AuthorizationAttribute 類別

當做類別的基底類別，這些類別是用來透過自訂中繼資料控制授權。

命名空間: System.ComponentModel.DataAnnotations
組件: System.ServiceModel.DomainServices.Server (於 system.servicemodel.domainservices.server.dll)

使用方式

'用途
Dim instance As AuthorizationAttribute

語法

'宣告
Public MustInherit Class AuthorizationAttribute
    Inherits Attribute

public abstract class AuthorizationAttribute : Attribute

public ref class AuthorizationAttribute abstract : public Attribute

public abstract class AuthorizationAttribute extends Attribute

public abstract class AuthorizationAttribute extends Attribute

範例

下列範例示範 AuthorizationAttribute 類別的實作。

Public Class RestrictAccessToAssignedManagers
    Inherits AuthorizationAttribute

    Protected Overrides Function IsAuthorized(ByVal principal As System.Security.Principal.IPrincipal, ByVal authorizationContext As System.ComponentModel.DataAnnotations.AuthorizationContext) As System.ComponentModel.DataAnnotations.AuthorizationResult
        Dim eph As EmployeePayHistory
        Dim selectedEmployee As Employee
        Dim authenticatedUser As Employee

        eph = CType(authorizationContext.Instance, EmployeePayHistory)
            
        Using context As New AdventureWorksEntities()
            selectedEmployee = context.Employees.SingleOrDefault(Function(e) e.EmployeeID = eph.EmployeeID)
            authenticatedUser = context.Employees.SingleOrDefault(Function(e) e.LoginID = principal.Identity.Name)
        End Using

        If (selectedEmployee.ManagerID = authenticatedUser.EmployeeID) Then
            Return AuthorizationResult.Allowed
        Else
            Return New AuthorizationResult("Only the authenticated manager for the employee can add a new record.")
        End If
    End Function
End Class

public class RestrictAccessToAssignedManagers : AuthorizationAttribute
{
    protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext)
    {
        EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance;
        Employee selectedEmployee;
        Employee authenticatedUser;

        using (AdventureWorksEntities context = new AdventureWorksEntities())
        {
            selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID);
            authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name);
        }

        if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID)
        {
            return AuthorizationResult.Allowed;
        }
        else
        {
            return new AuthorizationResult("Only the authenticated manager for the employee can add a new record.");
        }
    }
}

備註

您會建立一個衍生自 AuthorizationAttribute 類別的類別來實作自訂授權原則。當您建立衍生類別時，您必須在 IsAuthorized 方法中實作授權邏輯。IsAuthorized 方法包含 IPrincipal 物件和 AuthorizationContext 物件的參數。您可以使用這些參數來判斷是否授權某個使用者。在衍生類別中，您可以加入屬性 (Attribute) 宣告中所指定及授權邏輯中所使用的屬性 (Property)。您會將此屬性 (Attribute) 套用至需要自訂授權原則的作業。

繼承階層

System.Object
   System.Attribute
    System.ComponentModel.DataAnnotations.AuthorizationAttribute
       System.ServiceModel.DomainServices.Server.RequiresAuthenticationAttribute
       System.ServiceModel.DomainServices.Server.RequiresRoleAttribute

執行緒安全性

任何這個類型的公用靜態 (在 Visual Basic 中為 共用) 成員都具備執行緒安全。 不保證任何執行個體成員安全執行緒。

平台

開發平台

Windows XP Home Edition, Windows XP Professional, Windows Server 2003 、Windows Server 2008 和 Windows 2000

目標平台

Change History

另請參閱

參考

AuthorizationAttribute 成員
System.ComponentModel.DataAnnotations 命名空間