This documentation is archived and is not being maintained.

IAuthorizationPolicy.Evaluate Method

Evaluates whether a user meets the requirements for this authorization policy.

Namespace:  System.IdentityModel.Policy
Assembly:  System.IdentityModel (in System.IdentityModel.dll)

bool Evaluate(
	EvaluationContext evaluationContext,
	ref Object state


Type: System.IdentityModel.Policy.EvaluationContext

An EvaluationContext that contains the claim set that the authorization policy evaluates.

Type: System.Object%

A Object, passed by reference that represents the custom state for this authorization policy.

Return Value

Type: System.Boolean
false if the Evaluate method for this authorization policy must be called if additional claims are added by other authorization policies to evaluationContext; otherwise, true to state no additional evaluation is required by this authorization policy.


Implementers of the IAuthorizationPolicy interface should expect the Evaluate method to be called multiple times by different threads.

Implementers of the IAuthorizationPolicy interface can use the state parameter to track state between calls to the Evaluate method. If a state object is set inside a given call to the Evaluate method, the same object instance is passed to each and every subsequent call to the Evaluate method in the current evaluation process.

public bool Evaluate(EvaluationContext evaluationContext, ref object state)
    bool bRet = false;
    CustomAuthState customstate = null;

    // If state is null, then this method has not been called before, so  
    // set up a custom state. 
    if (state == null)
        customstate = new CustomAuthState();
        state = customstate;
        customstate = (CustomAuthState)state;

    Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate");

    // If claims have not been added yet... 
    if (!customstate.ClaimsAdded)
        // Create an empty list of Claims.
        IList<Claim> claims = new List<Claim>();

        // Iterate through each of the claim sets in the evaluation context. 
        foreach (ClaimSet cs in evaluationContext.ClaimSets)
            // Look for Name claims in the current claim set. 
            foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
                // Get the list of operations the given username is allowed to call. 
                foreach (string s in GetAllowedOpList(c.Resource.ToString()))
                    // Add claims to the list.
                    claims.Add(new Claim("", s, Rights.PossessProperty));
                    Console.WriteLine("Claim added {0}", s);

        // Add claims to the evaluation context.
        evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer,claims));

        // Record that claims have been added.
        customstate.ClaimsAdded = true;

        // Return true, which indicates this need not be called again.
        bRet = true;
        // This point should not be reached, but just in case...
        bRet = true;

    return bRet;

Windows 7, Windows Vista, Windows XP SP2, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0