AuthorizationContext Class

AuthorizationContext Class

WCF RIA Services

[WCF RIA Services Version 1 Service Pack 2 is compatible with either .NET framework 4 or .NET Framework 4.5, and with either Silverlight 4 or Silverlight 5.]

Describes the context in which an authorization is being performed.

System.Object
  System.ComponentModel.DataAnnotations.AuthorizationContext

Namespace:  System.ComponentModel.DataAnnotations
Assembly:  System.ServiceModel.DomainServices.Server (in System.ServiceModel.DomainServices.Server.dll)

public sealed class AuthorizationContext : IServiceProvider, 
	IDisposable

The AuthorizationContext type exposes the following members.

  NameDescription
Public methodAuthorizationContext(IServiceProvider)Initializes a new instance of the AuthorizationContext class as a template.
Public methodAuthorizationContext(Object, String, String, AuthorizationContext)Initializes a new instance of the AuthorizationContext class with the specified instance, operation, operation type and authorization context.
Public methodAuthorizationContext(Object, String, String, IServiceProvider, IDictionary<Object, Object>)Initializes a new instance of the AuthorizationContext class with the specified instance, operation, operation type, service provider, and items.
Top

  NameDescription
Public propertyInstanceGets the object instance being authorized.
Public propertyItemsGets the dictionary of key/value pairs associated with this context.
Public propertyOperationGets the name of the operation being authorized.
Public propertyOperationTypeGets a string value that describes the type of operation being authorized.
Public propertyServiceContainerGets an IServiceContainer that can be used for adding, removing, and getting services used for authorization.
Top

  NameDescription
Public methodDisposeReleases all resources used by the current instance of the AuthorizationContext class.
Public methodEquals (Inherited from Object.)
Protected methodFinalize (Inherited from Object.)
Public methodGetHashCode (Inherited from Object.)
Public methodGetServiceReturns a service of the specified service type.
Public methodGetType (Inherited from Object.)
Protected methodMemberwiseClone (Inherited from Object.)
Public methodToString (Inherited from Object.)
Top

This class contains information describing the instance and the operation being authorized. It implements IDisposable and must be properly disposed after use. It supports IServiceProvider so that custom validation code can acquire additional services to help it perform its validation.

An Items property bag is available for additional contextual information about the authorization. Values stored in Items will be available to authorization methods that use this AuthorizationContext.

This class also provides an IServiceContainer implementation to allow developers to add services to the context at run time. This container is available by calling the GetService method and providing the type of IServiceContainer or by using the ServiceContainer property.

The type of the object in the Instance property is the type of the entity involved in the operation. For query operations, the Instance property is null.

The following example shows an implementation of the AuthorizationAttribute that uses an AuthorizationContext value to customize authentication.

Public Class CheckAttendeeNameAttribute
    Inherits System.Web.DomainServices.AuthorizationAttribute


    Public Overrides Function Authorize(ByVal principal As System.Security.Principal.IPrincipal) As Boolean
        If (principal.IsInRole("Attendee") And principal.Identity.Name.StartsWith("A")) Then
            Return True
        Else
            Return False
        End If
    End Function
End Class


public class CheckAttendeeNameAttribute : System.Web.DomainServices.AuthorizationAttribute
{

    public override bool Authorize(System.Security.Principal.IPrincipal principal)
    {
        if (principal.IsInRole("Attendee") && principal.Identity.Name.StartsWith("A"))
        {
            return true;
        }
        else
        {
            return false;
        }
    }
}


public class RestrictAccessToAssignedManagers : AuthorizationAttribute
{
    protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext)
    {
        EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance;
        Employee selectedEmployee;
        Employee authenticatedUser;

        using (AdventureWorksEntities context = new AdventureWorksEntities())
        {
            selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID);
            authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name);
        }

        if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID)
        {
            return AuthorizationResult.Allowed;
        }
        else
        {
            return new AuthorizationResult("Only the authenticated manager for the employee can add a new record.");
        }
    }
}


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2016 Microsoft