AuthorizationAttribute.IsAuthorized Method
WCF RIA Services
[WCF RIA Services Version 1 Service Pack 2 is compatible with either .NET framework 4 or .NET Framework 4.5, and with either Silverlight 4 or Silverlight 5.]
Implementation specific method to determine whether the given IPrincipal object is authorized to perform a specific operation described by the given AuthorizationContext object.
Namespace: System.ComponentModel.DataAnnotations
Assembly: System.ServiceModel.DomainServices.Server (in System.ServiceModel.DomainServices.Server.dll)
'Declaration Protected MustOverride Function IsAuthorized ( _ principal As IPrincipal, _ authorizationContext As AuthorizationContext _ ) As AuthorizationResult 'Usage Dim principal As IPrincipal Dim authorizationContext As AuthorizationContext Dim returnValue As AuthorizationResult returnValue = Me.IsAuthorized(principal, _ authorizationContext)
Parameters
- principal
- Type: System.Security.Principal.IPrincipal
The IPrincipal object to be authorized.
- authorizationContext
- Type: System.ComponentModel.DataAnnotations.AuthorizationContext
The AuthorizationContext describing the context in which authorization has been requested.
Return Value
Type: System.ComponentModel.DataAnnotations.AuthorizationResultAn AuthorizationResult object that indicates whether the operation is allowed or denied. Returns Allowed when the operation is allowed. Returns a non-null AuthorizationResult when the request has been denied. The ErrorMessage property contains the error message that is displayed to users.
This protected abstract method contains the implementation-specific logic for this particular subclass of AuthorizationAttribute. It is invoked strictly by the public Authorize method.
The following example shows an implementation of the AuthorizationAttribute class.
Public Class CheckAttendeeNameAttribute Inherits System.Web.DomainServices.AuthorizationAttribute Public Overrides Function Authorize(ByVal principal As System.Security.Principal.IPrincipal) As Boolean If (principal.IsInRole("Attendee") And principal.Identity.Name.StartsWith("A")) Then Return True Else Return False End If End Function End Class
Public Class RestrictAccessToAssignedManagers Inherits AuthorizationAttribute Protected Overrides Function IsAuthorized(ByVal principal As System.Security.Principal.IPrincipal, ByVal authorizationContext As System.ComponentModel.DataAnnotations.AuthorizationContext) As System.ComponentModel.DataAnnotations.AuthorizationResult Dim eph As EmployeePayHistory Dim selectedEmployee As Employee Dim authenticatedUser As Employee eph = CType(authorizationContext.Instance, EmployeePayHistory) Using context As New AdventureWorksEntities() selectedEmployee = context.Employees.SingleOrDefault(Function(e) e.EmployeeID = eph.EmployeeID) authenticatedUser = context.Employees.SingleOrDefault(Function(e) e.LoginID = principal.Identity.Name) End Using If (selectedEmployee.ManagerID = authenticatedUser.EmployeeID) Then Return AuthorizationResult.Allowed Else Return New AuthorizationResult("Only the authenticated manager for the employee can add a new record.") End If End Function End Class
public class RestrictAccessToAssignedManagers : AuthorizationAttribute { protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext) { EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance; Employee selectedEmployee; Employee authenticatedUser; using (AdventureWorksEntities context = new AdventureWorksEntities()) { selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID); authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name); } if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID) { return AuthorizationResult.Allowed; } else { return new AuthorizationResult("Only the authenticated manager for the employee can add a new record."); } } }
Show: