AuthorizationAttribute Class

WCF RIA Services

[WCF RIA Services Version 1 Service Pack 2 is compatible with either .NET framework 4 or .NET Framework 4.5, and with either Silverlight 4 or Silverlight 5.]

Serves as base class for classes that are used to control authorization through custom metadata.

Namespace:  System.ComponentModel.DataAnnotations
Assembly:  System.ServiceModel.DomainServices.Server (in System.ServiceModel.DomainServices.Server.dll)

Public MustInherit Class AuthorizationAttribute _
	Inherits Attribute
Dim instance As AuthorizationAttribute

The AuthorizationAttribute type exposes the following members.

Protected methodAuthorizationAttributeInitializes a new instance of the AuthorizationAttribute class.

Public propertyErrorMessageGets or sets the literal error message or resource key intended to be returned in an ErrorMessage.
Public propertyResourceTypeGets or sets the Type to use as the resource manager for ErrorMessage.
Public propertyTypeId (Inherited from Attribute.)

Public methodAuthorizeDetermines whether the given principal object is authorized to perform a specific operation described by the given AuthorizationContext.
Public methodEquals (Inherited from Attribute.)
Protected methodFinalize (Inherited from Object.)
Protected methodFormatErrorMessageGets the formatted error message for the current AuthorizationAttribute to present to the user.
Public methodGetHashCode (Inherited from Attribute.)
Public methodGetType (Inherited from Object.)
Protected methodIsAuthorizedImplementation specific method to determine whether the given IPrincipal object is authorized to perform a specific operation described by the given AuthorizationContext object.
Public methodIsDefaultAttribute (Inherited from Attribute.)
Public methodMatch (Inherited from Attribute.)
Protected methodMemberwiseClone (Inherited from Object.)
Public methodToString (Inherited from Object.)

Explicit interface implemetationPrivate method_Attribute.GetIDsOfNames (Inherited from Attribute.)
Explicit interface implemetationPrivate method_Attribute.GetTypeInfo (Inherited from Attribute.)
Explicit interface implemetationPrivate method_Attribute.GetTypeInfoCount (Inherited from Attribute.)
Explicit interface implemetationPrivate method_Attribute.Invoke (Inherited from Attribute.)

You create a class that derives from the AuthorizationAttribute class to implement a customized authorization policy. When you create a derived class, you must implement the authorization logic in the IsAuthorized method. The IsAuthorized method includes parameters for an IPrincipal object and an AuthorizationContext object. You can use these parameters to determine if a user is authorized. In the derived class, you can add properties that are specified in the attribute declaration and used in the authorization logic. You apply the attribute to operations that need the customized authorization policy.

The following example shows an implementation of the AuthorizationAttribute class.

Public Class CheckAttendeeNameAttribute
    Inherits System.Web.DomainServices.AuthorizationAttribute

    Public Overrides Function Authorize(ByVal principal As System.Security.Principal.IPrincipal) As Boolean
        If (principal.IsInRole("Attendee") And principal.Identity.Name.StartsWith("A")) Then
            Return True
            Return False
        End If
    End Function
End Class

Public Class RestrictAccessToAssignedManagers
    Inherits AuthorizationAttribute

    Protected Overrides Function IsAuthorized(ByVal principal As System.Security.Principal.IPrincipal, ByVal authorizationContext As System.ComponentModel.DataAnnotations.AuthorizationContext) As System.ComponentModel.DataAnnotations.AuthorizationResult
        Dim eph As EmployeePayHistory
        Dim selectedEmployee As Employee
        Dim authenticatedUser As Employee

        eph = CType(authorizationContext.Instance, EmployeePayHistory)

        Using context As New AdventureWorksEntities()
            selectedEmployee = context.Employees.SingleOrDefault(Function(e) e.EmployeeID = eph.EmployeeID)
            authenticatedUser = context.Employees.SingleOrDefault(Function(e) e.LoginID = principal.Identity.Name)
        End Using

        If (selectedEmployee.ManagerID = authenticatedUser.EmployeeID) Then
            Return AuthorizationResult.Allowed
            Return New AuthorizationResult("Only the authenticated manager for the employee can add a new record.")
        End If
    End Function
End Class

public class RestrictAccessToAssignedManagers : AuthorizationAttribute
    protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext)
        EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance;
        Employee selectedEmployee;
        Employee authenticatedUser;

        using (AdventureWorksEntities context = new AdventureWorksEntities())
            selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID);
            authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name);

        if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID)
            return AuthorizationResult.Allowed;
            return new AuthorizationResult("Only the authenticated manager for the employee can add a new record.");

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.