AuthorizationContext 类
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
可以通过已发送消息中的令牌,以及通过调用 GetAuthorizationPolicies(OperationContext) 方法获取对所有授权策略进行评估的结果。
public ref class AuthorizationContext abstract : System::IdentityModel::Policy::IAuthorizationComponentpublic abstract class AuthorizationContext : System.IdentityModel.Policy.IAuthorizationComponenttype AuthorizationContext = class
interface IAuthorizationComponentPublic MustInherit Class AuthorizationContext
Implements IAuthorizationComponent- 继承
-
AuthorizationContext
- 实现
示例
protected override bool CheckAccessCore(OperationContext operationContext)
{
// Extract the action URI from the OperationContext. Match this against the claims
// in the AuthorizationContext.
string action = operationContext.RequestContext.RequestMessage.Headers.Action;
Console.WriteLine("action: {0}", action);
// Iterate through the various claim sets in the AuthorizationContext.
foreach(ClaimSet cs in operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets)
{
// Examine only those claim sets issued by System.
if (cs.Issuer == ClaimSet.System)
{
// Iterate through claims of type "http://example.org/claims/allowedoperation".
foreach (Claim c in cs.FindClaims("http://example.org/claims/allowedoperation", Rights.PossessProperty))
{
// Write the Claim resource to the console.
Console.WriteLine("resource: {0}", c.Resource.ToString());
// If the Claim resource matches the action URI then return true to allow access.
if (action == c.Resource.ToString())
return true;
}
}
}
// If this point is reached, return false to deny access.
return false;
}
Protected Overrides Function CheckAccessCore(ByVal operationContext As OperationContext) As Boolean
' Extract the action URI from the OperationContext. Match this against the claims
' in the AuthorizationContext.
Dim action As String = operationContext.RequestContext.RequestMessage.Headers.Action
Console.WriteLine("action: {0}", action)
' Iterate through the various claim sets in the AuthorizationContext.
Dim cs As ClaimSet
For Each cs In operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets
' Examine only those claim sets issued by System.
If cs.Issuer Is ClaimSet.System Then
' Iterate through claims of type "http://example.org/claims/allowedoperation".
Dim c As Claim
For Each c In cs.FindClaims("http://example.org/claims/allowedoperation", Rights.PossessProperty)
' Write the Claim resource to the console.
Console.WriteLine("resource: {0}", c.Resource.ToString())
' If the Claim resource matches the action URI then return true to allow access.
If action = c.Resource.ToString() Then
Return True
End If
Next c
End If
Next cs
' If we get here, return false, denying access.
Return False
End Function
注解
在授权管理器中对所有授权策略进行评估时,会生成一组 ClaimSet 对象。 这些对象构成了一个授权上下文。
授权上下文包含一组声明集对象,一个过期时间(指定授权上下文的有效期)和一个唯一标识符。
可通过 AuthorizationContext 属性访问当前操作的 AuthorizationContext。
构造函数
| AuthorizationContext() |
初始化 AuthorizationContext 类的新实例。 |
属性
| ClaimSets |
获取与授权策略关联的声明集。 |
| ExpirationTime |
获取此 AuthorizationContext 对象不再有效的日期和时间。 |
| Id |
获取此 AuthorizationContext 对象的唯一标识符。 |
| Properties |
获取与此 AuthorizationContext 对象关联的非声明属性的集合。 |
方法
| CreateDefaultAuthorizationContext(IList<IAuthorizationPolicy>) |
对所有指定的授权策略进行评估并创建一个 AuthorizationContext。 |
| Equals(Object) |
确定指定对象是否等于当前对象。 (继承自 Object) |
| GetHashCode() |
作为默认哈希函数。 (继承自 Object) |
| GetType() |
获取当前实例的 Type。 (继承自 Object) |
| MemberwiseClone() |
创建当前 Object 的浅表副本。 (继承自 Object) |
| ToString() |
返回表示当前对象的字符串。 (继承自 Object) |
