ClaimsPrincipalPermission::Demand Method ()

.NET Framework (current version)
 

Checks if the current principal is authorized for the resource-action pairs associated with the current instance.

Namespace:   System.IdentityModel.Services
Assembly:  System.IdentityModel.Services (in System.IdentityModel.Services.dll)

public:
virtual void Demand() sealed

Exception Condition
InvalidOperationException

The current principal is not assignable from ClaimsPrincipal.

-or-

There is no ClaimsAuthorizationManager configured.

SecurityException

The authorization check failed.

The current principal must be authorized for all of the resource-action pairs associated with this instance or the SecurityException exception is thrown.

Although the constructor only takes a single resource and action, ClaimsPrincipalPermission objects can be combined through the Union and Intersect methods. The permission created through these methods may contain multiple resource-action pairs.

The Demand method invokes the ClaimsAuthorizationManager::CheckAccess method of the configured claims authorization manager with an AuthorizationContext composed of the active principal (CurrentPrincipal), the resource, and the action for each of the resource-action pairs contained in the permission. For the Demand to succeed the active principal must be authorized for all of the resource-action pairs that are contained in the permission.

The following example shows how to protect a resource by using the Demand method. The configured claims authorization manager is invoked to evaluate the current principal against the specified resource and action. If the current principal is not authorized for the specified action on the specified resource, a SecurityException is thrown; otherwise, execution proceeds.

//
// Method 2. Programmatic check using the permission class
// Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx
//
ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission("resource", "action");
cpp.Demand();

.NET Framework
Available since 4.5
Return to top
Show: