EvaluationContext Class


The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

When overridden in a derived class, represents the results of the authorization policies that have been evaluated.

Namespace:   System.IdentityModel.Policy
Assembly:  System.IdentityModel (in System.IdentityModel.dll)


Public MustInherit Class EvaluationContext


Initializes a new instance of the EvaluationContext class.


Gets a read-only collection of ClaimSet objects that contains the claims added by authorization policies that have been evaluated.


Gets the number of times that claims have been added to the evaluation context.


Gets a collection of non-claim properties associated with this EvaluationContext.

System_CAPS_pubmethodAddClaimSet(IAuthorizationPolicy, ClaimSet)

Adds a set of claims to the evaluation context.


Determines whether the specified object is equal to the current object.(Inherited from Object.)


Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)


Serves as the default hash function. (Inherited from Object.)


Gets the Type of the current instance.(Inherited from Object.)


Creates a shallow copy of the current Object.(Inherited from Object.)


Sets the date and time at which this EvaluationContext is no longer valid.


Returns a string that represents the current object.(Inherited from Object.)

Claims are added to an EvaluationContext by authorization policies. An authorization policy takes a set of claims, such as those found in a security token, and adds additional claims based on the current set. For instance, an authorization policy might evaluate a claim that contains the date of birth and add a claim that states the user is over 21 years old and add an Over21 claim to the EvaluationContext.

Classes that implement the IAuthorizationPolicy interface do not authorize users, but they enable the ServiceAuthorizationManager class to do so. The ServiceAuthorizationManager calls the Evaluate method for each authorization policy in effect. The Evaluate method determines whether additional claims should be added for the user based on the current claims. An authorization policy's Evaluate method may be called multiple times, as claims are added to the EvaluationContext by other authorization policies. When all authorization policies in effect are done, the ServiceAuthorizationManager class makes authorization decisions based upon the final set of claims. The ServiceAuthorizationManager class then creates an AuthorizationContext that contains an immutable set of claims that reflects these authorization decisions.

An evaluation context contains a set of ClaimSet objects: an expiration time, which specifies the span of time during which the evaluation context is valid, and a unique identifier.

.NET Framework
Available since 3.0

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top