I'm implementing a custom UserNameSecurityTokenHandler which validates a request token based on 3 things: username, password, and the AppliesTo value of a RequestSecurityToken. While the username and password values are available for me to use, I have found no way to get the AppliesTo value by the time the ValidateToken method is called. I couldn't find an extensible point where I can get that value before execution of the ValidateToken. Could anyway please tell me if it is possible to do so? Or what alternatives can I have? Thank you very much!
public override ClaimsIdentityCollection ValidateToken(SecurityToken token)
{
UserNameSecurityToken userNameToken = token as UserNameSecurityToken;
if (userNameToken == null)
{
throw new ArgumentException("The security token is not a valid username security token.", "token");
}
string userName = userNameToken.UserName;
string password = userNameToken.Password;
// Oops, how to get the AppliesTo value?
}
AppliesTo is part of the token request. Not the credentials. So I see no way of accessing it inside a token handler.