作法:檢查資訊安全內容
在進行 Windows Communication Foundation (WCF) 服務的程式設計時,服務安全性內容可讓您決定用來向服務進行驗證之用戶端認證及宣告的詳細資料。 這可藉由使用 ServiceSecurityContext 類別的屬性達成。
例如,您可以使用 PrimaryIdentity 或 WindowsIdentity 屬性擷取目前用戶端的識別。 若要判斷用戶端是否為匿名,請使用 IsAnonymous 屬性。
您也可以透過逐一查看 AuthorizationContext 屬性中的宣告集合,以判斷代表用戶端所進行的宣告為何。
取得目前的安全性內容
- 存取靜態屬性 Current,取得目前的安全性內容。 檢視來自參考之目前內容的任一屬性。
判斷呼叫端的識別
- 列印 PrimaryIdentity 和 WindowsIdentity 屬性的值。
剖析呼叫端的宣告
傳回目前的 AuthorizationContext 類別。 使用 Current 屬性傳回目前的服務安全性內容,然後使用
AuthorizationContext屬性傳回 AuthorizationContext。剖析 ClaimSet 類別的 ClaimSets 屬性所傳回的 AuthorizationContext 物件集合。
範例
以下範例會列印目前安全性內容以及 WindowsIdentity 屬性的 PrimaryIdentity 和 ClaimType 屬性值、宣告的資源值,以及目前安全性內容中的每一項 Right 屬性。
// Run this method from within a method protected by the PrincipalPermissionAttribute
// to see the security context data, including the primary identity.
public void WriteServiceSecurityContextData(string fileName)
{
using (StreamWriter sw = new StreamWriter(fileName))
{
// Write the primary identity and Windows identity. The primary identity is derived from
// the credentials used to authenticate the user. The Windows identity may be a null string.
sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);
sw.WriteLine();
// Write the claimsets in the authorization context. By default, there is only one claimset
// provided by the system.
foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
{
foreach (Claim claim in claimset)
{
// Write out each claim type, claim value, and the right. There are two
// possible values for the right: "identity" and "possessproperty".
sw.WriteLine("Claim Type = {0}", claim.ClaimType);
sw.WriteLine("\t Resource = {0}", claim.Resource.ToString());
sw.WriteLine("\t Right = {0}", claim.Right);
}
}
}
}
' Run this method from within a method protected by the PrincipalPermissionAttribute
' to see the security context data, including the primary identity.
Public Sub WriteServiceSecurityContextData(ByVal fileName As String)
Dim sw As New StreamWriter(fileName)
Try
' Write the primary identity and Windows identity. The primary identity is derived from
' the credentials used to authenticate the user. The Windows identity may be a null string.
sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name)
sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name)
sw.WriteLine()
' Write the claimsets in the authorization context. By default, there is only one claimset
' provided by the system.
Dim claimset As ClaimSet
For Each claimset In ServiceSecurityContext.Current.AuthorizationContext.ClaimSets
Dim claim As Claim
For Each claim In claimset
' Write out each claim type, claim value, and the right. There are two
' possible values for the right: "identity" and "possessproperty".
sw.WriteLine("Claim Type = {0}", claim.ClaimType)
sw.WriteLine(vbTab + " Resource = {0}", claim.Resource.ToString())
sw.WriteLine(vbTab + " Right = {0}", claim.Right)
Next claim
Next claimset
Finally
sw.Dispose()
End Try
End Sub
編譯程式碼
程式碼會使用下列命名空間: