AuthorizationContext 类

定义

命名空间:

System.IdentityModel.Policy

程序集:

System.ServiceModel.Primitives.dll

包:

System.ServiceModel.Primitives v6.2.0

Source:

AuthorizationContext.cs

可以通过已发送消息中的令牌，以及通过调用 GetAuthorizationPolicies(OperationContext) 方法获取对所有授权策略进行评估的结果。

public ref class AuthorizationContext abstract : System::IdentityModel::Policy::IAuthorizationComponent

public abstract class AuthorizationContext : System.IdentityModel.Policy.IAuthorizationComponent

type AuthorizationContext = class
    interface IAuthorizationComponent

Public MustInherit Class AuthorizationContext
Implements IAuthorizationComponent

继承

Object

AuthorizationContext

实现

IAuthorizationComponent

示例

protected override bool CheckAccessCore(OperationContext operationContext)
{
    // Extract the action URI from the OperationContext. Match this against the claims
    // in the AuthorizationContext.
    string action = operationContext.RequestContext.RequestMessage.Headers.Action;
    Console.WriteLine("action: {0}", action);

    // Iterate through the various claim sets in the AuthorizationContext.
    foreach(ClaimSet cs in operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets)
    {
        // Examine only those claim sets issued by System.
        if (cs.Issuer == ClaimSet.System)
        {
            // Iterate through claims of type "http://example.org/claims/allowedoperation".
            foreach (Claim c in cs.FindClaims("http://example.org/claims/allowedoperation", Rights.PossessProperty))
            {
                // Write the Claim resource to the console.
                Console.WriteLine("resource: {0}", c.Resource.ToString());

                // If the Claim resource matches the action URI then return true to allow access.
                if (action == c.Resource.ToString())
                    return true;
            }
        }
    }

    // If this point is reached, return false to deny access.
    return false;
}

Protected Overrides Function CheckAccessCore(ByVal operationContext As OperationContext) As Boolean
    ' Extract the action URI from the OperationContext. Match this against the claims
    ' in the AuthorizationContext.
    Dim action As String = operationContext.RequestContext.RequestMessage.Headers.Action
    Console.WriteLine("action: {0}", action)

    ' Iterate through the various claim sets in the AuthorizationContext.
    Dim cs As ClaimSet
    For Each cs In operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets
        ' Examine only those claim sets issued by System.
        If cs.Issuer Is ClaimSet.System Then
            ' Iterate through claims of type "http://example.org/claims/allowedoperation".
            Dim c As Claim
            For Each c In cs.FindClaims("http://example.org/claims/allowedoperation", Rights.PossessProperty)
                ' Write the Claim resource to the console.
                Console.WriteLine("resource: {0}", c.Resource.ToString())

                ' If the Claim resource matches the action URI then return true to allow access.
                If action = c.Resource.ToString() Then
                    Return True
                End If
            Next c
        End If
    Next cs
    ' If we get here, return false, denying access.
    Return False

End Function

注解

在授权管理器中对所有授权策略进行评估时，会生成一组 ClaimSet 对象。 这些对象构成了一个授权上下文。

授权上下文包含一组声明集对象，一个过期时间（指定授权上下文的有效期）和一个唯一标识符。

可通过 AuthorizationContext 属性访问当前操作的 AuthorizationContext。

构造函数

AuthorizationContext()

初始化 AuthorizationContext 类的新实例。

属性

ClaimSets	获取与授权策略关联的声明集。
ExpirationTime	获取此 AuthorizationContext 对象不再有效的日期和时间。
Id	获取此 AuthorizationContext 对象的唯一标识符。
Properties	获取与此 AuthorizationContext 对象关联的非声明属性的集合。

方法

CreateDefaultAuthorizationContext(IList<IAuthorizationPolicy>)	对所有指定的授权策略进行评估并创建一个 AuthorizationContext。
Equals(Object)	确定指定对象是否等于当前对象。 (继承自 Object)
GetHashCode()	作为默认哈希函数。 (继承自 Object)
GetType()	获取当前实例的 Type。 (继承自 Object)
MemberwiseClone()	创建当前 Object 的浅表副本。 (继承自 Object)
ToString()	返回表示当前对象的字符串。 (继承自 Object)