Export (0) Print
Expand All

AuthorizationAttribute Class

WCF RIA Services

[WCF RIA Services Version 1 Service Pack 2 is compatible with either .NET framework 4 or .NET Framework 4.5, and with either Silverlight 4 or Silverlight 5.]

Serves as base class for classes that are used to control authorization through custom metadata.

Namespace:  System.ComponentModel.DataAnnotations
Assembly:  System.ServiceModel.DomainServices.Server (in System.ServiceModel.DomainServices.Server.dll)

public abstract class AuthorizationAttribute : Attribute

The AuthorizationAttribute type exposes the following members.

  NameDescription
Protected methodAuthorizationAttributeInitializes a new instance of the AuthorizationAttribute class.
Top

  NameDescription
Public propertyErrorMessageGets or sets the literal error message or resource key intended to be returned in an ErrorMessage.
Public propertyResourceTypeGets or sets the Type to use as the resource manager for ErrorMessage.
Public propertyTypeId (Inherited from Attribute.)
Top

  NameDescription
Public methodAuthorizeDetermines whether the given principal object is authorized to perform a specific operation described by the given AuthorizationContext.
Public methodEquals (Inherited from Attribute.)
Protected methodFinalize (Inherited from Object.)
Protected methodFormatErrorMessageGets the formatted error message for the current AuthorizationAttribute to present to the user.
Public methodGetHashCode (Inherited from Attribute.)
Public methodGetType (Inherited from Object.)
Protected methodIsAuthorizedImplementation specific method to determine whether the given IPrincipal object is authorized to perform a specific operation described by the given AuthorizationContext object.
Public methodIsDefaultAttribute (Inherited from Attribute.)
Public methodMatch (Inherited from Attribute.)
Protected methodMemberwiseClone (Inherited from Object.)
Public methodToString (Inherited from Object.)
Top

  NameDescription
Explicit interface implemetationPrivate method_Attribute.GetIDsOfNames (Inherited from Attribute.)
Explicit interface implemetationPrivate method_Attribute.GetTypeInfo (Inherited from Attribute.)
Explicit interface implemetationPrivate method_Attribute.GetTypeInfoCount (Inherited from Attribute.)
Explicit interface implemetationPrivate method_Attribute.Invoke (Inherited from Attribute.)
Top

You create a class that derives from the AuthorizationAttribute class to implement a customized authorization policy. When you create a derived class, you must implement the authorization logic in the IsAuthorized method. The IsAuthorized method includes parameters for an IPrincipal object and an AuthorizationContext object. You can use these parameters to determine if a user is authorized. In the derived class, you can add properties that are specified in the attribute declaration and used in the authorization logic. You apply the attribute to operations that need the customized authorization policy.

The following example shows an implementation of the AuthorizationAttribute class.

Public Class CheckAttendeeNameAttribute
    Inherits System.Web.DomainServices.AuthorizationAttribute


    Public Overrides Function Authorize(ByVal principal As System.Security.Principal.IPrincipal) As Boolean
        If (principal.IsInRole("Attendee") And principal.Identity.Name.StartsWith("A")) Then
            Return True
        Else
            Return False
        End If
    End Function
End Class


public class CheckAttendeeNameAttribute : System.Web.DomainServices.AuthorizationAttribute
{

    public override bool Authorize(System.Security.Principal.IPrincipal principal)
    {
        if (principal.IsInRole("Attendee") && principal.Identity.Name.StartsWith("A"))
        {
            return true;
        }
        else
        {
            return false;
        }
    }
}


public class RestrictAccessToAssignedManagers : AuthorizationAttribute
{
    protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext)
    {
        EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance;
        Employee selectedEmployee;
        Employee authenticatedUser;

        using (AdventureWorksEntities context = new AdventureWorksEntities())
        {
            selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID);
            authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name);
        }

        if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID)
        {
            return AuthorizationResult.Allowed;
        }
        else
        {
            return new AuthorizationResult("Only the authenticated manager for the employee can add a new record.");
        }
    }
}


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft