ISecurityNamespaceExtension Interface
Implement this interface if you want to extend your security namespace.
Note that a given security namespace can only have one extension.
Namespace: Microsoft.TeamFoundation.Framework.Server
Assembly: Microsoft.TeamFoundation.Framework.Server (in Microsoft.TeamFoundation.Framework.Server.dll)
Syntax
'Declaration
<InheritedExportAttribute> _
Public Interface ISecurityNamespaceExtension
[InheritedExportAttribute]
public interface ISecurityNamespaceExtension
[InheritedExportAttribute]
public interface class ISecurityNamespaceExtension
[<InheritedExportAttribute>]
type ISecurityNamespaceExtension = interface end
public interface ISecurityNamespaceExtension
The ISecurityNamespaceExtension type exposes the following members.
Properties
| Name | Description | |
|---|---|---|
.gif "Public property") |
AlwaysAllowAdministrators | This flag is used to determine whether admin has implicit right to update the security namespace. |
|
SecurityNamespace | After the security namespace extension is constructed and before any methods are called on it the security namespace for the extension will be set. |
Top
Methods
| Name | Description | |
|---|---|---|
.gif "Public method") |
CheckReadPermission | Evaluates whether the given user should be able to read the permissions for the given token. Note that implementing this function will cause the ReadPermission defined in the namespace not to be checked. If you want to implement this interface and still have those checked then make sure to derive from the DefaultSecurityNamespaceExtension and not override this method. This method should throw some type of access exception if the user does not have read permission on this token. |
|
CheckWritePermission | Evaluates whether the given user should be able to change permissions. Note that implementing this function will cause the WritePermission defined in the namespace not to be checked. If you want to implement this interface and still have those checked then make sure to derive from the DefaultSecurityNamespaceExtension and not override this method. It is expected that this function will throw if the caller should not be able to write permissions |
|
HandleIncomingToken | Allows the implementor to validate or change the incoming token. These functions will only be called when tokens are coming in from the Web service. |
|
HandleOutgoingToken | Allows the implementor to validate or change the outgoing token. These functions will only be called when tokens will be going over the Web service. |
|
HasPermission | This will be called every time that a permission decision is being made and allows the implementor to override the preliminary decision. Note, if a PermissionEvaluationCallback is provided to the function, it will override this decision. |
|
HasReadPermission | Evaluates whether the given user should be able to read the permissions for the given token. Note that implementing this function will cause the ReadPermission defined in the namespace not to be checked. If you want to implement this interface and still have those checked, then make sure to derive from the DefaultSecurityNamespaceExtension and not override this method. |
|
HasWritePermission | Evaluates whether the given user should be able to change permissions. Note that implementing this function will cause the WritePermission defined in the namespace not to be checked. If you want to implement this interface and still have those checked then make sure to derive from the DefaultSecurityNamespaceExtension and not override this method. It is expected that this function will not throw if the caller should not be able to write permissions. |
|
QueryEffectivePermissions | Called each time the security namespace is about to return effective permissions to either the server API or the web service. This allows the implementor to modify the final result. |
|
QueryPermissions | Called each time the security namespace is about to return AccessControlLists to either the server API or to the web service. This allows the implementor to modify any of the ACLs that are being returned. |
|
ThrowAccessDeniedException | Implementing this function allows the implementer to throw there own type of exception when AccessDenied exceptions need to be thrown. If this method does not throw an exception the standard AccessCheckException will be thrown. |
Top