Claim Class (System.IdentityModel.Claims)

Switch on low bandwidth view

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

.NET Framework Class Library

Claim Class

Represents a claim that is associated with an entity.

Namespace: System.IdentityModel.Claims
Assembly: System.IdentityModel (in System.IdentityModel.dll)

Syntax

Visual Basic (Declaration)

<DataContractAttribute(Namespace := "http://schemas.xmlsoap.org/ws/2005/05/identity")> _
Public Class Claim

Visual Basic (Usage)

Dim instance As Claim

[DataContractAttribute(Namespace = "http://schemas.xmlsoap.org/ws/2005/05/identity")]
public class Claim

Visual C++

[DataContractAttribute(Namespace = L"http://schemas.xmlsoap.org/ws/2005/05/identity")]
public ref class Claim

JScript

public class Claim

Remarks

The Identity Model is a claims-based authorization system. Claims describe the capabilities associated with some entity in the system, often a user of that system. The set of claims associated with a given entity can be thought of as a key. The particular claims define the shape of that key; much like a physical key is used to open a lock in a door. In this way, claims are used to gain access to resources. Access to a given protected resource is determined by comparing the claims required to access that resource with the claims associated with the entity that attempts access.

A claim is the expression of a right with respect to a particular value. A right could be read, write, or possess. A value could be a database, a file, a mailbox, or a property. Claims also have a claim type. The combination of claim type and right provides the mechanism for capabilities being specified with respect to the value. For example, a claim of type file with the right read over the value biography.doc indicates that the entity with such a claim has read access to the file biography.doc. A claim of type name with the right PossessProperty over the value Martin indicates that the entity with the claim possesses a Name property with the value Martin.

Although various claim types and rights are defined as part of Identity Model, the system is extensible. The various systems building on top of the Identity Model infrastructure can define claim types and rights as required.

Examples

Visual Basic

' Run this method from within a method protected by the PrincipalPermissionAttribute
' to see the security context data, including the primary identity.
Public Sub WriteServiceSecurityContextData(ByVal fileName As String)
    Dim sw As New StreamWriter(fileName)
    Try
        ' Write the primary identity and Windows identity. The primary identity is derived from the
        ' the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name)
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name)
        sw.WriteLine()
        ' Write the claimsets in the authorization context. By default, there is only one claimset
        ' provided by the system. 
        Dim claimset As ClaimSet
        For Each claimset In ServiceSecurityContext.Current.AuthorizationContext.ClaimSets
            Dim claim As Claim
            For Each claim In claimset
                ' Write out each claim type, claim value, and the right. There are two
                ' possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type = {0}", claim.ClaimType)
                sw.WriteLine(vbTab + " Resource = {0}", claim.Resource.ToString())
                sw.WriteLine(vbTab + " Right = {0}", claim.Right)
            Next claim
        Next claimset
    Finally
        sw.Dispose()
    End Try

End Sub

// Run this method from within a method protected by the PrincipalPermissionAttribute
// to see the security context data, including the primary identity.
public void WriteServiceSecurityContextData(string fileName)
{
    using (StreamWriter sw = new StreamWriter(fileName))
    {
        // Write the primary identity and Windows identity. The primary identity is derived from the
        // the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);
        sw.WriteLine();
        // Write the claimsets in the authorization context. By default, there is only one claimset
        // provided by the system. 
        foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
        {
            foreach (Claim claim in claimset)
            {
                // Write out each claim type, claim value, and the right. There are two
                // possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type = {0}", claim.ClaimType);
                sw.WriteLine("\t Resource = {0}", claim.Resource.ToString());
                sw.WriteLine("\t Right = {0}", claim.Right);
            }
        }
    }
}

Inheritance Hierarchy

System..::.Object
System.IdentityModel.Claims..::.Claim

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Version Information

.NET Framework

Supported in: 3.5, 3.0

Reference

Claim Members

System.IdentityModel.Claims Namespace