共用方式為


IAuthorizationPolicy 介面

定義

定義一組授權使用者的規則,指定宣告集。

public interface class IAuthorizationPolicy
public interface class IAuthorizationPolicy : System::IdentityModel::Policy::IAuthorizationComponent
public interface IAuthorizationPolicy
public interface IAuthorizationPolicy : System.IdentityModel.Policy.IAuthorizationComponent
type IAuthorizationPolicy = interface
type IAuthorizationPolicy = interface
    interface IAuthorizationComponent
Public Interface IAuthorizationPolicy
Public Interface IAuthorizationPolicy
Implements IAuthorizationComponent
實作

範例

public class MyAuthorizationPolicy : IAuthorizationPolicy
{
    string id;

    public MyAuthorizationPolicy()
    {
        id =  Guid.NewGuid().ToString();
    }

    public bool Evaluate(EvaluationContext evaluationContext, ref object state)
    {
        bool bRet = false;
        CustomAuthState customstate = null;

        // If state is null, then this method has not been called before, so
        // set up a custom state.
        if (state == null)
        {
            customstate = new CustomAuthState();
            state = customstate;
        }
        else
        {
            customstate = (CustomAuthState)state;
        }

        Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate");

        // If claims have not been added yet...
        if (!customstate.ClaimsAdded)
        {
            // Create an empty list of Claims.
            IList<Claim> claims = new List<Claim>();

            // Iterate through each of the claim sets in the evaluation context.
            foreach (ClaimSet cs in evaluationContext.ClaimSets)
                // Look for Name claims in the current claim set.
                foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
                    // Get the list of operations the given username is allowed to call.
                    foreach (string s in GetAllowedOpList(c.Resource.ToString()))
                    {
                        // Add claims to the list.
                        claims.Add(new Claim("http://example.org/claims/allowedoperation", s, Rights.PossessProperty));
                        Console.WriteLine("Claim added {0}", s);
                    }

            // Add claims to the evaluation context.
            evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer,claims));

            // Record that claims have been added.
            customstate.ClaimsAdded = true;

            // Return true, which indicates this need not be called again.
            bRet = true;
        }
        else
        {
            // This point should not be reached, but just in case...
            bRet = true;
        }

        return bRet;
    }
    public ClaimSet Issuer
    {
        get { return ClaimSet.System; }
    }

    public string Id
    {
        get { return id; }
    }

    // This method returns a collection of action strings that indicate the
    // operations that the specified username is allowed to call.
    private IEnumerable<string> GetAllowedOpList(string username)
    {
        IList<string> ret = new List<string>();

        if (username == "test1")
        {
            ret.Add ( "http://Microsoft.ServiceModel.Samples/ICalculator/Add");
            ret.Add ("http://Microsoft.ServiceModel.Samples/ICalculator/Multiply");
            ret.Add("http://Microsoft.ServiceModel.Samples/ICalculator/Subtract");
        }
        else if (username == "test2")
        {
            ret.Add ( "http://Microsoft.ServiceModel.Samples/ICalculator/Add");
            ret.Add ("http://Microsoft.ServiceModel.Samples/ICalculator/Subtract");
        }
        return ret;
    }

    // internal class for state
    class CustomAuthState
    {
        bool bClaimsAdded;

        public CustomAuthState()
        {
            bClaimsAdded = false;
        }

        public bool ClaimsAdded { get { return bClaimsAdded; }
                                  set {  bClaimsAdded = value; } }
    }
}
Public Class MyAuthorizationPolicy
    Implements IAuthorizationPolicy
    Private value_id As String


    Public Sub New()
        value_id = Guid.NewGuid().ToString()

    End Sub 

    Public Function Evaluate(ByVal evaluationContext As EvaluationContext, _
         ByRef state As Object) As Boolean Implements IAuthorizationPolicy.Evaluate

        Dim bRet As Boolean = False
        Dim customstate As CustomAuthState = Nothing

        ' If state is null, then this method has not been called before, so 
        ' set up a custom state.
        If state Is Nothing Then
            customstate = New CustomAuthState()
            state = customstate
        Else
            customstate = CType(state, CustomAuthState)
        End If
        Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate")

        ' If the claims have not been added yet...
        If Not customstate.ClaimsAdded Then
            ' Create an empty list of Claims
            Dim claims As New List(Of Claim)

            ' Iterate through each of the claimsets in the evaluation context.
            Dim cs As ClaimSet
            For Each cs In evaluationContext.ClaimSets
                ' Look for Name claims in the current claim set.
                Dim c As Claim
                For Each c In cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty)
                    ' Get the list of operations the given username is allowed to call.
                    Dim s As String
                    For Each s In GetAllowedOpList(c.Resource.ToString())

                        ' Add claims to the list
                        claims.Add(New Claim("http://example.org/claims/allowedoperation", _
                                    s, Rights.PossessProperty))
                        Console.WriteLine("Claim added {0}", s)
                    Next s
                Next c
            Next cs 
            
            ' Add claims to the evaluation context.
            evaluationContext.AddClaimSet(Me, New DefaultClaimSet(Me.Issuer, claims))

            ' Record that claims have been added.
            customstate.ClaimsAdded = True

            ' Return true, which indicates the method need not to be called again.
            bRet = True
        Else
            ' Should never get here, but just in case...
            bRet = True
        End If


        Return bRet

    End Function 'Evaluate

    Public ReadOnly Property Issuer() As ClaimSet Implements IAuthorizationPolicy.Issuer

        Get
            Return ClaimSet.System
        End Get
    End Property

    Public ReadOnly Property Id() As String Implements IAuthorizationPolicy.Id

        Get
            Return value_id
        End Get
    End Property
    ' This method returns a collection of action strings that indicate the 
    ' operations that the specified username is allowed to call.
    Private Shared Function GetAllowedOpList(ByVal username As String) As IEnumerable(Of String)


        Dim ret As New List(Of String)

        If username = "test1" Then
            ret.Add("http://Microsoft.ServiceModel.Samples/ICalculator/Add")
            ret.Add("http://Microsoft.ServiceModel.Samples/ICalculator/Multiply")
            ret.Add("http://Microsoft.ServiceModel.Samples/ICalculator/Subtract")
        ElseIf username = "test2" Then
            ret.Add("http://Microsoft.ServiceModel.Samples/ICalculator/Add")
            ret.Add("http://Microsoft.ServiceModel.Samples/ICalculator/Subtract")
        End If
        Return ret

    End Function 

    ' This is an internal class for state.
    Class CustomAuthState
        Private bClaimsAdded As Boolean


        Public Sub New()

        End Sub 


        Public Property ClaimsAdded() As Boolean
            Get
                Return bClaimsAdded
            End Get
            Set(ByVal value As Boolean)
                bClaimsAdded = value
            End Set
        End Property
    End Class 
End Class

備註

實作 IAuthorizationPolicy 介面,將一組宣告集新增或對應至其他集合。 授權原則會檢查宣告集並根據目前的集合新增額外的宣告。 例如,授權原則可能評估含有生日的宣告,及新增判斷提示使用者超過 21 歲的宣告並新增 Over21 宣告至 EvaluationContext

實作 IAuthorizationPolicy 介面的類別不會授權使用者,不過這些類別會讓 ServiceAuthorizationManager 類別來授權使用者。 ServiceAuthorizationManager 會對每個作用中的授權原則呼叫 Evaluate 方法。 Evaluate 方法會根據目前內容,決定是否要為使用者新增額外宣告。 授權原則的 Evaluate 方法可能會呼叫多次,如同由其他授權原則新增至 EvaluationContext 的宣告。 當所有作用中的授權原則完成後,ServiceAuthorizationManager 類別會根據最後的宣告集來授權決策。 ServiceAuthorizationManager 類別會建立 AuthorizationContext,其中包含反映這些授權決策的不可變宣告集。

屬性

Id

取得識別此授權元件的字串。

(繼承來源 IAuthorizationComponent)
Issuer

取得表示授權原則之發行者的宣告集。

方法

Evaluate(EvaluationContext, Object)

評估使用者是否符合此授權原則的要求。

適用於

另請參閱