问题描述
我正在使用自定义 UserNameSecurityTokenHandler 派生类创建自定义 STS.在客户端,我向 RequestSecurityToken 的 AdditionalContext 属性添加了一些额外信息,令牌处理程序需要完全验证这些信息(除了用户名和密码).
I am creating a custom STS using a custom UserNameSecurityTokenHandler derived class. In the client, I am adding some additional information to the AdditionalContext property of the RequestSecurityToken that the Token Handler needs to fully authenticate (in addition to User Name & Password).
我认为 RequestSecurityToken 必须在我的令牌处理程序中的某处对我可用,但我找不到它.我已经使用 Reflector 浏览了代码,但这也无济于事.
I assume that the RequestSecurityToken must be available to me somewhere in my Token Handler, but I cannot locate it. I've prowled through the code with Reflector, but that has not helped either.
我如何获得这些信息?
提前致谢.
大卫·穆林
推荐答案
事实证明我混淆了两个不相关的事情.UserNameSecurityTokenHandler 类用于验证 UserName/Password Client Credentials,然后作为Current Principal"流入 STS.
It turns out that I was confusing two unrelated things. The UserNameSecurityTokenHandler class is for authenticating the UserName/Password Client Credentials, which then flows into the STS as the "Current Principal".
所以,没关系.
这篇关于从 UserNameSecurityTokenHandler 内部访问 RequestSecurityToken 的 AdditionalContext的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!