ClaimsAuthorizationManager Class

[Starting with the .NET Framework 4.5, Windows Identity Foundation (WIF) has been fully integrated into the .NET Framework. The version of WIF addressed by this topic, WIF 3.5, is deprecated and should only be used when developing against the .NET Framework 3.5 SP1 or the .NET Framework 4. For more information about WIF in the .NET Framework 4.5, also known as WIF 4.5, see the Windows Identity Foundation documentation in the .NET Framework 4.5 Development Guide.]

Defines the base implementation for a claims authorization manager.

Namespace: Microsoft.IdentityModel.Claims
Assembly: Microsoft.IdentityModel (in Microsoft.IdentityModel.dll)


Dim instance As ClaimsAuthorizationManager


Public Class ClaimsAuthorizationManager
public class ClaimsAuthorizationManager
public ref class ClaimsAuthorizationManager
public class ClaimsAuthorizationManager
public class ClaimsAuthorizationManager


The claims authorization manager provides an extensibility point from which you can authorize access to a resource based on the claims presented in a token, before your RP application is called. The default implementation provided by the ClaimsAuthorizationManager class authorizes access for each claim presented; however, you can derive from this class and override the CheckAccess method to provide your own authorization logic.

The use of a claims authorization manager is optional. You can configure your application to use a claims authorization manager either programmatically by using the ServiceConfiguration class or in configuration with the <claimsAuthorizationManager> element (which is a subelement of the <applicationService> element). Configuring your application to use a claims authorization manager ensures that it will be invoked by Windows® Identity Foundation (WIF) from the request pipeline to authorize the claims presented by a principal. If your application is configured with a claims authorization manager, you can also invoke it programmatically or declaratively to protect access to sections of code by using the ClaimsPrincipalPermission or the ClaimsPrincipalPermissionAttribute class.

For more information about using a claims authorization manager, see ClaimsAuthenticationManager, ClaimsAuthorizationManager, and OriginalIssuer.

You can also consult the SDK samples for examples of the use of custom authorization managers. The Claims Based Authorization SDK sample in the <Installation Directory>\Windows Identity Foundation SDK\<Version>\Samples\Extensibility directory shows how to invoke the claims authorization manager to authorize access for protected sections of code and also shows how to implement reading policy from configuration for a claims authorization manager. Some of the samples in the <Installation Directory>\Windows Identity Foundation SDK\<Version>\Samples\End-to-end directory show how to use a custom authorization manager in a WIF application.

Inheritance Hierarchy


Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.


Target Platforms

Windows 7, Windows Server 2008 R2, Windows Vista SP2, Windows Server 2008 SP2, Windows Server 2003 SP2 (32-bit or 64-bit)

See Also


ClaimsAuthorizationManager Members
Microsoft.IdentityModel.Claims Namespace

Other Resources

Building Relying Party Applications
ClaimsAuthenticationManager, ClaimsAuthorizationManager, and OriginalIssuer

Copyright © 2008 by Microsoft Corporation. All rights reserved.