Este artigo foi traduzido por máquina. Para visualizar o arquivo em inglês, marque a caixa de seleção Inglês. Você também pode exibir o texto Em inglês em uma janela pop-up, movendo o ponteiro do mouse sobre o texto.
Tradução
Inglês

Classe ServiceAuthorizationManager

 

Fornece verificação de acesso de autorização para operações de serviço.

Namespace:   System.ServiceModel
Assembly:  System.ServiceModel (em System.ServiceModel.dll)

System.Object
  System.ServiceModel.ServiceAuthorizationManager

public class ServiceAuthorizationManager

NomeDescrição
System_CAPS_pubmethodServiceAuthorizationManager()

Inicializa uma nova instância da classe ServiceAuthorizationManager.

NomeDescrição
System_CAPS_pubmethodCheckAccess(OperationContext)

Verificações de autorização para o contexto de operação específica.

System_CAPS_pubmethodCheckAccess(OperationContext, Message)

Verifica a autorização para o contexto de operação específica quando é necessário ter acesso a uma mensagem.

System_CAPS_protmethodCheckAccessCore(OperationContext)

Verifica a autorização para um determinado contexto de operação com base na avaliação de política padrão.

System_CAPS_pubmethodEquals(Object)

Verifica se o objeto especificado é igual ao objeto atual. (Herdado de Object.)

System_CAPS_protmethodFinalize()

Permite que um objeto tente liberar recursos e executar outras operações de limpeza antes que ele seja recuperado pela coleta de lixo. (Herdado de Object.)

System_CAPS_protmethodGetAuthorizationPolicies(OperationContext)

Obtém o conjunto de diretivas que participam de avaliação da política.

System_CAPS_pubmethodGetHashCode()

Serve como a função de hash padrão.(Herdado de Object.)

System_CAPS_pubmethodGetType()

Obtém o Type da instância atual.(Herdado de Object.)

System_CAPS_protmethodMemberwiseClone()

Cria uma cópia superficial do Object atual.(Herdado de Object.)

System_CAPS_pubmethodToString()

Retorna uma string que representa o objeto atual.(Herdado de Object.)

This class is responsible for evaluating all policies (rules that define what a user is allowed to do), comparing the policies to claims made by a client, setting the resulting T:System.IdentityModel.Policy.AuthorizationContext to the T:System.ServiceModel.ServiceSecurityContext, and providing the authorization decision whether to allow or deny access for a given service operation for a caller.

The M:System.ServiceModel.ServiceAuthorizationManager.CheckAccessCore(System.ServiceModel.OperationContext) method is called by the indigo1 infrastructure each time an attempt to access a resource is made. The method returns true or false to allow or deny access, respectively.

The T:System.ServiceModel.ServiceAuthorizationManager is part of the indigo2Identity Model infrastructure. The Identity Model enables you to create custom authorization policies and custom authorization schemes. crabout how the Identity Model works, see Claims and Authorization.

This class does not perform any authorization and allows users to access all service operations. To provide more restrictive authorization, you must create a custom authorization manager that checks custom policies. To do this, inherit from this class and override the M:System.ServiceModel.ServiceAuthorizationManager.CheckAccessCore(System.ServiceModel.OperationContext) method. Specify the instance of the derived class through the P:System.ServiceModel.Dispatcher.DispatchRuntime.ServiceAuthorizationManager property.

In M:System.ServiceModel.ServiceAuthorizationManager.CheckAccessCore(System.ServiceModel.OperationContext), the application can use the T:System.ServiceModel.OperationContext object to access the caller identity (P:System.ServiceModel.OperationContext.ServiceSecurityContext).

By getting the P:System.ServiceModel.OperationContext.IncomingMessageHeaders property, which returns a T:System.ServiceModel.Channels.MessageHeaders object, the application can access the service (P:System.ServiceModel.Channels.MessageHeaders.To), and the operation (P:System.ServiceModel.Channels.MessageHeaders.Action).

By getting the P:System.ServiceModel.OperationContext.RequestContext property, which returns a T:System.ServiceModel.Channels.RequestContext object, the application can access the entire request message (P:System.ServiceModel.Channels.RequestContext.RequestMessage) and perform the authorization decision accordingly.

For an example, see How To: Create a Custom AuthorizationManager for a Service.

To create custom authorization policies, implement the T:System.IdentityModel.Policy.IAuthorizationPolicy class. For an example, see How To: Create a Custom Authorization Policy.

To create a custom claim, use the T:System.IdentityModel.Claims.Claim class. For an example, see How To: Create a Custom Claim. To compare custom claims, you must compare claims, as shown in How To: Compare Claims.

Para saber mais, vejaAutorização personalizada.

You can set the type of a custom authorization manager using the <serviceAuthorization> element in a client application configuration file.

The following example shows a class named MyServiceAuthorizationManager that inherits from the T:System.ServiceModel.ServiceAuthorizationManager and overrides the M:System.ServiceModel.ServiceAuthorizationManager.CheckAccessCore(System.ServiceModel.OperationContext) method.

 public class MyServiceAuthorizationManager : ServiceAuthorizationManager
 {
protected override bool CheckAccessCore(OperationContext operationContext)
{                
  // Extract the action URI from the OperationContext. Match this against the claims
  // in the AuthorizationContext.
  string action = operationContext.RequestContext.RequestMessage.Headers.Action;

  // Iterate through the various claim sets in the AuthorizationContext.
  foreach(ClaimSet cs in operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets)
  {
	// Examine only those claim sets issued by System.
	if (cs.Issuer == ClaimSet.System)
	{
	  // Iterate through claims of type "http://www.contoso.com/claims/allowedoperation".
           foreach (Claim c in cs.FindClaims("http://www.contoso.com/claims/allowedoperation", Rights.PossessProperty))
	  {
		// If the Claim resource matches the action URI then return true to allow access.
		if (action == c.Resource.ToString())
		  return true;
	  }
	}
  }

  // If this point is reached, return false to deny access.
  return false;                 
}
 }

.NET Framework
Disponível desde 3.0

Quaisquer membros estáticos públicos ( Compartilhado no Visual Basic) desse tipo são thread-safe. Não há garantia de que qualquer membro de instância seja thread-safe.

Retornar ao início
Mostrar: