This documentation is archived and is not being maintained.

Claim Class

Represents a claim that is associated with an entity.

Namespace:  System.IdentityModel.Claims
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

[DataContractAttribute(Namespace = "")]
public class Claim

The Identity Model is a claims-based authorization system. Claims describe the capabilities associated with some entity in the system, often a user of that system. The set of claims associated with a given entity can be thought of as a key. The particular claims define the shape of that key; much like a physical key is used to open a lock in a door. In this way, claims are used to gain access to resources. Access to a given protected resource is determined by comparing the claims required to access that resource with the claims associated with the entity that attempts access.

A claim is the expression of a right with respect to a particular value. A right could be read, write, or possess. A value could be a database, a file, a mailbox, or a property. Claims also have a claim type. The combination of claim type and right provides the mechanism for capabilities being specified with respect to the value. For example, a claim of type file with the right read over the value biography.doc indicates that the entity with such a claim has read access to the file biography.doc. A claim of type name with the right PossessProperty over the value Martin indicates that the entity with the claim possesses a Name property with the value Martin.

Although various claim types and rights are defined as part of Identity Model, the system is extensible. The various systems building on top of the Identity Model infrastructure can define claim types and rights as required.

// Run this method from within a method protected by the PrincipalPermissionAttribute 
// to see the security context data, including the primary identity. 
public void WriteServiceSecurityContextData(string fileName)
    using (StreamWriter sw = new StreamWriter(fileName))
        // Write the primary identity and Windows identity. The primary identity is derived from the 
        // the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);
        // Write the claimsets in the authorization context. By default, there is only one claimset 
        // provided by the system.  
        foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
            foreach (Claim claim in claimset)
                // Write out each claim type, claim value, and the right. There are two 
                // possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type = {0}", claim.ClaimType);
                sw.WriteLine("\t Resource = {0}", claim.Resource.ToString());
                sw.WriteLine("\t Right = {0}", claim.Right);


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0