AuthorizationContext Class

  • Article

[WCF RIA Services Version 1 Service Pack 2 is compatible with either .NET framework 4 or .NET Framework 4.5, and with either Silverlight 4 or Silverlight 5.]

Describes the context in which an authorization is being performed.

Inheritance Hierarchy

System.Object
  System.ComponentModel.DataAnnotations.AuthorizationContext

Namespace:  System.ComponentModel.DataAnnotations
Assembly:  System.ServiceModel.DomainServices.Server (in System.ServiceModel.DomainServices.Server.dll)

Syntax

'Declaration
Public NotInheritable Class AuthorizationContext _
    Implements IServiceProvider, IDisposable

'Usage
Dim instance As AuthorizationContext

public sealed class AuthorizationContext : IServiceProvider, 
    IDisposable

public ref class AuthorizationContext sealed : IServiceProvider, 
    IDisposable

[<SealedAttribute>]
type AuthorizationContext =  
    class
        interface IServiceProvider
        interface IDisposable
    end

public final class AuthorizationContext implements IServiceProvider, IDisposable

The AuthorizationContext type exposes the following members.

Constructors

  Name Description
Public method AuthorizationContext(IServiceProvider) Initializes a new instance of the AuthorizationContext class as a template.
Public method AuthorizationContext(Object, String, String, AuthorizationContext) Initializes a new instance of the AuthorizationContext class with the specified instance, operation, operation type and authorization context.
Public method AuthorizationContext(Object, String, String, IServiceProvider, IDictionary<Object, Object>) Initializes a new instance of the AuthorizationContext class with the specified instance, operation, operation type, service provider, and items.

Top

Properties

  Name Description
Public property Instance Gets the object instance being authorized.
Public property Items Gets the dictionary of key/value pairs associated with this context.
Public property Operation Gets the name of the operation being authorized.
Public property OperationType Gets a string value that describes the type of operation being authorized.
Public property ServiceContainer Gets an IServiceContainer that can be used for adding, removing, and getting services used for authorization.

Top

Methods

  Name Description
Public method Dispose Releases all resources used by the current instance of the AuthorizationContext class.
Public method Equals (Inherited from Object.)
Protected method Finalize (Inherited from Object.)
Public method GetHashCode (Inherited from Object.)
Public method GetService Returns a service of the specified service type.
Public method GetType (Inherited from Object.)
Protected method MemberwiseClone (Inherited from Object.)
Public method ToString (Inherited from Object.)

Top

Remarks

This class contains information describing the instance and the operation being authorized. It implements IDisposable and must be properly disposed after use. It supports IServiceProvider so that custom validation code can acquire additional services to help it perform its validation.

An Items property bag is available for additional contextual information about the authorization. Values stored in Items will be available to authorization methods that use this AuthorizationContext.

This class also provides an IServiceContainer implementation to allow developers to add services to the context at run time. This container is available by calling the GetService method and providing the type of IServiceContainer or by using the ServiceContainer property.

The type of the object in the Instance property is the type of the entity involved in the operation. For query operations, the Instance property is nulla null reference (Nothing in Visual Basic).

Examples

The following example shows an implementation of the AuthorizationAttribute that uses an AuthorizationContext value to customize authentication.

Public Class CheckAttendeeNameAttribute
    Inherits System.Web.DomainServices.AuthorizationAttribute


    Public Overrides Function Authorize(ByVal principal As System.Security.Principal.IPrincipal) As Boolean
        If (principal.IsInRole("Attendee") And principal.Identity.Name.StartsWith("A")) Then
            Return True
        Else
            Return False
        End If
    End Function
End Class

Public Class RestrictAccessToAssignedManagers
    Inherits AuthorizationAttribute

    Protected Overrides Function IsAuthorized(ByVal principal As System.Security.Principal.IPrincipal, ByVal authorizationContext As System.ComponentModel.DataAnnotations.AuthorizationContext) As System.ComponentModel.DataAnnotations.AuthorizationResult
        Dim eph As EmployeePayHistory
        Dim selectedEmployee As Employee
        Dim authenticatedUser As Employee

        eph = CType(authorizationContext.Instance, EmployeePayHistory)

        Using context As New AdventureWorksEntities()
            selectedEmployee = context.Employees.SingleOrDefault(Function(e) e.EmployeeID = eph.EmployeeID)
            authenticatedUser = context.Employees.SingleOrDefault(Function(e) e.LoginID = principal.Identity.Name)
        End Using

        If (selectedEmployee.ManagerID = authenticatedUser.EmployeeID) Then
            Return AuthorizationResult.Allowed
        Else
            Return New AuthorizationResult("Only the authenticated manager for the employee can add a new record.")
        End If
    End Function
End Class

public class CheckAttendeeNameAttribute : System.Web.DomainServices.AuthorizationAttribute
{

    public override bool Authorize(System.Security.Principal.IPrincipal principal)
    {
        if (principal.IsInRole("Attendee") && principal.Identity.Name.StartsWith("A"))
        {
            return true;
        }
        else
        {
            return false;
        }
    }
}

public class RestrictAccessToAssignedManagers : AuthorizationAttribute
{
    protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext)
    {
        EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance;
        Employee selectedEmployee;
        Employee authenticatedUser;

        using (AdventureWorksEntities context = new AdventureWorksEntities())
        {
            selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID);
            authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name);
        }

        if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID)
        {
            return AuthorizationResult.Allowed;
        }
        else
        {
            return new AuthorizationResult("Only the authenticated manager for the employee can add a new record.");
        }
    }
}

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

See Also

Reference

System.ComponentModel.DataAnnotations Namespace