Defines the base implementation for a claims authorization manager.
Assembly: Microsoft.IdentityModel (in Microsoft.IdentityModel.dll)
The claims authorization manager provides an extensibility point from which you can authorize access to a resource based on the claims presented in a token, before your RP application is called. The default implementation provided by the ClaimsAuthorizationManager class authorizes access for each claim presented; however, you can derive from this class and override the CheckAccess method to provide your own authorization logic.
The use of a claims authorization manager is optional. You can configure your application to use a claims authorization manager either programmatically by using the ServiceConfiguration class or in configuration with the <claimsAuthorizationManager> element (which is a subelement of the <applicationService> element). Configuring your application to use a claims authorization manager ensures that it will be invoked by Windows® Identity Foundation (WIF) from the request pipeline to authorize the claims presented by a principal. If your application is configured with a claims authorization manager, you can also invoke it programmatically or declaratively to protect access to sections of code by using the ClaimsPrincipalPermission or the ClaimsPrincipalPermissionAttribute class.
For more information about using a claims authorization manager, see ClaimsAuthenticationManager, ClaimsAuthorizationManager, and OriginalIssuer.
You can also consult the SDK samples for examples of the use of custom authorization managers. The Claims Based Authorization SDK sample in the <Installation Directory>\Windows Identity Foundation SDK\<Version>\Samples\Extensibility directory shows how to invoke the claims authorization manager to authorize access for protected sections of code and also shows how to implement reading policy from configuration for a claims authorization manager. Some of the samples in the <Installation Directory>\Windows Identity Foundation SDK\<Version>\Samples\End-to-end directory show how to use a custom authorization manager in a WIF application.
Target PlatformsWindows 7, Windows Server 2008 R2, Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2003 SP2 (32-bit or 64-bit)
Copyright © 2008 by Microsoft Corporation. All rights reserved.