ServiceSecurityContext Class
Assembly: System.ServiceModel (in system.servicemodel.dll)
The data is part of the SecurityMessageProperty for a message.
Use this class to obtain information about a remote security context at run time. A security context is created when a client is successfully authenticated and authorized to access a method. When a message is successfully authenticated and authorized, the security information from the client and for the current service instance can be obtained from an instance of this class.
You can retrieve an instance of the ServiceSecurityContext from the Current property of the OperationContext class, or use it from within a service operation method, as shown below.
Parsing a ClaimSet
A common use of the class is to retrieve the current set of claims for the purpose of identifying or authorizing a client when accessing a method. The ClaimSet class contains a collection of Claim objects, and each can be parsed to determine whether a specific claim is present. If the specified claim is provided, authorization can be granted. This functionality is provided by overriding the CheckAccessCore method of the ServiceAuthorizationManager class. For a complete example, see the Authorization Policy Sample.
Cookie Mode and IsAuthenticated
Note that under some circumstances, the IsAuthenticated property of the IIdentity interface will return true even if the remote client is authenticated as an anonymous user. (The PrimaryIdentity property returns an implementation of the IIdentity interface.) The following circumstances must be true for this to occur:
-
The service uses Windows authentication.
-
The service allows anonymous logons.
-
The binding is a customBinding Element.
-
The custom binding includes a <security> element.
-
The <security> element includes a secureConversationBootstrap element with the requireSecurityContextCancellation attribute set to false.
The following example uses the ServiceSecurityContext class to provide information about the current security context. The code creates an instance of the StreamWriter class to write the information to a file.
' When this method runs, the caller must be an authenticated user and the ServiceSecurityContext ' will not be a null instance. Public Function Add(ByVal n1 As Double, ByVal n2 As Double) As Double Implements ICalculator.Add ' Write data from the ServiceSecurityContext to a file using the StreamWriter class. Dim sw As New StreamWriter("c:\ServiceSecurityContextInfo.txt") Try ' Write the primary identity and Windows identity. The primary identity is derived from the ' the credentials used to authenticate the user. The Windows identity may be a null string. sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name) sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name) ' Write the claimsets in the authorization context. By default, there is only one claimset ' provided by the system. Dim claimset As ClaimSet For Each claimset In ServiceSecurityContext.Current.AuthorizationContext.ClaimSets Dim claim As Claim For Each claim In claimset ' Write out each claim type, claim value, and the right. There are two ' possible values for the right: "identity" and "possessproperty". sw.WriteLine("Claim Type: {0}, Resource: {1} Right: {2}", _ claim.ClaimType, _ claim.Resource.ToString(), _ claim.Right) sw.WriteLine() Next claim Next claimset Finally sw.Dispose() End Try Return n1 + n2 End Function
The following example shows an implementation of the CheckAccessCore method that uses the ServiceSecurityContext to parse a set of claims.
Public Class MyServiceAuthorizationManager Inherits ServiceAuthorizationManager Protected Overrides Function CheckAccessCore(ByVal operationContext As OperationContext) As Boolean ' Extract the action URI from the OperationContext. Match this against the claims ' in the AuthorizationContext. Dim action As String = operationContext.RequestContext.RequestMessage.Headers.Action Console.WriteLine("action: {0}", action) ' Iterate through the various claimsets in the authorizationcontext Dim cs As ClaimSet For Each cs In operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets ' Examine only those claim sets issued by System. If cs.Issuer Is ClaimSet.System Then ' Iterate through claims of type "http://example.org/claims/allowedoperation". Dim c As Claim For Each c In cs.FindClaims("http://example.org/claims/allowedoperation", _ Rights.PossessProperty) ' Write the Claim resource to the console. Console.WriteLine("resource: {0}", c.Resource.ToString()) ' If the Claim resource matches the action URI then return true to allow access. If action = c.Resource.ToString() Then Return True End If Next c End If Next cs ' If we get here, return false, denying access. Return False End Function End Class
Windows 98, Windows Server 2000 SP4, Windows CE, Windows Millennium Edition, Windows Mobile for Pocket PC, Windows Mobile for Smartphone, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.