共用方式為


ServiceSecurityContext 類別

定義

表示遠端一方的安全性內容。 在用戶端,表示服務身分識別,而在服務上,則表示用戶端身分識別。

public ref class ServiceSecurityContext
public class ServiceSecurityContext
type ServiceSecurityContext = class
Public Class ServiceSecurityContext
繼承
ServiceSecurityContext

範例

下列範例使用 ServiceSecurityContext 類別提供有關目前安全性內容的資訊。 程式碼會建立 StreamWriter 類別的執行個體,將資訊寫入檔案中。

// When this method runs, the caller must be an authenticated user
// and the ServiceSecurityContext is not a null instance.
public double Add(double n1, double n2)
{
    // Write data from the ServiceSecurityContext to a file using the StreamWriter class.
    using (StreamWriter sw = new StreamWriter(@"c:\ServiceSecurityContextInfo.txt"))
    {
        // Write the primary identity and Windows identity. The primary identity is derived from
        // the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);

        // Write the claimsets in the authorization context. By default, there is only one claimset
        // provided by the system.
        foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
        {
            foreach (Claim claim in claimset)
            {
                // Write out each claim type, claim value, and the right. There are two
                // possible values for the right: "identity" and "possessproperty".
                sw.WriteLine("Claim Type: {0}, Resource: {1} Right: {2}",
                    claim.ClaimType,
                    claim.Resource.ToString(),
                    claim.Right);
                sw.WriteLine();
            }
        }
    }
    return n1 + n2;
}
' When this method runs, the caller must be an authenticated user and the ServiceSecurityContext 
' is not a null instance. 
Public Function Add(ByVal n1 As Double, ByVal n2 As Double) As Double Implements ICalculator.Add
    ' Write data from the ServiceSecurityContext to a file using the StreamWriter class.
    Dim sw As New StreamWriter("c:\ServiceSecurityContextInfo.txt")
    Try
        ' Write the primary identity and Windows identity. The primary identity is derived from 
        ' the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name)
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name)

        ' Write the claimsets in the authorization context. By default, there is only one claimset
        ' provided by the system. 
        Dim claimset As ClaimSet
        For Each claimset In ServiceSecurityContext.Current.AuthorizationContext.ClaimSets
            Dim claim As Claim
            For Each claim In claimset
                ' Write out each claim type, claim value, and the right. There are two
                ' possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type: {0}, Resource: {1} Right: {2}", _
                claim.ClaimType, _
                claim.Resource.ToString(), _
                claim.Right)
                sw.WriteLine()
            Next claim
        Next claimset
    Finally
        sw.Dispose()
    End Try
    Return n1 + n2
End Function

下列範例示範使用 CheckAccessCore 來剖析一組宣告的 ServiceSecurityContext 方法的實作。

public class MyServiceAuthorizationManager : ServiceAuthorizationManager
{
    protected override bool CheckAccessCore(OperationContext operationContext)
    {
        // Extract the action URI from the OperationContext. Match this against the claims
        // in the AuthorizationContext.
        string action = operationContext.RequestContext.RequestMessage.Headers.Action;
        Console.WriteLine("action: {0}", action);

        // Iterate through the various claimsets in the AuthorizationContext.
        foreach(ClaimSet cs in operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets)
        {
            // Examine only those claim sets issued by System.
            if (cs.Issuer == ClaimSet.System)
            {
                // Iterate through claims of type "http://example.org/claims/allowedoperation".
                foreach (Claim c in cs.FindClaims("http://example.org/claims/allowedoperation",
                    Rights.PossessProperty))
                {
                    // Write the Claim resource to the console.
                    Console.WriteLine("resource: {0}", c.Resource.ToString());

                    // If the Claim resource matches the action URI then return true to allow access.
                    if (action == c.Resource.ToString())
                        return true;
                }
            }
        }

        // If this point is reached, return false to deny access.
         return false;
    }
}
Public Class MyServiceAuthorizationManager
    Inherits ServiceAuthorizationManager
    
    Protected Overrides Function CheckAccessCore(ByVal operationContext As OperationContext) As Boolean 
        ' Extract the action URI from the OperationContext. Match this against the claims
        ' in the AuthorizationContext.
        Dim action As String = operationContext.RequestContext.RequestMessage.Headers.Action
        Console.WriteLine("action: {0}", action)
        
        ' Iterate through the various claimsets in the authorizationcontext.
        Dim cs As ClaimSet
        For Each cs In  operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets
            ' Examine only those claim sets issued by System.
            If cs.Issuer Is ClaimSet.System Then
                ' Iterate through claims of type "http://example.org/claims/allowedoperation".
                Dim c As Claim
                For Each c In  cs.FindClaims("http://example.org/claims/allowedoperation", _
                        Rights.PossessProperty)
                    ' Write the Claim resource to the console.
                    Console.WriteLine("resource: {0}", c.Resource.ToString())
                    
                    ' If the Claim resource matches the action URI then return true to allow access.
                    If action = c.Resource.ToString() Then
                        Return True
                    End If
                Next c
            End If
        Next cs 
        ' If we get here, return false, denying access.
        Return False
    
    End Function 
End Class

備註

資料是訊息的 SecurityMessageProperty 的一部分。

使用此類別在執行時間取得遠端 安全性內容 的相關資訊。 當用戶端成功經過驗證,並獲授權可存取方法時,便會建立安全性內容。 當成功驗證並授權訊息時,便可以從這個類別的執行個體取得來自用戶端以及目前服務執行個體的安全性資訊。

您可以從 ServiceSecurityContext 類別的 Current 屬性擷取 OperationContext 的執行個體,或從服務作業方法中使用它,如下列範例所示。

剖析 ClaimSet

這個類別的常見用法是擷取目前的一組宣告,以便在用戶端存取某個方法時進行識別或授權。 ClaimSet 類別包含 Claim 物件的集合,且每個都可剖析以判斷是否有特定的宣告。 如果已提供指定的宣告,就可以授與授權。 這個功能是藉由覆寫 CheckAccessCore 類別的 ServiceAuthorizationManager 方法來提供的。 如需完整範例,請參閱 授權原則

請注意,在某些情況下,即使遠端用戶端經過驗證為匿名使用者,IsAuthenticated 介面的 IIdentity 屬性仍會傳回 true (屬性會 PrimaryIdentity 傳回 interface. IIdentity ) 下列情況必須成立,才能發生此情況:

  • 服務使用 Windows 驗證。

  • 服務允許匿名登入。

  • 系結是< customBinding >

  • 自訂繫結包含 <security> 項目。

  • 元素 <security> 包含< secureConversationBootstrap >,且 requireSecurityContextCancellation 屬性設定為 false

建構函式

ServiceSecurityContext(AuthorizationContext)

使用指定的授權參數,初始化 ServiceSecurityContext 類別的新執行個體。

ServiceSecurityContext(AuthorizationContext, ReadOnlyCollection<IAuthorizationPolicy>)

使用指定的授權參數和原則的集合,初始化 ServiceSecurityContext 類別的新執行個體。

ServiceSecurityContext(ReadOnlyCollection<IAuthorizationPolicy>)

使用原則物件的集合,初始化 ServiceSecurityContext 類別的新執行個體。

屬性

Anonymous

傳回 ServiceSecurityContext 類別的執行個體,包含通常用於表示匿名一方的宣告、識別和其他內容資料的空集合。

AuthorizationContext

取得這個類別的執行個體的授權資訊。 AuthorizationContext 包含 ClaimSet 的集合,應用程式可以質詢及擷取群體的資訊。

AuthorizationPolicies

取得與這個類別的執行個體關聯的原則集合。

Current

取得目前的 ServiceSecurityContext

IsAnonymous

取得值,這個值表示目前的用戶端是否已提供認證給服務。

PrimaryIdentity

取得與目前設定關聯的主要身分識別。

WindowsIdentity

取得目前設定的 Windows 身分識別。

方法

Equals(Object)

判斷指定的物件是否等於目前的物件。

(繼承來源 Object)
GetHashCode()

做為預設雜湊函式。

(繼承來源 Object)
GetType()

取得目前執行個體的 Type

(繼承來源 Object)
MemberwiseClone()

建立目前 Object 的淺層複製。

(繼承來源 Object)
ToString()

傳回代表目前物件的字串。

(繼承來源 Object)

適用於

另請參閱