ClaimsPrincipalPermissionAttribute 类


表示安全属性,其用于声明性分配访问检查,依据是当前应用程序上下文中的 ClaimsAuthorizationManager 实例提供的逻辑。Represents a security attribute used to declaratively assign access checks based on the logic provided by the ClaimsAuthorizationManager instance in the current application context. 此类不能被继承。This class cannot be inherited.

public ref class ClaimsPrincipalPermissionAttribute sealed : System::Security::Permissions::CodeAccessSecurityAttribute
[System.AttributeUsage(System.AttributeTargets.Class | System.AttributeTargets.Method | System.AttributeTargets.Property, AllowMultiple=true)]
public sealed class ClaimsPrincipalPermissionAttribute : System.Security.Permissions.CodeAccessSecurityAttribute
[<System.AttributeUsage(System.AttributeTargets.Class | System.AttributeTargets.Method | System.AttributeTargets.Property, AllowMultiple=true)>]
type ClaimsPrincipalPermissionAttribute = class
    inherit CodeAccessSecurityAttribute
Public NotInheritable Class ClaimsPrincipalPermissionAttribute
Inherits CodeAccessSecurityAttribute


下面的示例演示如何通过使用特性修饰方法来保护方法 ClaimsPrincipalPermissionAttributeThe following example shows how to protect a method by decorating it with the ClaimsPrincipalPermissionAttribute attribute. 特性通过利用 ClaimsAuthorizationManager 应用程序上下文中的实例提供的逻辑来评估是否应向当前主体授予访问权限。The attribute will evaluate whether access should be granted to the current principal by leveraging the logic provided by the ClaimsAuthorizationManager instance in the application context. 如果未对指定资源的指定操作授权当前主体,则 SecurityException 将引发; 否则,执行将继续。If the current principal is not authorized for the specified action on the specified resource, a SecurityException is thrown; otherwise, execution proceeds.

// Declarative access check using the permission class. The caller must satisfy both demands.
[ClaimsPrincipalPermission(SecurityAction.Demand, Resource = "resource", Operation = "action")]
[ClaimsPrincipalPermission(SecurityAction.Demand, Resource = "resource1", Operation = "action1")]
static void ProtectedMethod()

下面的 XML 演示将自定义声明授权管理器与类结合使用所需的最低配置 ClaimsPrincipalPermissionAttributeThe following XML shows the minimum configuration required to use a custom claims authorization manager with the ClaimsPrincipalPermissionAttribute class. 至少必须在 system.identityModel 元素中同时声明和 部分, <configSection> 然后在默认标识配置下的 < claimsAuthorizationManager > 元素中指定授权管理器。You must, at a minimum, declare both the system.identityModel and the sections in the <configSection> element and then specify your authorization manager in a <claimsAuthorizationManager> element under the default identity configuration. 这将确保从默认的联合身份验证配置引用授权管理器。This will ensure that your authorization manager is referenced from the default federation configuration. 或者,你可以指定在 identityConfigurationName < federationConfiguration > 元素的属性中指定了授权管理器的标识配置的名称。Alternatively, you can specify the name of the identity configuration under which your authorization manager is specified in the identityConfigurationName attribute of the <federationConfiguration> element.

<?xml version="1.0" encoding="utf-8" ?>  
    <!-- WIF configuration sections -->  
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>  
    <section name="" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>  

    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />  

      <claimsAuthorizationManager type ="MyClaimsAuthorizationManager.MyClaimsAuthorizationManager, MyClaimsAuthorizationManager"/>  



ClaimsPrincipalPermissionAttribute用于使用配置的以声明方式请求访问检查 ClaimsAuthorizationManagerThe ClaimsPrincipalPermissionAttribute is used to declaratively request an access check using the configured ClaimsAuthorizationManager.

你必须 SecurityAction 在声明中指定一个值、一个 Resource 和一个 Operation ClaimsPrincipalPermissionAttributeYou must specify one of the SecurityAction values, a Resource and an Operation in your ClaimsPrincipalPermissionAttribute declaration. ResourceOperation 属性指定必须为其提供当前主体 () 的资源和操作才能 Thread.CurrentPrincipal 继续执行。The Resource and Operation properties specify the resource and action for which the current principal (Thread.CurrentPrincipal) must be authorized for execution to proceed. 如果当前主体无权执行指定的操作 (操作) 指定的资源上,则 SecurityException 将引发。If the current principal is not authorized to perform the specified action (operation) on the specified resource, a SecurityException is thrown.


ClaimsPrincipalPermissionAttribute类使用配置的声明授权管理器,该管理器由在 IdentityConfiguration 属性下设置的进行 FederatedAuthentication.FederationConfigurationThe ClaimsPrincipalPermissionAttribute class uses the claims authorization manager configured by the IdentityConfiguration that is set under the FederatedAuthentication.FederationConfiguration property. 即使在不使用 WS-FEDERATION 的情况下,也是如此,例如,active (WCF) Web 应用程序和控制台应用程序。This is true in all cases, even in scenarios where WS-Federation is not used; for example, active (WCF) Web applications and Console applications. 可以在配置中或以编程方式指定声明授权管理器。You can specify the claims authorization manager either in configuration or programmatically. 若要在配置文件中指定声明授权管理器,请在 < identityConfiguration > 元素下设置 < > claimsAuthorizationManager元素,并确保此标识配置由运行时加载的 < federationConfiguration > 元素引用 (例如,通过将 identityConfigurationName 属性设置) 。To specify the claims authorization manager in a configuration file, set the <claimsAuthorizationManager> element under an <identityConfiguration> element and ensure that this identity configuration is referenced by the <federationConfiguration> element that is loaded by the runtime (for example, by setting the identityConfigurationName attribute). 若要以编程方式设置声明授权管理器,请为事件提供处理程序 FederatedAuthentication.FederationConfigurationCreatedTo set the claims authorization manager programmatically, provide a handler for the FederatedAuthentication.FederationConfigurationCreated event.



初始化 ClaimsPrincipalPermissionAttribute 类的新实例。Initializes a new instance of the ClaimsPrincipalPermissionAttribute class.



获取或设置安全性操作。Gets or sets a security action.

(继承自 SecurityAttribute)

获取或设置其中应对当前主体授予对指定资源的权限的操作。Gets or sets the operation for which the current principal should be authorized on the specified resource.


获取或设置其上应对主体授予权限以执行指定操作的资源。Gets or sets the resource on which the principal should be authorized to perform the specified action (operation).


在派生类中实现时,获取此 Attribute 的唯一标识符。When implemented in a derived class, gets a unique identifier for this Attribute.

(继承自 Attribute)

获取或设置一个值,该值指示是否声明了对受该特性保护的资源有完全(无限制的)权限。Gets or sets a value indicating whether full (unrestricted) permission to the resource protected by the attribute is declared.

(继承自 SecurityAttribute)



创建基于当前实例 ClaimsPrincipalPermission 类的新实例。Creates new instance of the ClaimsPrincipalPermission class that is based on the current instance.


返回一个值,该值指示此实例是否与指定的对象相等。Returns a value that indicates whether this instance is equal to a specified object.

(继承自 Attribute)

返回此实例的哈希代码。Returns the hash code for this instance.

(继承自 Attribute)

获取当前实例的 TypeGets the Type of the current instance.

(继承自 Object)

在派生类中重写时,指示此实例的值是否是派生类的默认值。When overridden in a derived class, indicates whether the value of this instance is the default value for the derived class.

(继承自 Attribute)

当在派生类中重写时,返回一个指示此实例是否等于指定对象的值。When overridden in a derived class, returns a value that indicates whether this instance equals a specified object.

(继承自 Attribute)

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(继承自 Object)

返回表示当前对象的字符串。Returns a string that represents the current object.

(继承自 Object)


_Attribute.GetIDsOfNames(Guid, IntPtr, UInt32, UInt32, IntPtr)

将一组名称映射为对应的一组调度标识符。Maps a set of names to a corresponding set of dispatch identifiers.

(继承自 Attribute)
_Attribute.GetTypeInfo(UInt32, UInt32, IntPtr)

检索对象的类型信息,然后可以使用该信息获取接口的类型信息。Retrieves the type information for an object, which can be used to get the type information for an interface.

(继承自 Attribute)

检索对象提供的类型信息接口的数量(0 或 1)。Retrieves the number of type information interfaces that an object provides (either 0 or 1).

(继承自 Attribute)
_Attribute.Invoke(UInt32, Guid, UInt32, Int16, IntPtr, IntPtr, IntPtr, IntPtr)

提供对某一对象公开的属性和方法的访问。Provides access to properties and methods exposed by an object.

(继承自 Attribute)