Claim 类
定义
表示与某个实体关联的声明。Represents a claim that is associated with an entity.
public ref class Claim
[System.Runtime.Serialization.DataContract(Namespace="http://schemas.xmlsoap.org/ws/2005/05/identity")]
public class Claim
[<System.Runtime.Serialization.DataContract(Namespace="http://schemas.xmlsoap.org/ws/2005/05/identity")>]
type Claim = class
Public Class Claim
- 继承
-
Claim
- 属性
示例
// Run this method from within a method protected by the PrincipalPermissionAttribute
// to see the security context data, including the primary identity.
public void WriteServiceSecurityContextData(string fileName)
{
using (StreamWriter sw = new StreamWriter(fileName))
{
// Write the primary identity and Windows identity. The primary identity is derived from the
// the credentials used to authenticate the user. The Windows identity may be a null string.
sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);
sw.WriteLine();
// Write the claimsets in the authorization context. By default, there is only one claimset
// provided by the system.
foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
{
foreach (Claim claim in claimset)
{
// Write out each claim type, claim value, and the right. There are two
// possible values for the right: "identity" and "possessproperty".
sw.WriteLine("Claim Type = {0}", claim.ClaimType);
sw.WriteLine("\t Resource = {0}", claim.Resource.ToString());
sw.WriteLine("\t Right = {0}", claim.Right);
}
}
}
}
' Run this method from within a method protected by the PrincipalPermissionAttribute
' to see the security context data, including the primary identity.
Public Sub WriteServiceSecurityContextData(ByVal fileName As String)
Dim sw As New StreamWriter(fileName)
Try
' Write the primary identity and Windows identity. The primary identity is derived from the
' the credentials used to authenticate the user. The Windows identity may be a null string.
sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name)
sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name)
sw.WriteLine()
' Write the claimsets in the authorization context. By default, there is only one claimset
' provided by the system.
Dim claimset As ClaimSet
For Each claimset In ServiceSecurityContext.Current.AuthorizationContext.ClaimSets
Dim claim As Claim
For Each claim In claimset
' Write out each claim type, claim value, and the right. There are two
' possible values for the right: "identity" and "possessproperty".
sw.WriteLine("Claim Type = {0}", claim.ClaimType)
sw.WriteLine(vbTab + " Resource = {0}", claim.Resource.ToString())
sw.WriteLine(vbTab + " Right = {0}", claim.Right)
Next claim
Next claimset
Finally
sw.Dispose()
End Try
End Sub
注解
标识模型是一个基于声明的授权系统。The Identity Model is a claims-based authorization system. 声明描述与系统中某个实体关联的功能,该实体通常为该系统中的某个用户。Claims describe the capabilities associated with some entity in the system, often a user of that system. 与给定实体关联的声明集可视为密钥。The set of claims associated with a given entity can be thought of as a key. 特定声明定义了该密钥的构成形式,这与现实中用于打开门锁的钥匙非常相似。The particular claims define the shape of that key; much like a physical key is used to open a lock in a door. 这样,便可使用声明来获取访问资源的权限。In this way, claims are used to gain access to resources. 通过对访问给定的受保护资源所需的声明和与试图进行访问的实体关联的声明进行比较,便可确定该资源的访问权限。Access to a given protected resource is determined by comparing the claims required to access that resource with the claims associated with the entity that attempts access.
声明是针对特定值的权限表达式。A claim is the expression of a right with respect to a particular value. 权限可以是读取、写入或拥有。A right could be read, write, or possess. 值可以是数据库、文件、邮箱或属性。A value could be a database, a file, a mailbox, or a property. 声明还具有声明类型。Claims also have a claim type. 声明类型和权限的组合提供了用于针对该值指定的功能的机制。The combination of claim type and right provides the mechanism for capabilities being specified with respect to the value. 例如,如果类型为的声明的值为,则 file read biography.doc 指示具有此声明的实体具有对文件 biography.doc 的读取访问权限。具有值右侧的类型名称的声明 PossessProperty Martin 指示具有声明的实体拥有 Name 具有值的属性 Martin 。For example, a claim of type file with the right read over the value biography.doc indicates that the entity with such a claim has read access to the file biography.doc. A claim of type name with the right PossessProperty over the value Martin indicates that the entity with the claim possesses a Name property with the value Martin.
尽管将各种不同的声明类型和权限定义为标识模型的一部分,但仍可以对系统进行扩展。Although various claim types and rights are defined as part of Identity Model, the system is extensible. 在标识模型基础结构上面构建的各种系统可以根据需要定义声明类型和权限。The various systems building on top of the Identity Model infrastructure can define claim types and rights as required.
构造函数
| Claim(String, Object, String) |
使用指定的类型、资源和权限初始化 Claim 类的新实例。Initializes a new instance of the Claim class with the specified type, resource, and right. |
属性
| ClaimType |
获取声明的类型。Gets the type of the claim. |
| DefaultComparer |
获取一个对象,它可以比较两个 Claim 对象是否相等。Gets an object that can compare two Claim objects for equality. |
| Resource |
获取与此 Claim 对象关联的资源。Gets the resource with which this Claim object is associated. |
| Right |
指定与此 Claim 对象关联的权限的统一资源标识符 (URI) 的字符串表示形式。A string representation of a uniform resource identifier (URI) that specifies the right associated with this Claim object. 预定义权限是以 Rights 类的静态属性的形式提供的。Pre-defined rights are available as static properties of the Rights class. |
| System |
表示系统实体的预定义声明。A pre-defined claim that represents the system entity. |
方法
| CreateDenyOnlyWindowsSidClaim(SecurityIdentifier) |
创建一个表示指定的 deny-only 安全标识符 (SID) 的 Claim 对象。Creates a Claim object that represents a deny-only specified security identifier (SID). |
| CreateDnsClaim(String) |
创建一个表示指定域名系统 (DNS) 名称的 Claim 对象。Creates a Claim object that represents the specified Domain Name System (DNS) name. |
| CreateHashClaim(Byte[]) |
创建一个表示指定哈希值的 Claim 对象。Creates a Claim object that represents the specified hash value. |
| CreateMailAddressClaim(MailAddress) |
创建一个表示指定电子邮件地址的 Claim 对象。Creates a Claim object that represents the specified email address. |
| CreateNameClaim(String) |
创建一个表示指定名称的 Claim 对象。Creates a Claim object that represents the specified name. |
| CreateRsaClaim(RSA) |
创建一个表示指定 RSA 密钥的 Claim 对象。Creates a Claim object that represents the specified RSA key. |
| CreateSpnClaim(String) |
创建一个表示指定服务主要名称 (SPN) 的 Claim 对象。Creates a Claim object that represents the specified Service Principal Name (SPN). |
| CreateThumbprintClaim(Byte[]) |
创建一个表示指定指纹的 Claim 对象。Creates a Claim object that represents the specified thumbprint. |
| CreateUpnClaim(String) |
创建一个表示指定通用主要名称 (UPN) 的 Claim 对象。Creates a Claim object that represents the specified Universal Principal Name (UPN). |
| CreateUriClaim(Uri) |
创建一个表示指定统一资源定位符 (URL) 的 Claim 对象。Creates a Claim object that represents the specified Uniform Resource Locator (URL). |
| CreateWindowsSidClaim(SecurityIdentifier) |
创建一个表示指定安全标识符 (SID) 的 Claim 对象。Creates a Claim object that represents the specified security identifier (SID). |
| CreateX500DistinguishedNameClaim(X500DistinguishedName) |
创建一个表示指定 X.500 可分辨名称的 Claim 对象。Creates a Claim object that represents the specified X.500 distinguished name. |
| Equals(Object) |
确定指定对象是否表示与当前 Claim 对象相同的声明。Determines whether the specified object represents the same claim as the current Claim object. |
| GetHashCode() |
返回当前声明的哈希代码。Returns a hash code for the current claim. |
| GetType() |
获取当前实例的 Type。Gets the Type of the current instance. (继承自 Object) |
| MemberwiseClone() |
创建当前 Object 的浅表副本。Creates a shallow copy of the current Object. (继承自 Object) |
| ToString() |
返回此 Claim 对象的字符串表示形式。Returns a string representation of this Claim object. |