通过

AuthorizationAttribute 类

  • 项目

充当用来通过自定义元数据控制授权的类的基类。

命名空间: System.ComponentModel.DataAnnotations
程序集: System.ServiceModel.DomainServices.Server(在 system.servicemodel.domainservices.server.dll 中)

用法

用法
Dim instance As AuthorizationAttribute

语法

声明
Public MustInherit Class AuthorizationAttribute
    Inherits Attribute

public abstract class AuthorizationAttribute : Attribute

public ref class AuthorizationAttribute abstract : public Attribute

public abstract class AuthorizationAttribute extends Attribute

public abstract class AuthorizationAttribute extends Attribute

示例

下面的示例演示 AuthorizationAttribute 类的实现。

Public Class RestrictAccessToAssignedManagers
    Inherits AuthorizationAttribute

    Protected Overrides Function IsAuthorized(ByVal principal As System.Security.Principal.IPrincipal, ByVal authorizationContext As System.ComponentModel.DataAnnotations.AuthorizationContext) As System.ComponentModel.DataAnnotations.AuthorizationResult
        Dim eph As EmployeePayHistory
        Dim selectedEmployee As Employee
        Dim authenticatedUser As Employee

        eph = CType(authorizationContext.Instance, EmployeePayHistory)
            
        Using context As New AdventureWorksEntities()
            selectedEmployee = context.Employees.SingleOrDefault(Function(e) e.EmployeeID = eph.EmployeeID)
            authenticatedUser = context.Employees.SingleOrDefault(Function(e) e.LoginID = principal.Identity.Name)
        End Using

        If (selectedEmployee.ManagerID = authenticatedUser.EmployeeID) Then
            Return AuthorizationResult.Allowed
        Else
            Return New AuthorizationResult("Only the authenticated manager for the employee can add a new record.")
        End If
    End Function
End Class

public class RestrictAccessToAssignedManagers : AuthorizationAttribute
{
    protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext)
    {
        EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance;
        Employee selectedEmployee;
        Employee authenticatedUser;

        using (AdventureWorksEntities context = new AdventureWorksEntities())
        {
            selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID);
            authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name);
        }

        if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID)
        {
            return AuthorizationResult.Allowed;
        }
        else
        {
            return new AuthorizationResult("Only the authenticated manager for the employee can add a new record.");
        }
    }
}

备注

可以创建从 AuthorizationAttribute 类派生的类以实现自定义的授权策略。在创建派生类时,必须在 IsAuthorized 方法中实现授权逻辑。IsAuthorized 方法包括 IPrincipal 对象和 AuthorizationContext 对象的参数。可以使用这些参数来确定用户是否获得授权。在派生类中,可以添加在特性声明中指定且在授权逻辑中使用的属性。可以将该特性应用于需要自定义授权策略的操作。

继承层次结构

System.Object
   System.Attribute
    System.ComponentModel.DataAnnotations.AuthorizationAttribute
       System.ServiceModel.DomainServices.Server.RequiresAuthenticationAttribute
       System.ServiceModel.DomainServices.Server.RequiresRoleAttribute

线程安全

此类型的任何公共静态(在 Visual Basic 中为 共享)成员都是线程安全的。不保证所有实例成员都是线程安全的。

平台

开发平台

Windows XP Home Edition, Windows XP Professional, Windows Server 2003 、Windows Server 2008 和 Windows 2000

目标平台

Change History

另请参见

参考

AuthorizationAttribute 成员
System.ComponentModel.DataAnnotations 命名空间