Claim 类

定义

表示声明。Represents a claim.

public ref class Claim
[System.Serializable]
public class Claim
type Claim = class
Public Class Claim
继承
Claim
属性

示例

下面的示例提取与执行 HTTP 请求的经过身份验证的用户关联的声明,并将其写入 HTTP 响应。The following example extracts the claims associated to the authenticated user performing an HTTP request and writes them in the HTTP response. 将从 HttpContext 中读取当前用户作为 ClaimsPrincipal,并从中读取声明。The current user is read from the HttpContext as a ClaimsPrincipal and the claims are read from it. 然后,将声明写入 HttpResponse 的对象。The claims are then written to the HttpResponse object.

ClaimsPrincipal principal = HttpContext.Current.User as ClaimsPrincipal;  
if (null != principal)  
{  
   foreach (Claim claim in principal.Claims)  
   {  
      Response.Write("CLAIM TYPE: " + claim.Type + "; CLAIM VALUE: " + claim.Value + "</br>");  
   }  
  
}  
  

注解

声明是有关颁发者的使用者的声明。A claim is a statement about a subject by an issuer. 声明表示使用者的属性,这些属性在身份验证和授权操作的上下文中很有用。Claims represent attributes of the subject that are useful in the context of authentication and authorization operations. 主体和颁发者都是标识方案中的实体。Subjects and issuers are both entities that are part of an identity scenario. 主题的一些典型示例包括:用户、应用程序或服务、设备或计算机。Some typical examples of a subject are: a user, an application or service, a device, or a computer. 颁发者的一些典型示例包括:操作系统、应用程序、服务、角色提供程序、标识提供程序或联合身份验证提供程序。Some typical examples of an issuer are: the operating system, an application, a service, a role provider, an identity provider, or a federation provider. 颁发者通过颁发安全令牌(通常通过安全令牌服务(STS))提供声明。An issuer delivers claims by issuing security tokens, typically through a Security Token Service (STS). (在 WIF 中,可以通过从 SecurityTokenService 类派生来生成 STS。)有时,可以通过直接存储在资源中的主题属性来扩展从颁发者收到的声明的集合。(In WIF, you can build an STS by deriving from the SecurityTokenService class.) On occasion, the collection of claims received from an issuer can be extended by subject attributes stored directly at the resource. 在授权过程中,可以对声明进行评估,以确定对数据和其他受保护资源的访问权限,还可以使用它来做出或表达有关使用者的身份验证决策。A claim can be evaluated to determine access rights to data and other secured resources during the process of authorization and can also be used to make or express authentication decisions about a subject.

从 .NET 4.5 开始,实现基于声明的标识的 Windows Identity Foundation (WIF)类已完全集成到 .NET Framework 中。Beginning with .NET 4.5, the Windows Identity Foundation (WIF) classes, which implement claims-based identity, have been fully integrated into the .NET Framework. 声明概念由 Claim 类实现。The claims concept is implemented by the Claim class.

下面介绍了 Claim 类的重要属性:The following describes important properties of the Claim class:

  • Type 属性是一个字符串(通常为 URI),其中包含有关声明的语义信息;它告诉您声明的值是什么意思。The Type property is a string (typically a URI) that contains the semantic information about the claim; it tells you what the value of the claim means. 例如,声明类型为 GivenName"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname")的声明表示用户的名字。For example, a claim with a claim type of GivenName ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname") represents a user's first name. Type 属性的值可以是在 ClaimTypes 类中定义的已知声明类型之一,也可以是颁发者定义的任意 URI。The value of the Type property can be one of the well-known claim types defined in the ClaimTypes class, or it can be an arbitrary URI as defined by the issuer. 例如,声明类型为 "urn: spendinglimit" 可能表示在颁发者的业务上下文中有意义的用户属性。For example, a claim type of "urn:spendinglimit" might represent a user attribute which makes sense within the business context of the issuer.

  • Value 属性包含声明的值。The Value property contains the value of the claim. 为了减小依赖关系并简化管理,在 WIF 中,声明的值仅表示为字符串。In order to reduce dependencies and simplify administration, in WIF the value of a claim is represented only as a string. 对于更复杂的值类型,建议使用标准 XML 架构类型,以指示应如何序列化和反序列化字符串中的值。For more complex value types, it is recommended that you use standard XML schema types to indicate how the value is meant to be serialized into and deserialized from a string.

  • ValueType 属性包含一个字符串,该字符串标识值的类型信息。The ValueType property contains a string that identifies the type information for the value. 应使用此属性来了解值的格式,并提供有关如何对其进行反序列化的信息。This property should be used to understand the format of the value and to provide information about how to deserialize it. 如果你的解决方案需要复杂的值类型,则建议你在 ValueType 属性中使用标准 XML 架构类型,以指示 Value 属性如何序列化到字符串中并进行反序列化。If your solution requires complex value types, it is recommended that you use standard XML schema types in the ValueType property to indicate how the Value property is meant to be serialized into and deserialized from a string.

  • Subject 属性是表示声明主题的 ClaimsIdentity 对象。The Subject property is a ClaimsIdentity object that represents the subject of the claim. 声明的使用者是实体(通常是请求访问资源的用户)有关断言声明的实体。The subject of the claim is the entity (typically the user who is requesting access to a resource) about which the claim is asserted. ClaimsIdentity 包含一组声明的集合,这些声明将使用者的属性和属性描述为一个或多个颁发者的证明。The ClaimsIdentity contains, among its properties, a collection of claims that describe the properties and attributes of the subject as attested to by one or more issuers.

  • Issuer 属性包含颁发声明的实体的名称。The Issuer property contains the name of the entity that issued the claim. 声明的颁发者以 WIF 表示,其中包含从颁发者名称注册表维护的众所周知颁发者列表中获取的名称。The issuer of a claim is represented in WIF by a string that contains a name taken from a list of well-known issuers that is maintained by the issuer name registry. 颁发者名称注册表是派生自 IssuerNameRegistry 类的类的实例。The issuer name registry is an instance of a class that derives from the IssuerNameRegistry class. 颁发者名称注册表将助记键名称与验证相应颁发者生成的令牌签名所需的加密材料相关联。The issuer name registry associates a mnemonic name to the cryptographic material needed to verify the signatures of tokens produced by the corresponding issuer. 例如,使用 .NET 4.5 的现成 ConfigurationBasedIssuerNameRegistry 类,将每个颁发者的助记键名称与相应的 x.509 证书相关联。For example, the ConfigurationBasedIssuerNameRegistry class, available out of the box with .NET 4.5, associates the mnemonic name for each issuer with its corresponding X.509 certificate. 众所周知的颁发者列表通常在启动时由颁发者名称注册表生成。The list of well-known issuers is typically built at startup time by the issuer name registry. 在应用程序配置文件中指定 ConfigurationBasedIssuerNameRegistry 使用的列表。The list used by the ConfigurationBasedIssuerNameRegistry is specified in the application configuration file.

  • OriginalIssuer 属性包含最初发出声明的实体的名称。The OriginalIssuer property contains the name of the entity that originally issued the claim. 此属性旨在促进以下方案:在客户端向 RP 应用程序提供声明之前,声明可通过多个颁发者。例如,联合方案。This property is designed to facilitate scenarios where a claim may pass through multiple issuers before it is presented by the client to the RP application; such as federation scenarios. 您可以检查 OriginalIssuer 属性以确定最初发出声明的实体。You can examine the OriginalIssuer property to determine the entity that originally issued the claim. 该名称取自颁发者名称注册表所维护的众所周知颁发者列表,如 Issuer 属性的情况。The name is taken from the list of well-known issuers maintained by the issuer name registry, as in the case of the Issuer property.

构造函数

Claim(BinaryReader)

用指定的 Claim 初始化 BinaryReader 的实例。Initializes an instance of Claim with the specified BinaryReader.

Claim(BinaryReader, ClaimsIdentity)

用指定的读取器和使用者初始化 Claim 类的新实例。Initializes a new instance of the Claim class with the specified reader and subject.

Claim(Claim)

初始化 Claim 类的新实例。Initializes a new instance of the Claim class.

Claim(Claim, ClaimsIdentity)

用指定的安全声明和使用者初始化 Claim 类的新实例。Initializes a new instance of the Claim class with the specified security claim and subject.

Claim(String, String)

初始化指定声称类型和值的 Claim 类的新实例。Initializes a new instance of the Claim class with the specified claim type, and value.

Claim(String, String, String)

初始化指定声称类型、值类型和值的 Claim 类的新实例。Initializes a new instance of the Claim class with the specified claim type, value, and value type.

Claim(String, String, String, String)

初始化指定声称类型,值,值类型和颁发者的 Claim 类的新实例。Initializes a new instance of the Claim class with the specified claim type, value, value type, and issuer.

Claim(String, String, String, String, String)

使用指定的声明类型、值、值类型、颁发者、原始颁发者,初始化 Claim 类的新实例。Initializes a new instance of the Claim class with the specified claim type, value, value type, issuer, and original issuer.

Claim(String, String, String, String, String, ClaimsIdentity)

使用指定的声明类型、值、值类型、颁发者、原始颁发者和主题,初始化 Claim 类的新实例。Initializes a new instance of the Claim class with the specified claim type, value, value type, issuer, original issuer and subject.

属性

CustomSerializationData

包含派生类型提供的任何其他数据。Contains any additional data provided by a derived type.

Issuer

获取声明的颁发者。Gets the issuer of the claim.

OriginalIssuer

获取声明的最初颁发者。Gets the original issuer of the claim.

Properties

获取包含与此声明关联的附加属性的字典。Gets a dictionary that contains additional properties associated with this claim.

Subject

获取声明的主题。Gets the subject of the claim.

Type

获取声明的声明类型。Gets the claim type of the claim.

Value

获取声明的值。Gets the value of the claim.

ValueType

获取声明的值类型。Gets the value type of the claim.

方法

Clone()

返回从此对象复制的新 Claim 对象。Returns a new Claim object copied from this object. 新的声明不具有主题。The new claim does not have a subject.

Clone(ClaimsIdentity)

返回从此对象复制的新 Claim 对象。Returns a new Claim object copied from this object. 新声明的主题设置为指定的 ClaimsIdentity。The subject of the new claim is set to the specified ClaimsIdentity.

Equals(Object)

确定指定的对象是否等于当前对象。Determines whether the specified object is equal to the current object.

(继承自 Object)
GetHashCode()

用作默认哈希函数。Serves as the default hash function.

(继承自 Object)
GetType()

获取当前实例的 TypeGets the Type of the current instance.

(继承自 Object)
MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(继承自 Object)
ToString()

返回此 Claim 对象的字符串表示形式。Returns a string representation of this Claim object.

WriteTo(BinaryWriter)

将此 Claim 写入编写器。Writes this Claim to the writer.

WriteTo(BinaryWriter, Byte[])

将此 Claim 写入编写器。Writes this Claim to the writer.

适用于

另请参阅