This documentation is archived and is not being maintained.

Claim Class

Represents a claim that is associated with an entity.


Namespace:  System.IdentityModel.Claims
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

[DataContractAttribute(Namespace = "")]
public class Claim

The Claim type exposes the following members.

Public methodClaimInitializes a new instance of the Claim class with the specified type, resource, and right.

Public propertyClaimTypeGets the type of the claim.
Public propertyStatic memberDefaultComparerGets an object that can compare two Claim objects for equality.
Public propertyResourceGets the resource with which this Claim object is associated.
Public propertyRightA string representation of a uniform resource identifier (URI) that specifies the right associated with this Claim object. Pre-defined rights are available as static properties of the Rights class.
Public propertyStatic memberSystemA pre-defined claim that represents the system entity.

Public methodStatic memberCreateDenyOnlyWindowsSidClaimCreates a Claim object that represents a deny-only specified security identifier (SID).
Public methodStatic memberCreateDnsClaimCreates a Claim object that represents the specified Domain Name System (DNS) name.
Public methodStatic memberCreateHashClaimCreates a Claim object that represents the specified hash value.
Public methodStatic memberCreateMailAddressClaimCreates a Claim object that represents the specified email address.
Public methodStatic memberCreateNameClaimCreates a Claim object that represents the specified name.
Public methodStatic memberCreateRsaClaimCreates a Claim object that represents the specified RSA key.
Public methodStatic memberCreateSpnClaimCreates a Claim object that represents the specified Service Principal Name (SPN).
Public methodStatic memberCreateThumbprintClaimCreates a Claim object that represents the specified thumbprint.
Public methodStatic memberCreateUpnClaimCreates a Claim object that represents the specified Universal Principal Name (UPN).
Public methodStatic memberCreateUriClaimCreates a Claim object that represents the specified Uniform Resource Locator (URL).
Public methodStatic memberCreateWindowsSidClaimCreates a Claim object that represents the specified security identifier (SID).
Public methodStatic memberCreateX500DistinguishedNameClaimCreates a Claim object that represents the specified X.500 distinguished name.
Public methodEqualsDetermines whether the specified object represents the same claim as the current Claim object. (Overrides Object.Equals(Object).)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetHashCodeReturns a hash code for the current claim. (Overrides Object.GetHashCode().)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodToStringReturns a string representation of this Claim object. (Overrides Object.ToString().)

The Identity Model is a claims-based authorization system. Claims describe the capabilities associated with some entity in the system, often a user of that system. The set of claims associated with a given entity can be thought of as a key. The particular claims define the shape of that key; much like a physical key is used to open a lock in a door. In this way, claims are used to gain access to resources. Access to a given protected resource is determined by comparing the claims required to access that resource with the claims associated with the entity that attempts access.

A claim is the expression of a right with respect to a particular value. A right could be read, write, or possess. A value could be a database, a file, a mailbox, or a property. Claims also have a claim type. The combination of claim type and right provides the mechanism for capabilities being specified with respect to the value. For example, a claim of type file with the right read over the value biography.doc indicates that the entity with such a claim has read access to the file biography.doc. A claim of type name with the right PossessProperty over the value Martin indicates that the entity with the claim possesses a Name property with the value Martin.

Although various claim types and rights are defined as part of Identity Model, the system is extensible. The various systems building on top of the Identity Model infrastructure can define claim types and rights as required.

        // Run this method from within a method protected by the PrincipalPermissionAttribute
        // to see the security context data, including the primary identity.
        public void WriteServiceSecurityContextData(string fileName)
            using (StreamWriter sw = new StreamWriter(fileName))
                // Write the primary identity and Windows identity. The primary identity is derived from the
                // the credentials used to authenticate the user. The Windows identity may be a null string.
                sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
                sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);
                // Write the claimsets in the authorization context. By default, there is only one claimset
                // provided by the system. 
                foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
                    foreach (Claim claim in claimset)
                        // Write out each claim type, claim value, and the right. There are two
                        // possible values for the right: "identity" and "possessproperty". 
                        sw.WriteLine("Claim Type = {0}", claim.ClaimType);
                        sw.WriteLine("\t Resource = {0}", claim.Resource.ToString());
                        sw.WriteLine("\t Right = {0}", claim.Right);

.NET Framework

Supported in: 4, 3.5, 3.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.