Processing the Token
The token string is in the form of an <EncryptedData>
section. It is encrypted with the public key portion of
the siteâs SSL certificate. The code to decrypt it therefore must have access to the siteâs
private key. Specifically, the ASP.NET account will need permissions to access the private
key from the certificate store.
The code to decrypt the token is lengthy and a topic in itself, so Iâll let you look at the code sample for those details. After the token is decrypted, youâll find that you are working with a SAML token that has a set of claims inside. The claims are exactly those you requested, shown in Example B-1 and Example B-2. In this example, the claims include a personal private identifier (PPID) and an email addressâbut there is a complete list of valid claims in the CardSpace specification, and this can be extended for managed cards.
Once you have decrypted the token and verified that it includes the claims you requested, it is time to authenticate.
Get Learning WCF now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.