Assembly: System.IdentityModel (in system.identitymodel.dll)
Claims are added to an EvaluationContext by authorization policies. An authorization policy takes a set of claims, such as those found in a security token, and adds additional claims based on the current set. For instance, an authorization policy might evaluate a claim that contains the date of birth and add a claim that states the user is over 21 years old and add an Over21 claim to the EvaluationContext.
Classes that implement the IAuthorizationPolicy interface do not authorize users, but they enable the ServiceAuthorizationManager class to do so. The ServiceAuthorizationManager calls the Evaluate method for each authorization policy in effect. The Evaluate method determines whether additional claims should be added for the user based on the current claims. An authorization policy's Evaluate method may be called multiple times, as claims are added to the EvaluationContext by other authorization policies. When all authorization policies in effect are done, the ServiceAuthorizationManager class makes authorization decisions based upon the final set of claims. The ServiceAuthorizationManager class then creates an AuthorizationContext that contains an immutable set of claims that reflects these authorization decisions.
An evaluation context contains a set of ClaimSet objects: an expiration time, which specifies the span of time during which the evaluation context is valid, and a unique identifier.
Windows 98, Windows Server 2000 SP4, Windows CE, Windows Millennium Edition, Windows Mobile for Pocket PC, Windows Mobile for Smartphone, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter EditionThe Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.