AuthorizationContext Class

 

The result of evaluating all authorization policies available from the tokens in the sent message and by calling the GetAuthorizationPolicies method.

Namespace:   System.IdentityModel.Policy
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

System.Object
  System.IdentityModel.Policy.AuthorizationContext

public abstract class AuthorizationContext : IAuthorizationComponent

NameDescription
System_CAPS_protmethodAuthorizationContext()

Initializes a new instance of the AuthorizationContext class.

NameDescription
System_CAPS_pubpropertyClaimSets

Gets the set of claims associated with an authorization policy.

System_CAPS_pubpropertyExpirationTime

Gets the date and time at which this AuthorizationContext object is no longer valid.

System_CAPS_pubpropertyId

Gets a unique identifier for this AuthorizationContext object.

System_CAPS_pubpropertyProperties

Gets a collection of non-claim properties associated with this AuthorizationContext object.

NameDescription
System_CAPS_pubmethodSystem_CAPS_staticCreateDefaultAuthorizationContext(IList<IAuthorizationPolicy>)

Evaluate all of the specified authorization policies and create an AuthorizationContext.

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

Evaluating all of the authorization policies in an authorization manager results in a set of ClaimSet objects. These objects make up an authorization context.

An authorization context contains a set of claim set objects, an expiration time that specifies the span of time during which the authorization context is valid, and a unique identifier.

The AuthorizationContext for the current operation can be accessed via the AuthorizationContext property.

protected override bool CheckAccessCore(OperationContext operationContext)
{                
    // Extract the action URI from the OperationContext. Match this against the claims
    // in the AuthorizationContext.
    string action = operationContext.RequestContext.RequestMessage.Headers.Action;
    Console.WriteLine("action: {0}", action);

    // Iterate through the various claim sets in the AuthorizationContext.
    foreach(ClaimSet cs in operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets)
    {
        // Examine only those claim sets issued by System.
        if (cs.Issuer == ClaimSet.System)
        {
            // Iterate through claims of type "http://example.org/claims/allowedoperation".
            foreach (Claim c in cs.FindClaims("http://example.org/claims/allowedoperation", Rights.PossessProperty))
            {
                // Write the Claim resource to the console.
                Console.WriteLine("resource: {0}", c.Resource.ToString());

                // If the Claim resource matches the action URI then return true to allow access.
                if (action == c.Resource.ToString())
                    return true;
            }
        }
    }

    // If this point is reached, return false to deny access.
    return false;                 
}

.NET Framework
Available since 3.0

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: