Extending the Security Application Block
| Retired Content |
|---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
| The latest Enterprise Library information can be found at the Enterprise Library site. |
You extend the application block through designated extension points. Typically, these are custom classes, written by you, that implement a particular interface or derive from an abstract class. Because these custom classes exist in your application space, you do not have to modify or rebuild the application block. Instead, you designate your extensions using configuration settings.
Currently, you can extend the Security Application Block by creating new providers in addition to those included in the application block, by implementing the interfaces defined within the application block. To help you create custom providers, the application block provides generic providers that you can use as a basis for your own functionality.
Creating an Authorization Provider
This procedure describes how to create a custom authorization provider class. The code example shows a framework you can use as a basis for the class.
To create a authorization provider class
- Create a new class that derives from the AuthorizationProvider class.
- Add the class attribute ConfigurationElementType. Specify the type CustomAuthorizationProviderData as the attribute parameter.
- Add a constructor that accepts an argument of type NameValueCollection.
- Implement the Authorize method. The Authorize method contains the authorization logic for the custom handler. When the method completes, it must return true if the user is authorized or false if the user is not authorized.
The following code example is a skeletal authorization provider class.
[ConfigurationElementType(typeof(CustomAuthorizationProviderData))]
public class MyAuthorizationProvider : AuthorizationProvider
{
public MyAuthorizationProvider(NameValueCollection configurationItems)
{
}
public override bool Authorize(IPrincipal principal, string context)
{
// Implement the authorization logic here.
}
}
'Usage
<ConfigurationElementType(GetType(CustomAuthorizationProviderData))> _
Public Class MyAuthorizationProvider
Inherits AuthorizationProvider
Public Sub New(ByVal ignore As NameValueCollection)
End Sub
Public Overrides Function Authorize (ByVal principal As IPrincipal, ByVal context As String) As Boolean
' Implement the authorization logic here.
End Function
End Class