How to: Compare Claims
The Identity Model infrastructure in Windows Communication Foundation (WCF) is used to perform authorization checking. As such, a common task is to compare claims in the authorization context to the claims required to perform the requested action or access the requested resource. This topic describes how to compare claims, including built-in and custom claim types. For more information about the Identity Model infrastructure, see Managing Claims and Authorization with the Identity Model.
Claim comparison involves comparing the three parts of a claim (type, right, and resource) against the same parts in another claim to see if they are equal. See the following example.
The built-in claim types are compared using the Equals method. Claim-specific comparison code is used where necessary. For example, given the following two user principal name (UPN) claims:
the comparison code in the Equals method returns true, assuming example\someone identifies the same domain user as "firstname.lastname@example.org".
Custom claim types can also be compared using the Equals method. However, in cases where the type returned by the Resource property of the claim is something other than a primitive type, the Equals returns true only if the values returned by the Resource properties are equal according to the Equals method. In cases where this is not appropriate, the custom type returned by the Resource property should override the Equals and GetHashCode methods to perform whatever custom processing is necessary.
Comparing built-in claims
Comparing custom claims with primitive resource types
For custom claims with primitive resource types, comparison can be performed as for built-in claims, as shown in the following code.
For custom claims with structure or class based resource types, the resource type should override the Equals method.
First check whether the obj parameter is null, and if so, return false.
Next call ReferenceEquals and pass this and obj as parameters. If it returns true, then return true.
Next attempt to assign obj to a local variable of the class type. If this fails, the reference is null. In such cases, return false.
Perform the custom comparison necessary to correctly compare the current claim to the provided claim.
The following example shows a comparison of custom claims where the claim resource is a non-primitive type.
Imports System Imports System.IdentityModel.Claims Imports System.Security.Permissions <assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution := True)> NotInheritable Public Class MyResourceType ' private members Private textValue As String Private numberValue As Integer ' Constructors Public Sub New() End Sub 'New Public Sub New(ByVal textVal As String, ByVal numberValue As Integer) Me.textValue = textVal Me.numberValue = numberValue End Sub ' Public properties Public ReadOnly Property Text() As String Get Return Me.textValue End Get End Property Public ReadOnly Property Number() As Integer Get Return Me.numberValue End Get End Property ' Override Object.Equals to perform a specific comparison. Public Overrides Function Equals(ByVal obj As [Object]) As Boolean ' If the object being compared to is null then return false. If obj Is Nothing Then Return False End If ' If the object we are being asked to compare ourselves to is us ' then return true. If ReferenceEquals(Me, obj) Then Return True End If ' Try to convert the object we are being asked to compare ourselves to ' into an instance of MyResourceType. Dim rhs As MyResourceType = CType(obj, MyResourceType) ' If the object being compared to is not an instance of ' MyResourceType then return false. If rhs Is Nothing Then Return False End If ' Return true if members are the same as those of the object ' being asked to compare to; otherwise, return false. Return Me.textValue = rhs.textValue AndAlso Me.numberValue = rhs.numberValue End Function Public Overrides Function GetHashCode() As Integer Return Me.textValue.GetHashCode() ^ Me.numberValue.GetHashCode() End Function End Class Class Program Public Shared Sub Main() ' Create two claims. Dim c1 As New Claim("http://example.org/claims/mycustomclaim", _ New MyResourceType("Martin", 38), Rights.PossessProperty) Dim c2 As New Claim("http://example.org/claims/mycustomclaim", _ New MyResourceType("Martin", 38), Rights.PossessProperty) ' Compare the claims. If c1.Equals(c2) Then Console.WriteLine("Claims are equal") Else Console.WriteLine("Claims are not equal") End If End Sub End Class