How to: Create a Custom Issuer Name Registry

The following code shows how to create custom issuer name registries for the X509SecurityTokenHandler and for the Saml11SecurityTokenHandler. DBHelper.IsIssuerTokenValid is a placeholder for a helper method that validates the issuer token.

	Copy Code
using Microsoft.IdentityModel.Tokens; using System.IdentityModel.Tokens; class SampleIssuerNameRegistry : IssuerNameRegistry { // called by X509SecurityTokenHandler.Validate public override string GetIssuerName(SecurityToken securityToken) { if (!(securityToken is X509SecurityToken)) { throw new SecurityTokenValidationException("Invalid token."); } X509SecurityToken x509Token = securityToken as X509SecurityToken; // in the X509 case, the X509 token has no notion of issuer name bool issuerTokenValid = DBHelper.IsIssuerTokenValid(x509Token); if (!issuerTokenValid) { throw new SecurityTokenValidationException("Untrusted issuer token."); } return x509Token.Certificate.FriendlyName; } // called by Saml11SecurityTokenHandler.Validate and Saml2SecurityTokenHandler.Validate public override string GetIssuerName(SecurityToken securityToken, string requestedIssuerName) { bool issuerTokenValid = DBHelper.IsIssuerTokenValid(securityToken); if (!issuerTokenValid) { throw new SecurityTokenValidationException("Untrusted issuer token."); } return requestedIssuerName; } public override string GetWindowsIssuerName() { return "WINDOWS AUTHORITY"; } }

Copy Code

using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens;

class SampleIssuerNameRegistry : IssuerNameRegistry
{
	// called by X509SecurityTokenHandler.Validate
	public override string GetIssuerName(SecurityToken securityToken)
	{
		if (!(securityToken is X509SecurityToken))
		{
			throw new SecurityTokenValidationException("Invalid token.");
	}

		X509SecurityToken x509Token = securityToken as X509SecurityToken;

		// in the X509 case, the X509 token has no notion of issuer name
		bool issuerTokenValid = DBHelper.IsIssuerTokenValid(x509Token);

		if (!issuerTokenValid)
		{
			throw new SecurityTokenValidationException("Untrusted issuer token.");
	}

		return x509Token.Certificate.FriendlyName;
}

	// called by Saml11SecurityTokenHandler.Validate and Saml2SecurityTokenHandler.Validate
	public override string GetIssuerName(SecurityToken securityToken, string requestedIssuerName)
	{
		bool issuerTokenValid = DBHelper.IsIssuerTokenValid(securityToken);

		if (!issuerTokenValid)
		{
			throw new SecurityTokenValidationException("Untrusted issuer token.");
	}

		return requestedIssuerName;
}

	public override string GetWindowsIssuerName()
	{
		return "WINDOWS AUTHORITY";
}

}