ServiceAuthorizationManager.CheckAccess Method (OperationContext)


Checks authorization for the given operation context.

Namespace:   System.ServiceModel
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

public virtual bool CheckAccess(
	OperationContext operationContext


Type: System.ServiceModel.OperationContext

The OperationContext.

Return Value

Type: System.Boolean

true if access is granted; otherwise; otherwise false. The default is true.

In general, applications should override CheckAccessCore instead of this method.

Override CheckAccess if the application associates or introduces a different set of policies for the resulting ServiceSecurityContext or provide a different policy evaluation (chaining) model.

This method is responsible for calling CheckAccessCore.

The following code shows how to override this method to enforce custom access control requirements.

public class myServiceAuthorizationManager : ServiceAuthorizationManager 
    // Override the CheckAccess method to enforce access control requirements.
    public override bool CheckAccess(OperationContext operationContext)
        AuthorizationContext authContext =
        if (authContext.ClaimSets == null) return false;
        if (authContext.ClaimSets.Count != 1) return false;
        ClaimSet myClaimSet = authContext.ClaimSets[0];
        if (!IssuedBySTS_B(myClaimSet)) return false;
        if (myClaimSet.Count != 1) return false;
        Claim myClaim = myClaimSet[0];
        if (myClaim.ClaimType ==
            string resource = myClaim.Resource as string;
            if (resource == null) return false;
            if (resource != "true") return false;
            return true;
        else return false;

    // This helper method checks whether SAML Token was issued by STS-B.     
    // It compares the Thumbprint Claim of the Issuer against the 
    // Certificate of STS-B. 
    private bool IssuedBySTS_B(ClaimSet myClaimSet)
        ClaimSet issuerClaimSet = myClaimSet.Issuer;
        if (issuerClaimSet == null) return false;
        if (issuerClaimSet.Count != 1) return false;
        Claim issuerClaim = issuerClaimSet[0];
        if (issuerClaim.ClaimType != ClaimTypes.Thumbprint)
            return false;
        if (issuerClaim.Resource == null) return false;
        byte[] claimThumbprint = (byte[])issuerClaim.Resource;
        // It is assumed that stsB_Certificate is a variable of type 
        // X509Certificate2 that is initialized with the Certificate of 
        // STS-B.
        X509Certificate2 stsB_Certificate = GetStsBCertificate();
        byte[] certThumbprint = stsB_Certificate.GetCertHash();
        if (claimThumbprint.Length != certThumbprint.Length)
            return false;
        for (int i = 0; i < claimThumbprint.Length; i++)
            if (claimThumbprint[i] != certThumbprint[i]) return false;
        return true;

.NET Framework
Available since 3.0
Return to top