I have a class library in SharePoint 2013 and the SharePoint site is configured for FBA with SQL. The scenario is that, there is no use of SharePoint UI. So, SharePoint is essentially used as a kind of back end. So, for authenticating a user, we get the
user name, password and URL for the first request. We are generating the Security Token using the following syntax.
System.IdentityModel.Tokens.SecurityToken token = SPSecurityContext.SecurityTokenForFormsAuthentication(new Uri(url), customMembershipProviderName, roleProviderName, userName, password, spFormsAuthOption)
This token needs to be serializable, deserializable and also I should be able to validate the user again with this token. Can anyone please guide me?
Unfortunately, the token is not serializable or deserializable using any serializer like DataContractSerializer or XMLSerializer or JSONSerializer. That's where the challenge is. Also, once I get the token back, how can I validate the token (i.e., validate
the user based on the token again, since it won't have password). I tried searching for it and found some articles which talk about Custom Token and Custom Token Handler. But it is not very clear, how to do it completely(including deploying and configuring).
Also, I am trying to avoid that much of customization, since I am worried, it might break something. Also, if I create custom token, how can I generate that custom token while validating the user? Will the above line of code still work (SPSecurityContext.SecurityTokenForFormsAuthentication)
and will it still return the custom token object? Please advise.
Also, can anyone tell me how to retrieve the Token from the Token Cache, using the Token ID? I think there is a class called SPTokenCache in Microsoft.SharePoint.IdentityModel.dll, but I don't see any documentation or implementation anywhere. Any help will be highly appreciated.