ServiceSecurityContext Clase

Definición

Representa el contexto de seguridad de una parte remota.Represents the security context of a remote party. En el lado del cliente, representa la identidad del servicio y, en el del servicio, la identidad del cliente.On the client, represents the service identity and, on the service, represents the client identity.

public ref class ServiceSecurityContext
public class ServiceSecurityContext
type ServiceSecurityContext = class
Public Class ServiceSecurityContext
Herencia
ServiceSecurityContext

Ejemplos

El ejemplo siguiente utiliza la clase ServiceSecurityContext para proporcionar información sobre el contexto de seguridad actual.The following example uses the ServiceSecurityContext class to provide information about the current security context. El código crea una instancia de la clase StreamWriter para escribir la información en un archivo.The code creates an instance of the StreamWriter class to write the information to a file.

// When this method runs, the caller must be an authenticated user
// and the ServiceSecurityContext is not a null instance.
public double Add(double n1, double n2)
{
    // Write data from the ServiceSecurityContext to a file using the StreamWriter class.
    using (StreamWriter sw = new StreamWriter(@"c:\ServiceSecurityContextInfo.txt"))
    {
        // Write the primary identity and Windows identity. The primary identity is derived from
        // the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);

        // Write the claimsets in the authorization context. By default, there is only one claimset
        // provided by the system.
        foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
        {
            foreach (Claim claim in claimset)
            {
                // Write out each claim type, claim value, and the right. There are two
                // possible values for the right: "identity" and "possessproperty".
                sw.WriteLine("Claim Type: {0}, Resource: {1} Right: {2}",
                    claim.ClaimType,
                    claim.Resource.ToString(),
                    claim.Right);
                sw.WriteLine();
            }
        }
    }
    return n1 + n2;
}
' When this method runs, the caller must be an authenticated user and the ServiceSecurityContext 
' is not a null instance. 
Public Function Add(ByVal n1 As Double, ByVal n2 As Double) As Double Implements ICalculator.Add
    ' Write data from the ServiceSecurityContext to a file using the StreamWriter class.
    Dim sw As New StreamWriter("c:\ServiceSecurityContextInfo.txt")
    Try
        ' Write the primary identity and Windows identity. The primary identity is derived from 
        ' the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name)
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name)

        ' Write the claimsets in the authorization context. By default, there is only one claimset
        ' provided by the system. 
        Dim claimset As ClaimSet
        For Each claimset In ServiceSecurityContext.Current.AuthorizationContext.ClaimSets
            Dim claim As Claim
            For Each claim In claimset
                ' Write out each claim type, claim value, and the right. There are two
                ' possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type: {0}, Resource: {1} Right: {2}", _
                claim.ClaimType, _
                claim.Resource.ToString(), _
                claim.Right)
                sw.WriteLine()
            Next claim
        Next claimset
    Finally
        sw.Dispose()
    End Try
    Return n1 + n2
End Function

El ejemplo siguiente muestra una implementación del método CheckAccessCore que utiliza ServiceSecurityContext para analizar un conjunto de notificaciones.The following example shows an implementation of the CheckAccessCore method that uses the ServiceSecurityContext to parse a set of claims.

public class MyServiceAuthorizationManager : ServiceAuthorizationManager
{
    protected override bool CheckAccessCore(OperationContext operationContext)
    {
        // Extract the action URI from the OperationContext. Match this against the claims
        // in the AuthorizationContext.
        string action = operationContext.RequestContext.RequestMessage.Headers.Action;
        Console.WriteLine("action: {0}", action);

        // Iterate through the various claimsets in the AuthorizationContext.
        foreach(ClaimSet cs in operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets)
        {
            // Examine only those claim sets issued by System.
            if (cs.Issuer == ClaimSet.System)
            {
                // Iterate through claims of type "http://example.org/claims/allowedoperation".
                foreach (Claim c in cs.FindClaims("http://example.org/claims/allowedoperation",
                    Rights.PossessProperty))
                {
                    // Write the Claim resource to the console.
                    Console.WriteLine("resource: {0}", c.Resource.ToString());

                    // If the Claim resource matches the action URI then return true to allow access.
                    if (action == c.Resource.ToString())
                        return true;
                }
            }
        }

        // If this point is reached, return false to deny access.
         return false;
    }
}
Public Class MyServiceAuthorizationManager
    Inherits ServiceAuthorizationManager
    
    Protected Overrides Function CheckAccessCore(ByVal operationContext As OperationContext) As Boolean 
        ' Extract the action URI from the OperationContext. Match this against the claims
        ' in the AuthorizationContext.
        Dim action As String = operationContext.RequestContext.RequestMessage.Headers.Action
        Console.WriteLine("action: {0}", action)
        
        ' Iterate through the various claimsets in the authorizationcontext.
        Dim cs As ClaimSet
        For Each cs In  operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets
            ' Examine only those claim sets issued by System.
            If cs.Issuer Is ClaimSet.System Then
                ' Iterate through claims of type "http://example.org/claims/allowedoperation".
                Dim c As Claim
                For Each c In  cs.FindClaims("http://example.org/claims/allowedoperation", _
                        Rights.PossessProperty)
                    ' Write the Claim resource to the console.
                    Console.WriteLine("resource: {0}", c.Resource.ToString())
                    
                    ' If the Claim resource matches the action URI then return true to allow access.
                    If action = c.Resource.ToString() Then
                        Return True
                    End If
                Next c
            End If
        Next cs 
        ' If we get here, return false, denying access.
        Return False
    
    End Function 
End Class 

Comentarios

Los datos forman parte de SecurityMessageProperty para un mensaje.The data is part of the SecurityMessageProperty for a message.

Utilice esta clase para obtener información sobre un contexto de seguridad remoto en tiempo de ejecución.Use this class to obtain information about a remote security context at runtime. Se crea un contexto de seguridad cuando se autentica y autoriza un cliente correctamente para tener acceso a un método.A security context is created when a client is successfully authenticated and authorized to access a method. Cuando un mensaje se autentica y autoriza correctamente, la información de seguridad del cliente y para la instancia del servicio actual se puede obtener de una instancia de esta clase.When a message is successfully authenticated and authorized, the security information from the client and for the current service instance can be obtained from an instance of this class.

Puede recuperar una instancia de ServiceSecurityContext de la propiedad Current de la clase OperationContext o utilizarla desde un método de operación de servicio, como se muestra en el siguiente ejemplo.You can retrieve an instance of the ServiceSecurityContext from the Current property of the OperationContext class, or use it from within a service operation method, as shown in the following example.

Análisis de un ClaimSetParsing a ClaimSet

Un uso común de la clase consiste en recuperar el conjunto actual de notificaciones con el propósito de identificar o autorizar a un cliente cuando acceda a un método.A common use of the class is to retrieve the current set of claims for the purpose of identifying or authorizing a client when accessing a method. La clase ClaimSet contiene una colección de objetos Claim y cada uno se puede analizar para determinar si está presente una notificación concreta.The ClaimSet class contains a collection of Claim objects, and each can be parsed to determine whether a specific claim is present. Si se proporciona la notificación especificada, se puede otorgar la autorización.If the specified claim is provided, authorization can be granted. Esta funcionalidad se ofrece mediante la sustitución del método CheckAccessCore de la clase ServiceAuthorizationManager.This functionality is provided by overriding the CheckAccessCore method of the ServiceAuthorizationManager class. Para obtener un ejemplo completo, vea la Directiva de autorización.For a complete example, see the Authorization Policy.

Observe que en algunas circunstancias, la propiedad IsAuthenticated de la interfaz IIdentity devuelve true aun cuando el cliente remoto se autentique como un usuario anónimo.Note that under some circumstances, the IsAuthenticated property of the IIdentity interface returns true even if the remote client is authenticated as an anonymous user. (La PrimaryIdentity propiedad devuelve una implementación de la IIdentity interfaz). Para que esto suceda, deben cumplirse las siguientes condiciones:(The PrimaryIdentity property returns an implementation of the IIdentity interface.) The following circumstances must be true for this to occur:

  • El servicio utiliza la autenticación de Windows.The service uses Windows authentication.

  • El servicio permite inicios de sesión anónimos.The service allows anonymous logons.

  • El enlace es un < customBinding > .The binding is a <customBinding>.

  • El enlace personalizado incluye un elemento <security>.The custom binding includes a <security> element.

  • El <security> elemento incluye un < secureConversationBootstrap > con el requireSecurityContextCancellation atributo establecido en false .The <security> element includes a <secureConversationBootstrap> with the requireSecurityContextCancellation attribute set to false.

Constructores

ServiceSecurityContext(AuthorizationContext)

Inicializa una nueva instancia de la clase ServiceSecurityContext con los parámetros de autorización especificados.Initializes a new instance of the ServiceSecurityContext class with the specified authorization parameters.

ServiceSecurityContext(AuthorizationContext, ReadOnlyCollection<IAuthorizationPolicy>)

Inicializa una nueva instancia de la clase ServiceSecurityContext con los parámetros de autorización y la colección de directivas especificados.Initializes a new instance of the ServiceSecurityContext class with the specified authorization parameters and collection of policies.

ServiceSecurityContext(ReadOnlyCollection<IAuthorizationPolicy>)

Inicializa una nueva instancia de la clase ServiceSecurityContext con la colección de objetos de directivas.Initializes a new instance of the ServiceSecurityContext class with the collection of policies object.

Propiedades

Anonymous

Devuelve una instancia de la clase ServiceSecurityContext que contiene una colección vacía de notificaciones, identidades y otros datos de contexto que normalmente se utiliza para representar una parte anónima.Returns an instance of the ServiceSecurityContext class that contains an empty collection of claims, identities, and other context data that is usually used to represent an anonymous party.

AuthorizationContext

Obtiene la información de autorización para una instancia de esta clase.Gets the authorization information for an instance of this class. AuthorizationContext contiene una colección de ClaimSet que la aplicación puede interrogar y recuperar la información de la parte.The AuthorizationContext contains a collection of ClaimSet that the application can interrogate and retrieve the information of the party.

AuthorizationPolicies

Obtiene la colección de directivas asociada a una instancia de esta clase.Gets the collection of policies associated with an instance of this class.

Current

Obtiene la estructura ServiceSecurityContext actual.Gets the current ServiceSecurityContext.

IsAnonymous

Obtiene un valor que indica si el cliente actual ha proporcionado las credenciales al servicio.Gets a value that indicates whether the current client has provided credentials to the service.

PrimaryIdentity

Obtiene la identidad primaria asociada con el valor actual.Gets the primary identity associated with the current setting.

WindowsIdentity

Obtiene la identidad de Windows del valor actual.Gets the Windows identity of the current setting.

Métodos

Equals(Object)

Determina si el objeto especificado es igual que el objeto actual.Determines whether the specified object is equal to the current object.

(Heredado de Object)
GetHashCode()

Sirve como la función hash predeterminada.Serves as the default hash function.

(Heredado de Object)
GetType()

Obtiene el Type de la instancia actual.Gets the Type of the current instance.

(Heredado de Object)
MemberwiseClone()

Crea una copia superficial del Object actual.Creates a shallow copy of the current Object.

(Heredado de Object)
ToString()

Devuelve una cadena que representa el objeto actual.Returns a string that represents the current object.

(Heredado de Object)

Se aplica a

Consulte también