AuthorizationAttribute.IsAuthorized Method

WCF RIA Services

[WCF RIA Services Version 1 Service Pack 2 is compatible with either .NET framework 4 or .NET Framework 4.5, and with either Silverlight 4 or Silverlight 5.]

Implementation specific method to determine whether the given IPrincipal object is authorized to perform a specific operation described by the given AuthorizationContext object.

Namespace:  System.ComponentModel.DataAnnotations
Assembly:  System.ServiceModel.DomainServices.Server (in System.ServiceModel.DomainServices.Server.dll)

protected abstract function IsAuthorized(
	principal : IPrincipal, 
	authorizationContext : AuthorizationContext
) : AuthorizationResult


Type: System.Security.Principal.IPrincipal
The IPrincipal object to be authorized.
Type: System.ComponentModel.DataAnnotations.AuthorizationContext
The AuthorizationContext describing the context in which authorization has been requested.

Return Value

Type: System.ComponentModel.DataAnnotations.AuthorizationResult
An AuthorizationResult object that indicates whether the operation is allowed or denied. Returns Allowed when the operation is allowed. Returns a non-null AuthorizationResult when the request has been denied. The ErrorMessage property contains the error message that is displayed to users.

This protected abstract method contains the implementation-specific logic for this particular subclass of AuthorizationAttribute. It is invoked strictly by the public Authorize method.

The following example shows an implementation of the AuthorizationAttribute class.

Public Class CheckAttendeeNameAttribute
    Inherits System.Web.DomainServices.AuthorizationAttribute

    Public Overrides Function Authorize(ByVal principal As System.Security.Principal.IPrincipal) As Boolean
        If (principal.IsInRole("Attendee") And principal.Identity.Name.StartsWith("A")) Then
            Return True
            Return False
        End If
    End Function
End Class

No code example is currently available or this language may not be supported.
public class RestrictAccessToAssignedManagers : AuthorizationAttribute
    protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext)
        EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance;
        Employee selectedEmployee;
        Employee authenticatedUser;

        using (AdventureWorksEntities context = new AdventureWorksEntities())
            selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID);
            authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name);

        if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID)
            return AuthorizationResult.Allowed;
            return new AuthorizationResult("Only the authenticated manager for the employee can add a new record.");