AuthorizationResult Class

  • Article

[WCF RIA Services Version 1 Service Pack 2 is compatible with either .NET framework 4 or .NET Framework 4.5, and with either Silverlight 4 or Silverlight 5.]

Contains the results of an authorization request.

Inheritance Hierarchy

System.Object
  System.ComponentModel.DataAnnotations.AuthorizationResult

Namespace:  System.ComponentModel.DataAnnotations
Assembly:  System.ServiceModel.DomainServices.Server (in System.ServiceModel.DomainServices.Server.dll)

Syntax

'Declaration
Public NotInheritable Class AuthorizationResult

'Usage
Dim instance As AuthorizationResult

public sealed class AuthorizationResult

public ref class AuthorizationResult sealed

[<SealedAttribute>]
type AuthorizationResult =  class end

public final class AuthorizationResult

The AuthorizationResult type exposes the following members.

Constructors

  Name Description
Public method AuthorizationResult Initializes a new instance of the AuthorizationResult class.

Top

Properties

  Name Description
Public property ErrorMessage Gets the error message describing why authorization was denied.

Top

Methods

  Name Description
Public method Equals (Inherited from Object.)
Protected method Finalize (Inherited from Object.)
Public method GetHashCode (Inherited from Object.)
Public method GetType (Inherited from Object.)
Protected method MemberwiseClone (Inherited from Object.)
Public method ToString (Inherited from Object.)

Top

Fields

  Name Description
Public fieldStatic member Allowed Indicates the requested operation is allowed.

Top

Remarks

You use the Allowed field to represent a successful authorization request. Any instance of this class that is not nulla null reference (Nothing in Visual Basic) or Allowed represents an authorization request that has been denied.

An instance of this class that contains nulla null reference (Nothing in Visual Basic) can indicate authorization approval. You should always use the Allowed value rather than nulla null reference (Nothing in Visual Basic).

Examples

The following example shows an implementation of the AuthorizationAttribute that uses an AuthorizationContext value to customize authentication.

Public Class CheckAttendeeNameAttribute
    Inherits System.Web.DomainServices.AuthorizationAttribute


    Public Overrides Function Authorize(ByVal principal As System.Security.Principal.IPrincipal) As Boolean
        If (principal.IsInRole("Attendee") And principal.Identity.Name.StartsWith("A")) Then
            Return True
        Else
            Return False
        End If
    End Function
End Class

Public Class RestrictAccessToAssignedManagers
    Inherits AuthorizationAttribute

    Protected Overrides Function IsAuthorized(ByVal principal As System.Security.Principal.IPrincipal, ByVal authorizationContext As System.ComponentModel.DataAnnotations.AuthorizationContext) As System.ComponentModel.DataAnnotations.AuthorizationResult
        Dim eph As EmployeePayHistory
        Dim selectedEmployee As Employee
        Dim authenticatedUser As Employee

        eph = CType(authorizationContext.Instance, EmployeePayHistory)

        Using context As New AdventureWorksEntities()
            selectedEmployee = context.Employees.SingleOrDefault(Function(e) e.EmployeeID = eph.EmployeeID)
            authenticatedUser = context.Employees.SingleOrDefault(Function(e) e.LoginID = principal.Identity.Name)
        End Using

        If (selectedEmployee.ManagerID = authenticatedUser.EmployeeID) Then
            Return AuthorizationResult.Allowed
        Else
            Return New AuthorizationResult("Only the authenticated manager for the employee can add a new record.")
        End If
    End Function
End Class

public class CheckAttendeeNameAttribute : System.Web.DomainServices.AuthorizationAttribute
{

    public override bool Authorize(System.Security.Principal.IPrincipal principal)
    {
        if (principal.IsInRole("Attendee") && principal.Identity.Name.StartsWith("A"))
        {
            return true;
        }
        else
        {
            return false;
        }
    }
}

public class RestrictAccessToAssignedManagers : AuthorizationAttribute
{
    protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext)
    {
        EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance;
        Employee selectedEmployee;
        Employee authenticatedUser;

        using (AdventureWorksEntities context = new AdventureWorksEntities())
        {
            selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID);
            authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name);
        }

        if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID)
        {
            return AuthorizationResult.Allowed;
        }
        else
        {
            return new AuthorizationResult("Only the authenticated manager for the employee can add a new record.");
        }
    }
}

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

See Also

Reference

System.ComponentModel.DataAnnotations Namespace