Export (0) Print
Expand All

ServiceAuthorizationManager.CheckAccess Method (OperationContext)

Checks authorization for the given operation context.

Namespace:  System.ServiceModel
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

public virtual bool CheckAccess(
	OperationContext operationContext


Type: System.ServiceModel.OperationContext

The OperationContext.

Return Value

Type: System.Boolean
true if access is granted; otherwise; otherwise false. The default is true.

In general, applications should override CheckAccessCore instead of this method.

Override CheckAccess if the application associates or introduces a different set of policies for the resulting ServiceSecurityContext or provide a different policy evaluation (chaining) model.

This method is responsible for calling CheckAccessCore.

The following code shows how to override this method to enforce custom access control requirements.

public class myServiceAuthorizationManager : ServiceAuthorizationManager 
    // Override the CheckAccess method to enforce access control requirements. 
    public override bool CheckAccess(OperationContext operationContext)
        AuthorizationContext authContext =
        if (authContext.ClaimSets == null) return false;
        if (authContext.ClaimSets.Count != 1) return false;
        ClaimSet myClaimSet = authContext.ClaimSets[0];
        if (!IssuedBySTS_B(myClaimSet)) return false;
        if (myClaimSet.Count != 1) return false;
        Claim myClaim = myClaimSet[0];
        if (myClaim.ClaimType ==
            string resource = myClaim.Resource as string;
            if (resource == null) return false;
            if (resource != "true") return false;
            return true;
        else return false;

    // This helper method checks whether SAML Token was issued by STS-B.      
    // It compares the Thumbprint Claim of the Issuer against the  
    // Certificate of STS-B.  
    private bool IssuedBySTS_B(ClaimSet myClaimSet)
        ClaimSet issuerClaimSet = myClaimSet.Issuer;
        if (issuerClaimSet == null) return false;
        if (issuerClaimSet.Count != 1) return false;
        Claim issuerClaim = issuerClaimSet[0];
        if (issuerClaim.ClaimType != ClaimTypes.Thumbprint)
            return false;
        if (issuerClaim.Resource == null) return false;
        byte[] claimThumbprint = (byte[])issuerClaim.Resource;
        // It is assumed that stsB_Certificate is a variable of type  
        // X509Certificate2 that is initialized with the Certificate of  
        // STS-B.
        X509Certificate2 stsB_Certificate = GetStsBCertificate();
        byte[] certThumbprint = stsB_Certificate.GetCertHash();
        if (claimThumbprint.Length != certThumbprint.Length)
            return false;
        for (int i = 0; i < claimThumbprint.Length; i++)
            if (claimThumbprint[i] != certThumbprint[i]) return false;
        return true;

.NET Framework

Supported in: 4.5, 4, 3.5, 3.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

© 2014 Microsoft