This documentation is archived and is not being maintained.

IAuthorizationPolicy Interface

Defines a set of rules for authorizing a user, given a set of claims.

Namespace:  System.IdentityModel.Policy
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

public interface class IAuthorizationPolicy : IAuthorizationComponent

Implement the IAuthorizationPolicy interface to add or map one set of claims to another. An authorization policy examines a set of claims and adds additional claims based on the current set. For example, an authorization policy might evaluate a claim that contains the date of birth and add a claim that asserts that the user is over 21 years old and add an Over21 claim to the EvaluationContext.

Classes that implement the IAuthorizationPolicy interface do not authorize users, but they enable the ServiceAuthorizationManager class to do so. The ServiceAuthorizationManager calls the Evaluate method for each authorization policy in effect. The Evaluate method determines whether additional claims should be added for the user, based on the current context. An authorization policy's Evaluate method may be called multiple times, as claims are added to the EvaluationContext by other authorization policies. When all authorization policies in effect are done, the ServiceAuthorizationManager class makes authorization decisions based upon the final set of claims. The ServiceAuthorizationManager class then creates an AuthorizationContext that contains an immutable set of claims that reflects these authorization decisions.

No code example is currently available or this language may not be supported.

Windows 7, Windows Vista, Windows XP SP2, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0