the class.

An of type that contains a collection of references to SAML assertions that provide additional information on a SAML assertion. contains a null element. 2

Initializes a new instance of the class using the specified collections of SAML assertions and SAML assertion references.

An of type that contains a collection of references to SAML assertions that provide additional information on a SAML assertion. An of type that contains SAML assertions that provide additional information for a SAML assertion. contains a null element.-or- contains a null element. 2

Gets a collection of references to SAML assertions.

An of type that contains a collection of references to SAML assertions that provide additional information on a SAML assertion. 2

Gets a collection of SAML assertions.

An of type that contains SAML assertions that provides additional information for a SAML assertion. 2

Gets a value indicating whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Causes this instance to be read-only.

Reads the <saml:Advice> XML element using the specified XML reader.

An to read the <saml:Advice> XML element. A that is capable of reading XML elements in the SAML assertion that are defined in the SAML specification. A that can read a KeyInfo clause. A that determines the security token that created the digital signature for SAML assertions that contain this <saml:Advice> XML element. is null-or- is null The <saml:Advice> element does not conform to the XML schema for the <saml:Advice> element. 2

Writes this into the specified XML writer as an <saml:Advice> element.

A to write the <saml:Advice> element. A that is capable of writing the <saml:Advice> element and its child elements and attributes that are defined in the SAML specification. A that is capable of writing KeyInfo clauses. is null-or- is null 2

Represents a Security Assertion Markup Language 1.1 (SAML 1.1) assertion.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified SAML assertion identifier, issuer of the assertion, the date and time when the assertion was issued, a set of processing conditions, additional information, and a collection of SAML statements.

The identifier for the assertion. The SAML authority that issued this SAML assertion. A that specifies when the SAML assertion was issued. A that specifies a set of conditions that may be taken into account when assessing the validity of the SAML assertion. A that specifies additional information supplied by the SAML authority that can aide in the processing of the SAML assertion. An of type that contain SAML statements. is null-or- is -or- does not start with a letter or the "_" character.-or- is null-or- is -or- is null-or- does not contain any elements-or- contains a null element 2

Gets or sets additional information related to the that is supplied by the SAML authority that can aide in the processing of the SAML assertion.

A that specifies additional information that is supplied by the SAML authority that can aide in the processing of the SAML assertion. The property is set and the property is true. 2

Gets or sets the identifier for this assertion.

The identifier for this assertion. The value of the property is true and an attempt is made to set the property. An attempt is made to set the property to null or an empty string. 2

Gets or sets a set of conditions that may be taken into account when assessing the validity of the SAML assertion.

A that specifies a set of conditions that may be taken into account when assessing the validity of the SAML assertion. The property is true and an attempt is made to set the property. 2

Gets a value indicating whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Gets or sets the date and time when the SAML assertion was issued.

A expressed in the Coordinated Universal Time (UTC) that specifies when the SAML assertion was issued. The property is true and an attempt is made to set the property. 2

Gets or sets the name of the SAML authority that issued this SAML assertion.

The SAML authority that issued this SAML assertion. The property is true and an attempt is made to set the property. An attempt is made to set the property to null or an empty string. 2

Gets the major version of the SAML specification to which this SAML assertion conforms.

The major version of the SAML specification to which this SAML assertion conforms. The default value is the value of the property. 2

Causes this instance to be read-only.

Gets the minor version of the SAML specification to which this SAML assertion conforms.

The minor version of the SAML specification to which this SAML assertion conforms. The default value is the value of the property. 2

Reads the digital signature for a SAML assertion from an XML reader.

A to read the digital signature. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. A that is capable of reading XML elements that are defined in the SAML specification. is null-or- is null-or-the digital signature has not been read from the SAML assertion yet.

Reads a SAML assertion from the specified XML reader.

A to read the SAML assertion. A that is capable of reading XML elements in the SAML assertion that are defined in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null-or- is null the method had been previously called and that SAML assertion was digitally signed. does not refer to a SAML assertion that is compliant with the SAML 1.1 specification. 2

Gets or sets the security credentials that are used to digitally sign the SAML assertion.

A that is used to digitally sign the SAML assertion. The property is true and an attempt is made to set the property. 2

Gets the security token contained in or referenced by a digitally signed SAML assertion.

A contained in or referenced by a digitally signed SAML assertion. 2

Gets the set of SAML statements associated with the SAML assertion.

An of type that contains the SAML statements associated with the SAML assertion. 2

Writes the SAML assertion into the specified XML writer as a <saml:Assertion> element.

A to write the SAML assertion. A that is capable of writing the objects in the to XML. A that is capable of writing KeyInfo clauses. is null-or- is null the is configured such that serializing it into XML would result non-compliance with the SAML v1.1 specification. 2

Represents a <KeyIndentifier> element that references a <saml:Assertion> element in a SOAP message.

Initializes a new instance of the class using the specified SAML assertion identifier.

The identifier of the that contains the key identifier is null. 2

Initializes a new instance of the class using the specified SAML assertion identifier, nonce, and key length.

The identifier of the that contains the key identifier. An array of that contains the nonce that was used to create a derived key. The size of the derived key. is null. 2

Gets the identifier for the that contains the key identifier.

The identifier for the that contains the key identifier. 2

Determines whether the specified key identifier is the same as the current instance.

true when the specified key identifier is the same as the current instance; otherwise, false. A to be compared. 2

Determines whether the specified SAML assertion identifier is the same as the current instance.

true when has the same value as the current instance's property; otherwise, false. The SAML assertion identifier to be compared. 2

Returns a that includes the SAML assertion identifier that represents the current key identifier clause.

A that includes the SAML assertion identifier that represents the current instance. 2

Represents an attribute that is associated with the subject of a .

Initializes a new instance of the class.

Initializes a new instance of the class using the specified claim.

A that represents an attribute of the subject for a security token. is null. The property of is not of type .-or-The property of is not .-or-The property of does not have a '/' character or it is in the first or last index positions. 2

Initializes a new instance of the class using the specified attribute name, XML namespace, and attribute values.

The XML namespace in which the parameter is defined. The name of the SAML attribute. An that contains the values of the SAML attribute. is null.-or- is null.-or- is null. The property of is not of type .-or-The property of is not .-or-The property of does not have a '/' character or it is in the first or last index positions. 2

Gets a collection of attribute values for the SAML attribute.

A that contains the set of attribute values for the SAML attribute. 2

Gets a collection of claims that this SAML attribute represents.

A of type that contains the set of claims that this SAML attribute represents. 2

Gets a value that indicates whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Causes this instance to be read-only.

Gets or sets the name of the SAML attribute.

The name of the SAML attribute. The property is set and the property is true. The property is set to null. 2

Gets or sets the XML namespace in which the name of the SAML attribute is defined.

The XML namespace in which the name of the SAML attribute is defined. 2

Reads the SAML attribute from the specified XML reader.

A to read the SAML attribute. A that is capable of reading XML elements in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null.-or- is null. refers to an XML element that does not have the AttributeName and AttributeNamespace attributes. 2

Writes the SAML attribute into the specified XML serializer.

A to write the SAML attribute. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing KeyInfo clauses. is null.-or- is null. 2

Contains a set of attributes associated with a particular .

Initializes a new instance of the class.

Initializes a new instance of the class using the specified subject and set of attributes associated with the subject.

A that specifies the subject of the claim. An of type that contains a set of attributes associated with the subject. is null. contains a member that is null.-or- contains zero members. 2

Adds the specified set of claims as attributes to this SAML statement.

An of type that contains the set of claims to add to the SAML statement.

Gets a collection of attributes associated with the subject of the SAML assertion.

An of type that contains a set of attributes associated with the subject. 2

Gets a value indicating whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Causes this instance to be read-only.

Reads the SAML attribute statement from the specified XML reader.

An to read the SAML attribute statement. A that is capable of reading XML elements in the SAML attribute statement that is defined in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null-or- is null refers to an XML element that does not contain a <saml:Subject> element-or- refers to an XML element that contains a <saml:Attribute> element that does not have an attribute value. 2

Writes the SAML attribute statement into the specified XML serializer.

An to write the SAML attribute statement. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing KeyInfo clauses. is null-or- is null 2

Specifies that a SAML assertion is addressed to a particular audience.

Initializes a new instance of the class.

Initializes a new instance of the class with the specified set of audiences a SAML assertion is intended for.

An of type that contain a set of intended audiences. is null. 2

Gets the set of audiences a SAML assertion is intended for.

An of type that contain a set of intended audiences. 2

Gets a value that indicates whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. 2

Causes this instance to be read-only.

Reads the <AudienceRestrictionCondition> element from the specified XML reader.

A to read the <AudienceRestrictionCondition> element. A that is capable of reading XML elements in the SAML assertion that are defined in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null.-or- is null. The <AudienceRestrictionCondition> element has a child <Audience> element does not have a value. 2

Writes the <AudienceRestrictionCondition> element into the specified XML serializer.

A to write the <AudienceRestrictionCondition> element. A that is capable of writing XML elements in the SAML assertion that is defined in the SAML specification. A that is capable of writing KeyInfo clauses. is null.-or- is null. 2

Represents the resource type for a claim that is created from a .

Initializes a new instance of the class using the specified instant in time, authentication method, DNS domain name, and IP address.

A that specifies the instant in time at which the subject was authenticated. A URI reference that specifies how the subject was authenticated. The DNS domain name in which the computer that authenticated the subject resides. The IP address of the computer that authenticated the subject. 2

Initializes a new instance of the class using the specified instant in time, authentication method, DNS domain name, IP address, and reference to additional information.

Gets the instant in time at which the subject was authenticated.

A that specifies the instant in time at which the subject was authenticated. 2

Gets or sets the method that was used to authenticate the subject.

The method that was used to authenticate the subject. 2

Gets additional information about the subject.

An of type that contains additional information about the subject. 2

Gets the DNS domain name in which the computer that authenticated the subject resides.

The DNS domain name in which the computer that authenticated the subject resides. 2

Returns a value that indicates whether the instance is equal to the specified object.

true if is a and has the same value as this instance; otherwise, false. An object to compare to this instance. 2

Returns the hash code for the .

A hash code for the . 2

Gets or sets the IP address of the computer that authenticated the subject.

The IP address of the computer that authenticated the subject. 2

Represents a claim for a security token that asserts that the subject was authenticated by a particular means at a particular time.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified authentication details.

A that represents the subject of the claim. A URI reference that specifies how the subject was authenticated. A that specifies the instant in time at which the subject was authenticated. The DNS domain name in which the computer that authenticated the subject resides. The IP address of the computer that authenticated the subject. An of type that contains additional information about the subject. contains a member that is null. 2

Adds a claim based on the properties of this instance to the specified collection of claims.

An of type that contains the set of claims to add to. is null.

Gets or sets the instant in time at which the subject was authenticated.

A that specifies the instant in time at which the subject was authenticated.Exception typeConditionThe property is set and the property is true. 2

Gets or sets the method used to authenticate the subject.

The method used to authenticate the subject. The default value is urn:oasis:names:tc:SAML:1.0:am:unspecified. The property is set and the property is true. 2

Gets additional information about the subject.

An of type that contains additional information about the subject. 2

Gets the type of security claim.

A that specifies the type of security claim. Always http://schemas.microsoft.com/mb/2005/09/ClaimType/SamlAuthentication. 2

Gets or sets the DNS domain name in which the computer that authenticated the subject resides.

The DNS domain name in which the computer that authenticated the subject resides. The property is set and the property is true. 2

Gets or sets the IP address of the computer that authenticated the subject.

The IP address of the computer that authenticated the subject. 2

Gets a value that indicates whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Causes this instance to be read-only.

Reads the SAML authentication statement from the specified XML reader.

A to read the SAML authentication statement. A that is capable of reading XML elements in the SAML authentication statement that is defined in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null-or- is null refers to an XML element that does not contain the AuthenticationInstant and AuthenticationMethod attributes.-or- refers to an XML element that does not have a <saml:Subject> child element. 2

Writes the SAML authentication statement into the specified XML serializer.

A to write the SAML authentication statement. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing KeyInfo clauses. is null-or- is null. 2

Specifies how to retrieve additional information about the subject of a security token.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified query types, protocol binding, and SAML authority location.

An that represents the type of queries that the SAML authority that has additional information about the subject responds to. A URI reference that identifies the SAML protocol binding to use when communicating with the SAML authority that has additional information about the subject. A URI reference that describes how to locate and communicate with the SAML authority that has additional information about the subject. 2

Gets or sets the type of queries that the SAML authority that has additional information about the subject, responds to.

An that represents the type of queries that the SAML authority that has additional information about the subject, responds to. The property is set and the property is true. The property is set to null. 2

Gets or sets the SAML protocol binding to use when communicating with the SAML authority that has additional information that has additional information about the subject.

A URI reference that identifies the SAML protocol binding to use when communicating with the SAML authority that has additional information that has additional information about the subject. The property is set and the property is true. The property is set to null. 2

Gets a value indicating whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Gets or sets how to locate and communicate with the SAML authority that has additional information that has additional information about the subject.

A URI reference that describes how to locate and communicate with the SAML authority that has additional information about the subject. The property is set and the property is true. The property is set to null. 2

Causes this instance to be read-only.

Reads the <AuthorityBinding> element from the specified XML reader.

A to read the <AuthorityBinding> element. A that is capable of reading XML elements in the SAML assertion that are defined in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null-or- is null does not refer to a SAML assertion The <AuthorityBinding> element does not have one of the AuthorityKind, Location, or Binding attributes. 2

Writes the <AuthorityBinding> element into the specified XML serializer.

A to write the <AuthorityBinding> element. A that is capable of writing XML elements in the SAML assertion that is defined in the SAML specification. A that is capable of writing KeyInfo clauses. is null-or- is null 2

Represents a claim for a security token that asserts an authorization decision regarding access to a specific resource.

Initializes a new instance of the class using the specified resource the subject is seeking access to, the authorization decision regarding the resource, the action sought on the resource, and the XML namespace in which the action is defined.

The resource the subject is seeking access to. The authorization decision rendered by the SAML authority regarding the access to the resource by the subject. The XML namespace in which the action specified in the parameter is defined. The action sought by the subject on the resource specified in the parameter. is null.-or- is null. 2

Gets the authorization decision rendered by the SAML authority regarding the access to the resource by the subject.

The authorization decision rendered by the SAML authority regarding the access to the resource by the subject. 2

Gets the action sought by the subject on the resource specified in the property.

The action sought by the subject on the resource specified in the property. 2

Gets the XML namespace in which the action specified in the property is defined.

The XML namespace in which the action specified in the property is defined. 2

Returns a value that indicates whether the instance is equal to the specified object.

true if is a and has the same value as this instance; otherwise, false. An object to compare to this instance. 2

Returns the hash code for the .

A hash code for the . 2

Gets the resource the subject is seeking access to.

A URI that represents the resource the subject is seeking access to. 2

Represents a claim for a security token that asserts that an authorization decision regarding access by the subject to the specified resource has been made.

Initializes a new instance of the class.

Initializes a new instance of the class. using the specified subject, resource, authorization decision, and the actions sought by the subject on the resource.

A that represents the subject of the claim. Sets the property. A URI reference that identifies the resource to which access is sought. Sets the property. A that specifies the authorization decision rendered by the SAML authority with respect to access by the subject to the specified resource. Sets the property. An of type that specifies the set of actions that the subject is authorized to perform on the resource. Sets the property. is null.-or- contains a member that is null.-or- is null. contains a member that is null.-or- is null or empty. 2

Initializes a new instance of the class. using the specified subject, resource, authorization decision, and the actions sought by the subject on the resource.

A that represents the subject of the claim. Sets the property. A URI reference that identifies the resource to which access is sought. Sets the property. A that specifies the authorization decision rendered by the SAML authority with respect to access by the subject to the specified resource. Sets the property. An of type that specifies the set of actions that the subject is authorized to perform on the resource. Sets the property. A that contains a set of SAML assertions that the SAML authority relied on to render the authorization decision. Sets the property. 2

Gets or sets the authorization decision rendered by the SAML authority with respect to access by the subject to the specified resource.

One of the values that specify the authorization decision rendered by the SAML authority with respect to access by the subject to the specified resource.Exception typeConditionThe property is set and the property is true. 2

Adds claims based on the properties of this instance to the specified collection of claims.

An of type that contains the set of claims to add to. is null.

Gets the type of security claim.

The type of security claim. Always http://schemas.microsoft.com/mb/2005/09/ClaimType/SamlAuthorizationDecision. 2

Gets or sets the evidence that the SAML authority relied on to render the authorization decision.

A that contains a set of SAML assertions that the SAML authority relied on to render the authorization decision. 2

Gets a value that indicates whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Causes this instance to be read-only.

Reads the SAML authorization statement from the specified XML reader.

A to read the SAML authorization statement. A that is capable of reading XML elements in the SAML authorization statement that is defined in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null.-or- is null. refers to an XML element that does not contain the Resource and Decision attributes.-or- refers to an XML element that does not have <saml:Subject>, <saml:Evidence>, and <saml:Action> child elements. 2

The resource to which access is sought by the subject of the security token.

A URI reference that identifies the resource to which access is sought. 2

Gets the set of actions that the subject is authorized to perform on the resource.

An of type that specifies the set of actions that the subject is authorized to perform on the resource. 2

Writes the SAML authorization statement into the specified XML serializer.

A to write the SAML authorization statement. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing KeyInfo clauses. is null.-or- is null. 2

Represents a condition that must be taken into account when assessing the validity of a SAML assertion.

Initializes a new instance of the class.

When overridden in a derived class, gets a value indicating whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

When overridden in a derived class, causes this instance to be read-only.

When overridden in a derived class, reads the condition from the specified XML reader.

A to read the condition. A that is capable of reading XML elements in the SAML authorization statement that is defined in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. 2

When overridden in a derived class, writes the condition into the specified XML serializer.

A to write the condition. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing KeyInfo clauses. 2

Represents a set of conditions that must be taken into account when assessing the validity of a SAML assertion.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified timeframe that the SAML assertion is valid.

A that specifies the earliest instant in time when the SAML assertion is valid. Sets the property. A that specifies the instant in time when the SAML assertion expires. Sets the property. 2

Initializes a new instance of the class using the specified timeframe and conditions when the SAML assertion is valid.

A that specifies the earliest instant in time when the SAML assertion is valid. Sets the property. A that specifies the instant in time when the SAML assertion expires. Sets the property. An of type that specifies a set of conditions that a recipient of a SAML assertion must take into account in assessing the validity of the assertion. Sets the property. contains a member that is null. 2

Gets the set of conditions that must be taken into consideration when assessing the validity of a SAML assertion.

An of type that specifies a set of conditions that a recipient of a SAML assertion must take into account when assessing the validity of the assertion. 2

Gets a value that indicates whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Causes this instance to be read-only.

Gets the earliest instant in time when the SAML assertion is valid.

A that specifies the earliest instant in time when the SAML assertion is valid. 2

Gets the instant in time when the SAML assertion expires.

A that specifies the instant in time when the SAML assertion expires. 2

Reads the <saml:Conditions> element from the specified XML reader.

An to read the <saml:Conditions> element. A that is capable of reading XML elements in the SAML authorization statement that is defined in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null-or- is null. 2

Writes the <saml:Conditions> element into the specified XML serializer.

A to write the <saml:Conditions> element. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing KeyInfo clauses. is null-or- is null. 2

Represents a set of constants that are used to set properties of a security token. This class cannot be inherited.

Gets the name of the attribute used to specify that the subject of a SAML assertion is specified as an e-mail address. This field is constant.

The name of the attribute used to specify that the subject of a SAML assertion is specified as an e-mail address. This field is constant. 2

Gets a URI that states the subject of a SAML assertion is specified as an e-mail address. This field is constant.

A URI that states the subject of a SAML assertion is specified as an e-mail address. 2

Gets a URI that specifies that the recipient of a SAML security token should use the <ds:KeyInfo> element to confirm that the SOAP message was sent by the SAML assertion's subject. This field is constant.

A URI that specifies that the recipient of a security token should use the <ds:KeyInfo> element to confirm that the SOAP message was sent by the SAML assertion's subject. 2

Gets the major version of the SAML specification that security tokens conform to. This field is constant.

The major version of the SAML specification that security tokens conform to. Always 1. 2

Gets the minor version of the SAML specification used by security tokens. This field is constant.

The minor version of the SAML specification. Always 1.The combination of the and properties comprises the version of the SAML specification that security tokens conform to. 2

Gets the XML namespace in which SAML assertions are defined. This field is constant.

The XML namespace in which SAML assertions are defined. 2

Gets a URI that specifies that additional information is not available for a recipient of a SAML security token to confirm that the SOAP message was sent by the SAML assertion's subject. This field is constant.

A URI that specifies that additional information is not available for a recipient of a SAML security token to confirm that the SOAP message was sent by the SAML assertion's subject. 2

Gets the name of the attribute used to specify that the subject of a SAML assertion is specified as a Windows domain account. This field is constant.

The name of the attribute used to specify that the subject of a SAML assertion is specified as a Windows domain account. This field is constant. 2

Gets a URI that states the subject of a SAML assertion is specified using a Windows domain account. This field is constant.

A URI that states the subject of a SAML assertion is specified using a Windows domain account. 2

Represents a condition that must be taken into account when assessing the validity of a SAML assertion.

Initializes a new instance of the class.

Gets a value indicating whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Causes this instance to be read-only.

Reads the <saml:DoNotCacheCondition> element from the specified XML reader.

A to read the <saml:DoNotCacheCondition>. A that is capable of reading XML elements in the SAML authorization statement that is defined in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null-or- is null does not point to a <saml:DoNotCacheCondition> element. 2

Writes the <saml:DoNotCacheCondition> element into the specified XML serializer.

A to write the <saml:DoNotCacheCondition> element. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing KeyInfo clauses. is null-or- is null 2

Represents the evidence used to render an authorization decision for a security token.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified set of SAML assertions.

An of type that contains the evidence that the SAML authority relied on to render the authorization decision. Sets the property. contains a member that is null. 2

Initializes a new instance of the class using the specified set of SAML assertion references.

Initializes a new instance of the class using the specified set of SAML assertion references and SAML assertions.

An of type that contains an identifier for a SAML assertion that specifies the evidence that the SAML authority relied on to render the authorization decision. Sets the property. An of type that contains the evidence that the SAML authority relied on to render the authorization decision. Sets the property. contains a member that is null or empty.-or- contains a member that is null.-or- and are both null. 2

Gets a collection of identifiers for SAML assertions that specify the evidence that the SAML authority relied on to render the authorization decision.

An of type that contains identifiers for SAML assertions that specify the evidence that the SAML authority relied on to render the authorization decision. 2

Gets the collection of SAML assertions that comprise the evidence that the SAML authority relied on to render the authorization decision.

An of type that contains the evidence that the SAML authority relied on to render the authorization decision. 2

Gets a value that indicates whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Causes this instance to be read-only.

Reads the evidence from the specified XML reader.

A to read the evidence. A that is capable of reading XML elements in the SAML authorization statement that is defined in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null.-or- is null. refers to an XML element that does not have at least one <saml:AssertionIDReference> or <saml:Assertion> child element. 2

Writes the evidence into the specified XML serializer.

A to write the evidence. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing KeyInfo clauses. is null.-or- is null. 2

Represents a claim for a SAML security token that asserts the subject's name.

Initializes a new instance of the class using the specified name, the domain in which the name resides, and the format the name is in.

The subject name. Sets the property. The domain in which the parameter resides. Sets the property. A URI reference that represents the format that the parameter is in. Sets the property. is null or is . 2

Returns a value that indicates whether the instance is equal to the specified object.

true if is a and has the same value as this instance; otherwise, false. An object to compare to this instance. 2

Gets a URI reference that represents the format that the subject name of a SAML security token is in.

A URI reference that represents the format that the subject name of a SAML security token is in. 2

Returns the hash code for the .

A hash code for the . 2

Gets the subject name of a SAML security token.

The subject name of a security token. 2

Gets the domain in which the subject name of a SAML security token resides in.

The domain in which the subject name of a SAML security token resides in. 2

Represents a security token that is based upon a SAML assertion.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified SAML assertion.

A that represents the SAML assertion for this security token. 2

Gets the SAML assertion for this security token.

A that represents the SAML assertion for this security token. 2

Gets a value indicating whether this security token is capable of creating the specified key identifier.

true when is of type ; otherwise, false. A that specifies the key identifier to create. 2

Creates the specified key identifier clause.

A that is a key identifier clause for a SAML security token. A that specifies the key identifier to create. is not of type . 2

Gets a unique identifier of the security token.

The unique identifier of the security token. 2

Initializes the properties of the class using the specified SAML assertion.

A that represents the SAML assertion for this security token. is null.

Returns a value indicating whether the key identifier for this instance is equal to the specified key identifier.

true if is a and it has the same unique identifier as the property; otherwise, false. An to compare to this instance. 2

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token. 2

Gets the first instant in time at which this security token is valid.

A that represents the first instant in time at which this security token is valid. 2

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid. 2

Serializes and deserializes objects into and from XML documents.

Initializes a new instance of the class.

Reads the additional information provided by the SAML authority within a <saml:Advice> element of a SAML assertion using the specified XML reader.

A that contains additional information provided by the SAML authority within a <saml:Advice> element of a SAML assertion. An to read the additional information provided by the SAML authority. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null 2

Reads a SAML assertion from the specified XML reader.

A that represents the SAML assertion. An to read the SAML assertion. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null 2

Reads an attribute of the subject of a SAML security token using the specified XML reader.

A that represents a claim that is an attribute of the subject of a SAML security token. An to read the attributes. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. 2

Reads a condition that must be taken into account when assessing the validity of a SAML assertion using the specified XML reader.

A that specifies a condition that must be taken into account when assessing the validity of a SAML assertion. An to read the SAML condition. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null. 2

Reads a set of conditions that must be taken into account when assessing the validity of a SAML assertion using the specified XML reader.

A that specifies a set of conditions that must be taken into account when assessing the validity of a SAML assertion. An to read the SAML conditions. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null. 2

Reads a SAML statement using the specified XML reader.

A that represents the SAML statement. An to read the SAML statement. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null. 2

Replaces the default set of XML elements and attributes that are recognized by this serializer with the specified dictionary of elements and attributes.

An that contains the set of XML elements and attributes. 2

Reads a SAML security token from the specified XML reader.

A security token. An to read the security token. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null refers to an XML element that does not contain a digital signature. 2

Writes the specified SAML security token into the specified XML serializer.

The to write. An to write the SAML authorization statement. A that is capable of writing KeyInfo clauses. is null-or- is null 2

Represents a claim for a security token.

Initializes a new instance of the class.

Creates an authorization policy for a security token.

An that represents an authorization policy for the security token. A that represents the issuer of the security token. A to authenticate the security token. 2

When overridden in a derived class, gets a value that indicates whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Causes this instance to be read-only.

When overridden in a derived class, reads the SAML statement from the specified XML reader.

A to read the SAML statement. A that is capable of reading XML elements in the SAML statement that is defined in the SAML specification. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. 2

Writes the SAML statement into the specified XML serializer.

A to write the SAML statement. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing KeyInfo clauses. 2

Represents the subject of a SAML security token.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified name, the domain in which the name resides, and the format the name is in.

Initializes a new instance of the class using the specified name, the domain in which the name resides, the format the name is in, authentication protocols, additional authentication information, and a key identifier.

A URI reference that represents the format that the parameter is in. Sets the property. The domain in which the parameter resides. Sets the property. The subject name. Sets the property. An of type that contains URI references that identify the protocols to authenticate the subject. Sets the property. Additional authentication information that can be used by authentication protocols. Sets the property. A that provides access to a cryptographic key held by the subject of the security token. Sets the property. is null or is . contains a null or member.-or- does not contain any members and is null or is .-or- does not contain any members and or are not null. 2

Gets a set of URI references that identify the protocols that should be used to authenticate the subject.

An of type that contains a set of URI references that identify the protocols that should be used to authenticate the subject. 2

Gets or sets the cryptographic key that is used to verify the digital signature that is identified by this SAML subject statement.

A that contains the cryptographic key that is used to verify the digital signature for a SAML security token. 2

Gets a set of claims using the properties of this class.

A of type that contains the set of claims represented by this instance. 2

Gets a set of claims using the properties of this class and the specified SAML security token authenticator.

A that contains the set of claims represented by this instance. A that authenticates the portion of a security token that corresponds to the <saml:Subject> element. is null. 2

Gets a value that indicates whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Gets or sets a key identifier that provides access to a cryptographic key held by the subject of the SAML security token.

A that provides access to a cryptographic key held by the subject of the security token. 2

Causes this instance to be read-only.

Gets or sets the subject name of a SAML security token.

The subject name of a security token. 2

Gets the claim type that is used to represent the subject name of a SAML security token.

The claim type that is used to represent the subject name of a SAML security token (). 2

Gets or sets a URI reference that represents the format that the subject name of a SAML security token is in.

A URI reference that represents the format that the subject name of a SAML security token is in. 2

Gets or sets the domain in which the subject name of a SAML security token resides in.

The domain in which the subject name of a SAML security token resides in. 2

Reads the <saml:Subject> element from the specified XML reader.

A to read the <saml:Subject> element. A that is capable of reading XML elements in a SAML assertion. A that reads the KeyInfo clause of the digital signature. A that determines the security token that created the digital signature. is null.-or- is null. refers to an XML element in which one of the following is true:Contains an <saml:NameIdentifier> element without a value.-or-Contains an <saml:ConfirmationMehtod> element without a value.-or-Contains a <saml:SubjectConfirmation> element that does not have at least one <saml:ConfirmationMethod> child element.-or-Does not contain at least one <saml:ConfirmationMethod> or <saml:NameIdentifier> element. refers to an XML element that contains a <ds:KeyInfo> element that does not have a key that can be retrieved. 2

Gets or sets additional authentication information that can be used by authentication protocols.

Additional authentication information that can be used by authentication protocols. 2

Writes the <saml:Subject> element into the specified XML serializer.

A to write the <saml:Subject> element. A that is capable of writing XML elements in a SAML assertion. A that is capable of writing KeyInfo clauses. 2

Represents a claim for a security token.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified subject.

A that identifies the subject of a security token. Sets the property.

Adds a claim based on the properties of this instance to the specified collection of claims.

An of type that contains the set of claims to add to. is null.

Creates an authorization policy for a security token.

An that represents an authorization policy for the security token. A that represents the issuer of the security token. A to authenticate the security token. 2

Gets a value indicating whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Causes this instance to be read-only.

Gets or sets the subject of a security token.

A that identifies the subject of a security token. The property is set and the property is true. 2

Sets the subject of a security token.

A that identifies the subject of a security token. is null.

Defines constants for the URIs that represent the cryptographic algorithms that are used to encrypt XML and compute digital signatures for SOAP messages.

Specifies a URI that points to the 128-bit AES cryptographic algorithm for encrypting XML. This field is constant.

Specifies a URI that points to the 128-bit AES cryptographic algorithm for encrypting and decrypting symmetric keys (key wrap). This field is constant.

Specifies a URI that points to the 192-bit AES cryptographic algorithm for encrypting XML. This field is constant.

Specifies a URI that points to the 192-bit AES cryptographic algorithm for encrypting and decrypting symmetric keys (key wrap). This field is constant.

Specifies a URI that points to the 256-bit AES cryptographic algorithm for encrypting XML. This field is constant.

Specifies a URI that points to the 256-bit AES cryptographic algorithm for encrypting and decrypting symmetric keys (key wrap). This field is constant.

Specifies a URI that points to the DES cryptographic algorithm for encrypting XML. This field is constant.

Specifies a URI that points to the DSA cryptographic algorithm for digitally signing XML. This field is constant.

Represents the Exclusive XML Without Comments Canonicalization algorithm. This field is constant.

Represents the Exclusive XML With Comments Canonicalization algorithm. This field is constant.

Specifies a URI that points to the HMAC cryptographic algorithm for digitally signing XML. This field is constant.

Specifies a URI that points to the 256-bit HMAC cryptographic algorithm for digitally signing XML. This field is constant.

Represents the P-SHA1 key generation algorithm. This field is constant.

Specifies a URI that points to the RIPEMD-160 cryptographic digest algorithm. This field is constant.

Specifies a URI that points to the RSAES-OAEP-ENCRYPT cryptographic algorithm for encrypting and decrypting asymmetric keys (key wrap). This field is constant.

Specifies a URI that points to the RSA-SHA1 cryptographic algorithm for digitally signing XML. This field is constant.

Specifies a URI that points to the RSA-SHA256 cryptographic algorithm for digitally signing XML. This field is constant.

Specifies a URI that points to the RSAES-PKCS1-v1_5 cryptographic algorithm for encrypting and decrypting asymmetric keys (key wrap). This field is constant.

Specifies a URI that points to the 160-bit SHA-1 digest algorithm. This field is constant.

Specifies a URI that points to the 256-bit SHA-256 digest algorithm. This field is constant.

Specifies a URI that points to the 512-bit SHA-512 digest algorithm. This field is constant.

Specifies a URI that points to the Transport Layer Security (TLS) algorithm for encrypting and decrypting symmetric keys (key wrap). This field is constant.

Specifies a URI that points to the Triple DES cryptographic algorithm for encrypting XML. This field is constant.

Specifies a URI that points to the Triple DES cryptographic algorithm for encrypting and decrypting symmetric keys (key wrap). This field is constant.

Specifies a URI that points to the GSS-API cryptographic algorithm for encrypting and decrypting Kerberos ticket session keys (key wrap). This field is constant.

Base class for security keys.

Initializes a new instance of the class.

When overridden in a derived class, decrypts the specified encrypted key.

An array of that contains the decrypted key. The cryptographic algorithm that was used to encrypt the key. An array of that contains the encrypted key. 2

When overridden in a derived class, encrypts the specified key.

An array of that contains the encrypted key. The cryptographic algorithm to encrypt the key with. An array of that contains the key. 2

When overridden in a derived class, gets a value that indicates whether the specified algorithm uses asymmetric keys.

true when the specified algorithm uses asymmetric keys; otherwise, false. The cryptographic algorithm. 2

When overridden in a derived class, gets a value that indicates whether the specified algorithm is supported by this class.

true when the specified algorithm is supported by this class; otherwise, false. The cryptographic algorithm. 2

When overridden in a derived class, gets a value that indicates whether the specified algorithm uses symmetric keys.

true when the specified algorithm uses symmetric keys; otherwise, false. The cryptographic algorithm. 2

When overridden in a derived class, gets the size, in bits, of the key.

The size, in bits, of the key. 2

Represents a key identifier.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified key identifier clauses.

An array of that contains the key identifier clauses. is null. 2

Adds a key identifier clause to the end of the list.

A to be added to the end of the list. is null. The value of the property is true. 2

Gets a value that indicates whether a key can be created for at least one of the key identifier clauses.

true if a key can be created for at least one of the key identifier clauses; otherwise, false. 2

Gets the number of key identifier clauses.

The number of key identifier clauses. 2

Creates a key for one of the key identifier clauses.

A that represents the created key. A key could not be created for any of the key identifier clauses. 2

Searches for a key identifier clause of the specified type and returns the first occurrence within the entire collection.

The first in the collection that is of the type specified in the parameter. A that represents the type of key identifier clause to search the collection for. is null. The collection does not contain a key identifier clause of the type specified in the parameter. 2

Returns an enumerator that iterates through the collection of key identifier clauses.

A of type for the collection. 2

Gets a value that indicates whether the properties of this instance are read-only.

true if the properties of this instance are read-only; otherwise, false. The default is false. 2

Gets the key identifier clause at the specified index.

The at the specified index. The zero-based index of the key identifier clause in the collection of key identifier clauses. is less than 0.-or- is equal to or greater than .

Causes this instance to be read-only.

Returns an enumerator that iterates through the collection of key identifier clauses.

A that can be used to iterate through the collection.

Returns the current object.

The current object. 2

Searches for a key identifier clause of the specified type and returns a value that indicates whether a clause of that type could be found. When a type is found it is returned in the out parameter.

true when a key identifier clause of the type specified in the parameter exists in the collection; otherwise, false. When this method returns, contains a that is of the type specified in the parameter when a clause of that type could be found in the collection. This parameter is passed un-initialized. A that represents the type of key identifier clause to search the collection for. 2

Represents an abstract base class for a key identifier clause.

Initializes a new instance of the class using the specified key identifier clause type.

The key identifier clause type. Sets the value of the property.

Initializes a new instance of the class using the specified key identifier clause type, nonce, and the derived key length.

The key identifier clause type. Sets the value of the property. An array of that contains the nonce that was used to create a derived key. Sets the value that is returned by the method. The size of the derived key. Sets the value of the property.

Gets a value that indicates whether a key can be created.

true if a key can be created; otherwise, false. The default is false. 2

Gets the key identifier clause type.

The key identifier clause type. 2

Creates a key based on the parameters passed into the constructor.

A that contains the created key. 2

Gets the size of the derived key.

The size of the derived key. 2

Gets the nonce that was used to generate the derived key.

An array of that contains the nonce that was used to generate the derived key. 2

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified key identifier clause.

true if is the same instance as the current instance; otherwise, false. A to compare to. is null. 2

Specifies the type of key that is associated with a security token.

Specifies that the key is a symmetric key.

Specifies that the key is an asymmetric key.

Specifies that the security token does not contain a proof-of-possession key.

Specifies how a key that is associated with a security token can be used.

Specifies that the key can be used to exchange keys between a sender and a receiver.

Specifies that the key can be used to generate a digital signature.

Represents a base class used to implement all security tokens.

Initializes a new instance of the class.

Gets a value that indicates whether this security token is capable of creating the specified key identifier.

true when is of type ; otherwise, false. A that specifies the key identifier to create. 2

Creates the specified key identifier clause.

A that is a key identifier clause for the security token. A that specifies the key identifier to create. 2

Gets a unique identifier of the security token.

The unique identifier of the security token. 2

Returns a value that indicates whether the key identifier for this instance can be resolved to the specified key identifier.

true if is a and it has the same unique identifier as the property; otherwise, false. A to compare to this instance. 2

Gets the key for the specified key identifier clause.

A that represents the key. A to get the key for. 2

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token. 2

Gets the first instant in time at which this security token is valid.

A that represents the instant in time at which this security token is first valid. 2

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid. 2

The exception that is thrown when a problem occurs while processing a security token.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified XML serialization data and contextual data about the source and destination of the serialization stream.

A that contains values that are used during serialization and deserialization. A that contains data about the source and destination of the serialization stream.

Initializes a new instance of the class using the specified error message.

A message that identifies the reason the exception occurred. 2

Initializes a new instance of the class using the specified error message and root cause of the error.

A message that identifies the reason the exception occurred. A that represents the root cause of the exception. 2

Contains a set of static properties that returns strings that represent security token types.

Gets a string that represents a security token based upon a Kerberos ticket.

A string that represents a security token based upon a Kerberos ticket. 2

Gets a string that represents a security token based upon an RSA key.

A string that represents a security token based upon an RSA key. 2

Gets a string that represents a security token based upon a SAML assertion.

A string that represents a security token based upon a SAML assertion. 2

Gets a string that represents a security token based upon a user name and password.

A string that represents a security token based upon a user name and password. 2

Gets a string that represents a security token based upon an X.509 certificate.

A string that represents a security token based upon an X.509 certificate. 2

The exception that is thrown when a received security token is invalid.

Initializes a new instance of the class.

Initializes a new instance of the class using the specified XML serialization data and contextual data about the source and destination of the serialization stream.

A that contains values that are used during serialization and deserialization. A that contains data about the source and destination of the serialization stream.

Initializes a new instance of the class using the specified error message.

A message that identifies the reason the exception occurred. 2

Initializes a new instance of the class using the specified error message and root cause of the error.

A message that identifies the reason the exception occurred. A that represents the root cause of the exception. 2

Represents the cryptographic key and security algorithms that are used to generate a digital signature.

Initializes a new instance of the class.

A that contains the cryptographic key that is used to generate the digital signature. A URI that represents the cryptographic algorithm that is used to generate the digital signature. A URI that represents the cryptographic algorithm that is used to compute the digest for the portion of the SOAP message that is to be digitally signed. 2

Initializes a new instance of the class.

Gets the cryptographic algorithm that is used to compute the digest for the portion of the SOAP message that is to be digitally signed.

A URI that represents the cryptographic algorithm that is used to compute the digest for the portion of the SOAP message that is to be digitally signed. 2

Gets the cryptographic algorithm that is used to generate the digital signature.

A URI that represents the cryptographic algorithm that is used to generate the digital signature. 2

Gets the cryptographic key that is used to generate the digital signature.

A that contains the cryptographic key that is used to generate the digital signature. 2

Gets the identifier that represents the key that is used to create a digital signature.

A that specifies the identifier that represents the key that is used to create a digital signature. 2

Represents the abstract base class for all keys that are generated using symmetric algorithms.

Initializes a new instance of the class.

When overridden in a derived class, generates a derived key using the specified cryptographic algorithm and parameters for the current key.

When overridden in a derived class, gets a transform that decrypts cipher text using the specified cryptographic algorithm.

When overridden in a derived class, gets a transform that encrypts XML using the specified cryptographic algorithm.

An that represents the encryption transform. A cryptographic algorithm that encrypts XML. An array of that contains the initialization vector (IV) for the specified algorithm. 2

When overridden in a derived class, gets the size, in bits, of the initialization vector (IV) that is required for the specified cryptographic algorithm.

When overridden in a derived class, gets an instance of the specified keyed hash algorithm.

A that represents the keyed hash algorithm. The keyed hash algorithm to get an instance of. 2

When overridden in a derived class, gets an instance of the specified symmetric algorithm.

A that represents the symmetric algorithm. The symmetric algorithm to get an instance of. 2

When overridden in a derived class, gets the bytes that represent the symmetric key.

An array of that contains the symmetric key. 2

Represents a security token that is based upon a user name and password.

Initializes a new instance of the class using the specified user name and password.

A user name. Sets the property. A password for the user name. Sets the property. is null.-or- is null. 2

Initializes a new instance of the class using the specified user name, password, and unique identifier.

A user name. Sets the property. A password for the user name. Sets the property. A unique identifier of the security token. Sets the property. is null.-or- is null.-or- is null. 2

Gets a unique identifier of the security token.

A unique identifier of the security token. 2

Gets the password for the user name associated with the security token.

The password for the user name associated with the security token. 2

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token. 2

Gets the user name that is associated with the security token.

The user name that is associated with the security token. 2

Gets the first instant in time at which this security token is valid.

A that represents the instant in time at which this security token is first valid. 2

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid. 2

Represents a security token that is based on the identity of a Windows domain or user account.

Initializes a new instance of the class.

Initializes a new instance of the class using the Windows user.

A that represents a Windows user. is null. 2

Initializes a new instance of the class using the Windows user.

A that represents a Windows user. A unique identifier for the security token. is null.-or- is null. 2

Releases all resources used by the .

Gets the unique identifier for the security token.

A unique identifier for the security token. 2

Initializes a new instance of the class using the specified unique identifier, Windows user, and the first and last instants in time when the security token is valid.

A unique identifier for the security token. Sets the value of the property. A that represents the instant in time at which this security token is first valid. Set the value of the property. A that represents the last instant in time at which this security token is valid. Sets the value of the property. A that represents a Windows user. Sets the value of the property. true to create a object that is identical to the parameter and assign that to the property; otherwise, assign the value of the parameter to the property. is null.-or- is null.

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token. 2

Throws an exception if the method has been called for this instance.

the method has been called for this instance.

Gets the first instant in time at which this security token is valid.

A that represents the instant in time at which this security token is first valid. 2

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid. 2

Gets the Windows user associated with this security token.

A that represents a Windows user. 2

Represents an asymmetric key for X.509 certificates.

Initializes a new instance of the class using the specified X.509 certificate.

The that represents the X.509 certificate. is null. 2

Decrypts the specified encrypted key using the specified cryptographic algorithm.

An array of that contains the decrypted key. The cryptographic algorithm to decrypt the key. An array of that contains the encrypted key. The X.509 certificate specified in the constructor does not have a private key.-or-The X.509 certificate has a private key, but it was not generated using the algorithm.-or-The X.509 certificate has a private key, it was generated using the algorithm, but the property is null.-or-The parameter is not supported. The supported algorithms are and . 2

Encrypts the specified encrypted key using the specified cryptographic algorithm.

An array of that contains the encrypted key. The cryptographic algorithm to encrypt the key. An array of that contains the key to encrypt. The X.509 certificate specified in the constructor has a public key that was not generated using the algorithm.-or-The parameter is not supported. The supported algorithms are and . 2

Gets the specified asymmetric cryptographic algorithm.

An that represents the specified asymmetric cryptographic algorithm. The asymmetric algorithm to create. true when a private key is required to create the algorithm; otherwise, false. is true and the X.509 certificate specified in the constructor does not have a private key.-or- is and the public or private key for the X.509 certificate specified in the constructor is not of type . -or- is , , or and the public or private key for the X.509 certificate specified in the constructor is not of type . -or- is not supported. The supported algorithms are , , , , and . 2

Gets a cryptographic algorithm that generates a hash for a digital signature.

A that generates hashes for digital signatures. The hash algorithm. is not supported. The supported algorithms are , , and . 2

Gets the de-formatter algorithm for the digital signature.

An that represents the de-formatter algorithm for the digital signature. The de-formatter algorithm for the digital signature to get an instance of. is and the public key for the X.509 certificate specified in the constructor is not of type .-or- is or and the public key for the X.509 certificate specified in the constructor is not of type .-or- is not supported. The supported algorithms are ,, and . 2

Gets the formatter algorithm for the digital signature.

An that represents the formatter algorithm for the digital signature. The formatter algorithm for the digital signature to get an instance of. The X.509 certificate specified in the constructor does not have a private key.-or- is and the private key for the X.509 certificate specified in the constructor is not of type .-or- is or and the private key for the X.509 certificate specified in the constructor is not of type .-or- is not supported. The supported algorithms are ,, and . 2

Gets a value that indicates whether the private key is a available.

true when the private key is available; otherwise, false. 2

Gets a value that indicates whether the specified algorithm uses asymmetric keys.

true when the specified algorithm is , , , , or ; otherwise, false. The cryptographic algorithm. 2

Gets a value that indicates whether the specified algorithm is supported by this class.

true when the specified algorithm is , , , , or and the public key is of the right type; otherwise, false. See the remarks for details. The cryptographic algorithm. 2

Gets a value that indicates whether the specified algorithm uses symmetric keys.

true when the specified algorithm is , , , , , , , , , or ; otherwise, false. The cryptographic algorithm. 2

Gets the size, in bits, of the public key associated with the X.509 certificate.

The size, in bits, of the public key associated with the X.509 certificate. 2

Represents a key identifier clause that identifies a security tokens using the distinguished name of the certificate issuer and the X.509 certificate's serial number.

Initializes a new instance of the class using the specified X.509 certificate.

An that contains the X.509 certificate. is null. 2

Initializes a new instance of the class using the specified distinguished name of the certificate issuer and the serial number of the X.509 certificate.

The distinguished name of the certificate authority that issued the X.509 certificate. Sets the value of the property. The serial number of the X.509 certificate. Sets the value of the property. is null.-or- is null. 2

Gets the distinguished name of the certificate authority that issued the X.509 certificate.

The distinguished name of the certificate authority that issued the X.509 certificate. 2

Gets the serial number of the X.509 certificate.

The serial number of the X.509 certificate. 2

Returns a value that indicates whether the key identifier for this instance matches the specified key identifier.

true if is a type and the key identifier clauses match; otherwise, false. A to compare to this instance. 2

Returns a value that indicates whether the key identifier for this instance matches the specified X.509 certificate.

true if has the same issuer name and issuer serial number as the current instance; otherwise, false. An that contains the X.509 certificate to compare. 2

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified issuer name and issuer serial number.

true if the and parameters match the and properties; otherwise, false. The distinguished name of the certificate authority that issued the X.509 certificate. The serial number of the X.509 certificate. 2

Returns the current object.

A that represents the current object. 2

Represents a key identifier clause that identifies a security token using the X.509 certificate's raw data.

Initializes a new instance of the class using the specified raw data of an X.509 certificate.

An array of that contains the raw data of an X.509 certificate. is null. is zero length. 2

Initializes a new instance of the class using the specified X.509 certificate.

An that contains the X.509 certificate. is null. 2

Gets a value that indicates whether a key can be created from the raw data of the X.509 certificate or byte array that is specified in the constructor.

true in all cases. 2

Creates a key from the raw data of the X.509 certificate or byte array that is specified in the constructor.

A that contains the key(s) associated with the X.509 certificate. 2

Gets the raw data associated with the X.509 certificate.

An array of that contains the raw data associated with the X.509 certificate. 2

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified X.509 certificate.

true if has the raw data that matches the current instance; otherwise, false. An that contains the X.509 certificate to compare. is null. 2

Returns the current object.

A that represents the current object. 2

Represents a security token that is based upon an X.509 certificate.

Initializes a new instance of the class using the specified X.509 certificate.

An that contains the X.509 certificate. Sets the property. is null. 2

Initializes a new instance of the class using the specified X.509 certificate and unique identifier.

An that contains the X.509 certificate. Sets the property. A unique identifier of the security token. Sets the property. is null.-or- is null. 2

Gets a value indicating whether this security token is capable of creating the specified key identifier.

true when is of type , , , or ; otherwise, false. A that specifies the key identifier to create. 2

Gets the X.509 certificate associated with the security token.

An that contains the X.509 certificate. 2

Creates the specified key identifier clause.

A that is a key identifier clause for the security token. A that specifies the key identifier to create. 2

Releases all resources used by the .

Gets a unique identifier of the security token.

A unique identifier of the security token. 2

Returns a value indicating whether the key identifier for this instance is equal to the specified key identifier.

true if is one of the , , , or types and the key identifier clauses match; otherwise, false. An to compare to this instance. 2

Gets the cryptographic keys associated with the security token.

A of type that contains the set of keys associated with the security token. 2

Throws an exception if the method has been called for this instance.

the method has been called for this instance.

Gets the first instant in time at which this security token is valid.

A that represents the instant in time at which this security token is first valid. 2

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid. 2

Represents a key identifier clause that identifies a security token using the X.509 certificate's subject key identifier extension.

Initializes a new instance of the class using the specified subject key identifier.

An array of that contains the subject key identifier. is null. 2

Gets a value that indicates whether a key identifier clause can be created for the specified X.509 certificate.

true if a key identifier clause can be created for ; otherwise, false. An that contains the X.509 certificate. is null. 2

Gets the subject key identifier.

An array of that contains the subject key identifier. 2

Returns a value that indicates whether the key identifier for this instance is equivalent to the key identifier of the specified X.509 certificate.

true if has the same subject key identifier as the current instance; otherwise, false. An that contains the X.509 certificate to compare. is null. 2

Returns a string that represents the current object.

A that represents the current object. 2

Creates a key identifier clause using the specified X.509 certificate.

true when a key identifier clause can be created for the specified X.509 certificate; otherwise, false. An to create the key identifier clause for. When this method returns, contains a that represents the key identifier clause. This parameter is passed uninitialized. is null. 2

Represents a key identifier clause that identifies a security tokens using the X.509 certificate's thumbprint.

Initializes a new instance of the class using the specified thumbprint for an X.509 certificate.

An array of that contains the thumbprint of the X.509 certificate. is null.-or- is zero length. 2

Initializes a new instance of the class using the specified X.509 certificate.

An that contains the X.509 certificate. is null. 2

Returns the thumbprint for the X.509 certificate.

An array of that contains the thumbprint of the X.509 certificate. 2

Returns a value that indicates whether the key identifier for this instance is equivalent to the specified X.509 certificate's thumbprint.

true if has the same thumbprint as the current instance; otherwise, false. An that contains the X.509 certificate to compare. 2

Returns a string that represents the current object.

A that represents the current object. 2

Represents a security token that is based upon an X.509 certificate and that the certificate is mapped to a Windows domain user or local computer user account.

Initializes a new instance of the class using the specified X.509 certificate and Windows domain or computer account.

An that contains the X.509 certificate. A that represents the identity of a Windows domain or computer account. 2

Initializes a new instance of the class using the specified X.509 certificate, Windows domain or computer account, and unique identifier.

An that contains the X.509 certificate. A that represents the identity of a Windows domain or computer account. A unique identifier of the security token. 2

Releases all resources used by the .

Gets the identity of a Windows domain or computer account.

A that represents the identity of a Windows domain or computer account. 2

Gets the first instant in time at which this security token is valid.

A that represents the instant in time at which this security token is first valid. 2

Gets the last instant in time at which this security token is valid.

A that represents the last instant in time at which this security token is valid. 2

Gets the Windows user associated with this security token.

A that represents a Windows user. 2

Represents the December 2007 version of the P-SHA1 key generation algorithm. This field is constant.