从 UserNameSecurityTokenHandler 内部访问 RequestSecurityToken 的 AdditionalContext [英] Accessing AdditionalContext of RequestSecurityToken from inside UserNameSecurityTokenHandler

问题描述

我正在使用自定义 UserNameSecurityTokenHandler 派生类创建自定义 STS.在客户端，我向 RequestSecurityToken 的 AdditionalContext 属性添加了一些额外信息，令牌处理程序需要完全验证这些信息(除了用户名和密码).

I am creating a custom STS using a custom UserNameSecurityTokenHandler derived class. In the client, I am adding some additional information to the AdditionalContext property of the RequestSecurityToken that the Token Handler needs to fully authenticate (in addition to User Name & Password).

我认为 RequestSecurityToken 必须在我的令牌处理程序中的某处对我可用，但我找不到它.我已经使用 Reflector 浏览了代码，但这也无济于事.

I assume that the RequestSecurityToken must be available to me somewhere in my Token Handler, but I cannot locate it. I've prowled through the code with Reflector, but that has not helped either.

我如何获得这些信息?

提前致谢.

大卫·穆林

推荐答案

事实证明我混淆了两个不相关的事情.UserNameSecurityTokenHandler 类用于验证 UserName/Password Client Credentials，然后作为Current Principal"流入 STS.

It turns out that I was confusing two unrelated things. The UserNameSecurityTokenHandler class is for authenticating the UserName/Password Client Credentials, which then flows into the STS as the "Current Principal".

所以，没关系.

这篇关于从 UserNameSecurityTokenHandler 内部访问 RequestSecurityToken 的 AdditionalContext的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！