ClaimsPrincipalPermission Class

  • Article

[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

Represents the permission required to access a resource.

Namespace: Microsoft.IdentityModel.Claims
Assembly: Microsoft.IdentityModel (in Microsoft.IdentityModel.dll)

Usage

'Usage
Dim instance As ClaimsPrincipalPermission

Syntax

'Declaration
<SerializableAttribute> _
Public NotInheritable Class ClaimsPrincipalPermission
    Implements IPermission, ISecurityEncodable, IUnrestrictedPermission

[SerializableAttribute] 
public sealed class ClaimsPrincipalPermission : IPermission, ISecurityEncodable, IUnrestrictedPermission

[SerializableAttribute] 
public ref class ClaimsPrincipalPermission sealed : IPermission, ISecurityEncodable, IUnrestrictedPermission

/** @attribute SerializableAttribute() */ 
public final class ClaimsPrincipalPermission implements IPermission, ISecurityEncodable, 
    IUnrestrictedPermission

SerializableAttribute 
public final class ClaimsPrincipalPermission implements IPermission, ISecurityEncodable, 
    IUnrestrictedPermission

Example

The following example demonstrates how to use the ClaimsPrincipalPermission class to perform access checks. It also demonstrates the use of the ClaimsPrincipalPermissionAttribute class. For a more complete example, see the Claims based Authorization sample in the Windows® Identity Foundation (WIF) SDK.

using System;
using System.Security.Permissions;
using System.Security.Principal;
using System.Threading;
using Microsoft.IdentityModel.Claims;

namespace ClaimsBasedAuthorization
{
    /// <summary>
    /// Program illustrates using Claims-based authorization
    /// </summary>
    class Program
    {        
        static void Main( string[] args )
        {

            //
            // Configure .NET Framework to use Windows Claims Principals
            // Emulates the authentication phase supported by the Windows Identity Foundation.
            //
            AppDomain.CurrentDomain.SetPrincipalPolicy( PrincipalPolicy.WindowsPrincipal );
            Thread.CurrentPrincipal = ClaimsPrincipal.CreateFromPrincipal( Thread.CurrentPrincipal );

            //
            // Method 1. Simple access check using static method. 
            // Expect this to be most common method.
            //
            ClaimsPrincipalPermission.CheckAccess( "resource", "action" );

            //
            // Method 2. Programmatic check using the permission class
            // Follows model found at https://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx
            //
            ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission( "resource", "action" );
            cpp.Demand();

            //
            // Method 3. Access check interacting directly with the authorization manager.
            //            
            ClaimsAuthorizationManager am = new ClaimsAuthorizationManager();
            am.CheckAccess( new AuthorizationContext( (IClaimsPrincipal) Thread.CurrentPrincipal, "resource", "action" ) );

            //
            // Method 4. Call a method that is protected using the permission attribute class
            //
            ProtectedMethod();

            Console.WriteLine( "Press [Enter] to continue." );
            Console.ReadLine();
        }

        //
        // Declarative access check using the permission class
        //
        [ClaimsPrincipalPermission( SecurityAction.Demand, Resource = "resource", Operation = "action")]
        [ClaimsPrincipalPermission( SecurityAction.Demand, Resource = "resource1", Operation = "action1" )]
        static void ProtectedMethod()
        {
        }
    }
}

Remarks

The ClaimsPrincipalPermission class provides programmatic access to the claims authorization manager (ClaimsAuthorizationManager) that is configured for an application. You can use the methods provided by the ClaimsPrincipalPermission class to perform access checks in your code with the claims authorization manager.

The ClaimsPrincipalPermission class checks access for the current principal for a specified action on a specified resource. The resource and action are both strings and are typically URIs. You can either initialize the ClaimsPrincipalPermission with an action and a resource when you create it and call the Demand method; or you can pass the action and resource to the CheckAccess method. Both methods throw a System.Security.SecurityException exception if the current principal is not authorized to perform the action on the resource; otherwise, execution proceeds.

For a full sample that demonstrates the use of the ClaimsPrincipalPermission class as well as a claims authorization manager that uses a configuration-based policy engine, see the Claims based Authorization sample in the <Installation Directory>\Windows Identity Foundation SDK\<Version>\Samples\Extensions directory.

This class cannot be inherited.

Inheritance Hierarchy

System.Object
  Microsoft.IdentityModel.Claims.ClaimsPrincipalPermission

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Target Platforms

Windows 7, Windows Server 2008 R2, Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2003 SP2 (32-bit or 64-bit)

Change History

See Also

Reference

ClaimsPrincipalPermission Members
Microsoft.IdentityModel.Claims Namespace

Copyright © 2008 by Microsoft Corporation. All rights reserved.