IAuthorizationPolicy Interface
Defines a set of rules for authorizing a user, given a set of claims.
Assembly: System.IdentityModel (in System.IdentityModel.dll)
The IAuthorizationPolicy type exposes the following members.
| Name | Description | |
|---|---|---|
![]() | Id | Gets a string that identifies this authorization component. (Inherited from IAuthorizationComponent.) |
![]() | Issuer | Gets a claim set that represents the issuer of the authorization policy. |
Implement the IAuthorizationPolicy interface to add or map one set of claims to another. An authorization policy examines a set of claims and adds additional claims based on the current set. For example, an authorization policy might evaluate a claim that contains the date of birth and add a claim that asserts that the user is over 21 years old and add an Over21 claim to the EvaluationContext.
Classes that implement the IAuthorizationPolicy interface do not authorize users, but they enable the ServiceAuthorizationManager class to do so. The ServiceAuthorizationManager calls the Evaluate method for each authorization policy in effect. The Evaluate method determines whether additional claims should be added for the user, based on the current context. An authorization policy's Evaluate method may be called multiple times, as claims are added to the EvaluationContext by other authorization policies. When all authorization policies in effect are done, the ServiceAuthorizationManager class makes authorization decisions based upon the final set of claims. The ServiceAuthorizationManager class then creates an AuthorizationContext that contains an immutable set of claims that reflects these authorization decisions.
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

