AuthorizationAttribute Class
[WCF RIA Services Version 1 Service Pack 2 is compatible with either .NET framework 4 or .NET Framework 4.5, and with either Silverlight 4 or Silverlight 5.]
Serves as base class for classes that are used to control authorization through custom metadata.
System.Attribute
System.ComponentModel.DataAnnotations.AuthorizationAttribute
System.ServiceModel.DomainServices.Server.RequiresAuthenticationAttribute
System.ServiceModel.DomainServices.Server.RequiresRoleAttribute
Namespace: System.ComponentModel.DataAnnotations
Assembly: System.ServiceModel.DomainServices.Server (in System.ServiceModel.DomainServices.Server.dll)
The AuthorizationAttribute type exposes the following members.
| Name | Description | |
|---|---|---|
![]() | AuthorizationAttribute | Initializes a new instance of the AuthorizationAttribute class. |
| Name | Description | |
|---|---|---|
![]() | ErrorMessage | Gets or sets the literal error message or resource key intended to be returned in an ErrorMessage. |
![]() | ResourceType | Gets or sets the Type to use as the resource manager for ErrorMessage. |
![]() | TypeId | (Inherited from Attribute.) |
| Name | Description | |
|---|---|---|
![]() | Authorize | Determines whether the given principal object is authorized to perform a specific operation described by the given AuthorizationContext. |
![]() | Equals | (Inherited from Attribute.) |
![]() | Finalize | (Inherited from Object.) |
![]() | FormatErrorMessage | Gets the formatted error message for the current AuthorizationAttribute to present to the user. |
![]() | GetHashCode | (Inherited from Attribute.) |
![]() | GetType | (Inherited from Object.) |
![]() | IsAuthorized | Implementation specific method to determine whether the given IPrincipal object is authorized to perform a specific operation described by the given AuthorizationContext object. |
![]() | IsDefaultAttribute | (Inherited from Attribute.) |
![]() | Match | (Inherited from Attribute.) |
![]() | MemberwiseClone | (Inherited from Object.) |
![]() | ToString | (Inherited from Object.) |
You create a class that derives from the AuthorizationAttribute class to implement a customized authorization policy. When you create a derived class, you must implement the authorization logic in the IsAuthorized method. The IsAuthorized method includes parameters for an IPrincipal object and an AuthorizationContext object. You can use these parameters to determine if a user is authorized. In the derived class, you can add properties that are specified in the attribute declaration and used in the authorization logic. You apply the attribute to operations that need the customized authorization policy.
The following example shows an implementation of the AuthorizationAttribute class.
Public Class CheckAttendeeNameAttribute Inherits System.Web.DomainServices.AuthorizationAttribute Public Overrides Function Authorize(ByVal principal As System.Security.Principal.IPrincipal) As Boolean If (principal.IsInRole("Attendee") And principal.Identity.Name.StartsWith("A")) Then Return True Else Return False End If End Function End Class
public class CheckAttendeeNameAttribute : System.Web.DomainServices.AuthorizationAttribute { public override bool Authorize(System.Security.Principal.IPrincipal principal) { if (principal.IsInRole("Attendee") && principal.Identity.Name.StartsWith("A")) { return true; } else { return false; } } }
public class RestrictAccessToAssignedManagers : AuthorizationAttribute { protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext) { EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance; Employee selectedEmployee; Employee authenticatedUser; using (AdventureWorksEntities context = new AdventureWorksEntities()) { selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID); authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name); } if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID) { return AuthorizationResult.Allowed; } else { return new AuthorizationResult("Only the authenticated manager for the employee can add a new record."); } } }
