ClaimsPrincipal 类

定义

支持多个基于声明的标识的 IPrincipal 实现。An IPrincipal implementation that supports multiple claims-based identities.

public ref class ClaimsPrincipal : System::Security::Principal::IPrincipal
public class ClaimsPrincipal : System.Security.Principal.IPrincipal
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public class ClaimsPrincipal : System.Security.Principal.IPrincipal
type ClaimsPrincipal = class
    interface IPrincipal
[<System.Runtime.InteropServices.ComVisible(true)>]
[<System.Serializable>]
type ClaimsPrincipal = class
    interface IPrincipal
Public Class ClaimsPrincipal
Implements IPrincipal
继承
ClaimsPrincipal
派生
属性
实现

示例

下面的示例提取用户在 HTTP 请求中提供的声明,并将其写入 HTTP 响应。The following example extracts the claims presented by a user in an HTTP request and writes them to the HTTP response. 当前用户是从中读取的 HttpContext ClaimsPrincipalThe current user is read from the HttpContext as a ClaimsPrincipal. 然后从声明中读取并写入到响应中。The claims are then read from it and then are written to the response.

ClaimsPrincipal principal = HttpContext.Current.User as ClaimsPrincipal;  
if (null != principal)  
{  
   foreach (Claim claim in principal.Claims)  
   {  
      Response.Write("CLAIM TYPE: " + claim.Type + "; CLAIM VALUE: " + claim.Value + "</br>");  
   }  
}  

注解

从 .NET Framework 4.5 开始,Windows Identity Foundation (WIF) 和基于声明的标识已完全集成到 .NET Framework 中。Beginning with .NET Framework 4.5, Windows Identity Foundation (WIF) and claims-based identity have been fully integrated into the .NET Framework. 这意味着,许多表示 .NET Framework 中的主体的类现在派生自, ClaimsPrincipal 而不是只是实现 IPrincipal 接口。This means that many classes that represent a principal in the .NET Framework now derive from ClaimsPrincipal rather than simply implementing the IPrincipal interface. 除了实现 IPrincipal 接口外,还 ClaimsPrincipal 公开了用于处理声明的属性和方法。In addition to implementing the IPrincipal interface, ClaimsPrincipal exposes properties and methods that are useful for working with claims.

ClaimsPrincipal 公开标识的集合,其中每个标识为一个 ClaimsIdentityClaimsPrincipal exposes a collection of identities, each of which is a ClaimsIdentity. 在常见情况下,通过属性访问的此集合 Identities 将只有一个元素。In the common case, this collection, which is accessed through the Identities property, will only have a single element.

ClaimsPrincipal在 .net 4.5 中引入的是大多数主体类从中派生的主体,并不强制您以您处理标识的方式更改任何内容。The introduction of ClaimsPrincipal in .NET 4.5 as the principal from which most principal classes derive does not force you to change anything in the way in which you deal with identity. 但这样做确实更有可能,并提供更多的机会来运用更精细的访问控制。It does, however open up more possibilities and offer more chances to exercise finer access control. 例如:For example:

  • 应用程序代码本身可以直接使用当前主体中包含的声明来驱动额外的身份验证、授权和个性化任务。The application code itself can work directly with the claims contained in the current principal to drive extra authentication, authorization, and personalization tasks.

  • 你可以使用声明处理管道来处理资源,即使在执行到达代码之前,也可以处理身份验证请求和授权策略。You can front your resources with a claims processing pipeline, which can deal with authentication requests and authorization policy even before execution reaches your code. 例如,你可以使用自定义声明身份验证管理器(派生自类的类的一个实例)来配置基于 web 的应用程序或服务 ClaimsAuthenticationManagerFor example, you can configure a web-based application or service with a custom claims authentication manager, an instance of a class that derives from the ClaimsAuthenticationManager class. 如果已配置,请求处理管道将 Authenticate 在声明身份验证管理器中调用方法,并向其传递 ClaimsPrincipal 表示传入请求的上下文的。When so configured, the request processing pipeline invokes the Authenticate method on your claims authentication manager passing it a ClaimsPrincipal that represents the context of the incoming request. 声明身份验证管理器可以根据传入声明的值执行身份验证。Your claims authentication manager can then perform authentication based on the values of the incoming claims. 它还可以筛选、转换或向传入声明集添加声明。It can also filter, transform, or add claims to the incoming claim set. 例如,它可用于通过本地数据源(例如本地用户配置文件)创建的新声明来丰富传入声明集For example, it could be used to enrich the incoming claim set with new claims created from a local data source such as a local user profile

  • 您可以使用自定义声明授权管理器(从类派生的类的实例)来配置基于 web 的应用程序 ClaimsAuthorizationManagerYou can configure a web-based application with a custom claims authorization manager, an instance of a class that derives from the ClaimsAuthorizationManager class. 如果已配置,请求处理管道会将传入的打包 ClaimsPrincipal 在中, AuthorizationContext 并在 CheckAccess 声明授权管理器中调用方法。When so configured, the request processing pipeline packages the incoming ClaimsPrincipal in an AuthorizationContext and invokes the CheckAccess method on your claims authorization manager. 然后,声明授权管理器可以根据传入声明强制执行授权。Your claims authorization manager can then enforce authorization based on the incoming claims.

  • 可以通过使用自定义声明授权管理器配置应用程序,并使用 ClaimsPrincipalPermission 类执行命令性访问检查或 ClaimsPrincipalPermissionAttribute 执行声明性访问检查,来执行内联声明的代码访问检查。Inline claims-based code access checks can be performed by configuring your application with a custom claims authorization manager and using either the ClaimsPrincipalPermission class to perform imperative access checks or the ClaimsPrincipalPermissionAttribute to perform declarative access checks. 基于声明的代码访问检查是以内联方式执行的,在处理管道的外部执行,只要配置了声明授权管理器,所有应用程序都可以使用这些检查。Claims-based code access checks are performed inline, outside of the processing pipeline, and so are available to all applications as long as a claims authorization manager is configured.

你可以通过将 ClaimsPrincipal 属性强制转换为,获取与 RP 应用程序中的请求关联的主体的实例 (或在其中执行线程的主体) Thread.CurrentPrincipal ClaimsPrincipalYou can obtain a ClaimsPrincipal instance for the principal associated with a request in an RP application (or the principal under which a thread is executing) by casting the Thread.CurrentPrincipal property to ClaimsPrincipal. 与对象关联的声明 ClaimsPrincipal 可通过其属性获得 ClaimsThe claims associated with an ClaimsPrincipal object are available through its Claims property. Claims属性返回与主体关联的标识包含的所有声明。The Claims property returns all of the claims contained by the identities associated with the principal. ClaimsPrincipal 包含多个实例的罕见情况下 ClaimsIdentity ,可以使用 Identities 属性,也可以通过使用属性访问主要标识 IdentityIn the uncommon case in which the ClaimsPrincipal contains multiple ClaimsIdentity instances, you can use the Identities property or you can access the primary identity by using the Identity property. ClaimsPrincipal 提供一些方法,通过这些方法可以搜索这些声明,并完全支持 (LINQ) 的语言集成查询。ClaimsPrincipal provides several methods through which these claims may be searched and fully supports Language Integrated Query (LINQ). 可以通过使用或方法将标识添加到主体 AddIdentitiesAddIdentityIdentities can be added to the principal by using the AddIdentities or AddIdentity methods.

备注

若要向添加标识 ClaimsPrincipal ,调用方必须具有完全信任。To add identities to the ClaimsPrincipal, a caller must have full trust.

默认情况下, WindowsIdentity 当选择要通过属性返回的主标识时,WIF 将对对象进行优先级设置 IdentityBy default, WIF prioritizes WindowsIdentity objects when selecting the primary identity to return through the Identity property. 可以通过在属性中提供一个委托 PrimaryIdentitySelector 来执行选择来修改此行为。You can modify this behavior by supplying a delegate through the PrimaryIdentitySelector property to perform the selection. ClaimsPrincipalSelector属性为属性提供了类似功能 CurrentThe ClaimsPrincipalSelector property provides similar functionality for the Current property.

在基于声明的模型中,主体是否属于指定的角色取决于其基础标识所提供的声明。In the claim-based model, whether a principal is in a specified role is determined by the claims presented by its underlying identities. IsInRole 方法实质上检查与主体关联的每个标识,以确定它是否拥有具有指定角色值的声明。The IsInRole method essentially examines each identity associated with the principal to determine whether it possesses a claim with the specified role value. 声明的类型 (由其 Claim.Type 属性表示) 用于确定在角色检查期间应检查哪些声明,通过其属性在标识上指定 ClaimsIdentity.RoleClaimTypeThe type of the claim (represented by its Claim.Type property) used to determine which claims should be examined during role checks is specified on an identity through its ClaimsIdentity.RoleClaimType property. 因此,在角色检查过程中检查的声明对于与主体关联的不同标识可以是不同的类型。Thus, the claims examined during role checks can be of a different type for different identities associated with the principal.

构造函数

ClaimsPrincipal()

初始化 ClaimsPrincipal 类的新实例。Initializes a new instance of the ClaimsPrincipal class.

ClaimsPrincipal(BinaryReader)

用指定的 BinaryReader 初始化 ClaimsPrincipal 的实例。Initializes an instance of ClaimsPrincipal with the specified BinaryReader.

ClaimsPrincipal(IEnumerable<ClaimsIdentity>)

使用指定的声明标识,初始化 ClaimsPrincipal 类的新实例。Initializes a new instance of the ClaimsPrincipal class using the specified claims identities.

ClaimsPrincipal(IIdentity)

从指定的标识初始化 ClaimsPrincipal 类的新实例。Initializes a new instance of the ClaimsPrincipal class from the specified identity.

ClaimsPrincipal(IPrincipal)

从指定的主体初始化 ClaimsPrincipal 类的新实例。Initializes a new instance of the ClaimsPrincipal class from the specified principal.

ClaimsPrincipal(SerializationInfo, StreamingContext)

从使用 ISerializable 创建的序列化流初始化 ClaimsPrincipal 类的新实例。Initializes a new instance of the ClaimsPrincipal class from a serialized stream created by using ISerializable.

属性

Claims

获取包含所有声明的集合,这些声明来自于与此声明主体关联的所有声明标识符。Gets a collection that contains all of the claims from all of the claims identities associated with this claims principal.

ClaimsPrincipalSelector

获取或设置用于选择 Current 属性返回的声明主体的委托。Gets or sets the delegate used to select the claims principal returned by the Current property.

Current

获取当前声明主体。Gets the current claims principal.

CustomSerializationData

包含派生类型提供的任何其他数据。Contains any additional data provided by a derived type. 通常在调用 WriteTo(BinaryWriter, Byte[]) 时设置。Typically set when calling WriteTo(BinaryWriter, Byte[]).

Identities

获取一个集合,该集合包含与此声明主体关联的所有声明标识。Gets a collection that contains all of the claims identities associated with this claims principal.

Identity

获取与此声明主体相关联的主声明标识。Gets the primary claims identity associated with this claims principal.

PrimaryIdentitySelector

获取或设置用于选择 Identity 属性返回的声明标识的委托。Gets or sets the delegate used to select the claims identity returned by the Identity property.

方法

AddIdentities(IEnumerable<ClaimsIdentity>)

将指定的声明标识添加到此声明主体。Adds the specified claims identities to this claims principal.

AddIdentity(ClaimsIdentity)

将指定的声明标识添加到此声明主体。Adds the specified claims identity to this claims principal.

Clone()

返回此实例的副本。Returns a copy of this instance.

CreateClaimsIdentity(BinaryReader)

创建新的声明标识。Creates a new claims identity.

Equals(Object)

确定指定对象是否等于当前对象。Determines whether the specified object is equal to the current object.

(继承自 Object)
FindAll(Predicate<Claim>)

检索所有与指定谓词相匹配的声明。Retrieves all of the claims that are matched by the specified predicate.

FindAll(String)

检索所有或具有指定的声明类型的声明。Retrieves all or the claims that have the specified claim type.

FindFirst(Predicate<Claim>)

检所由指定谓词匹配的第一个声明。Retrieves the first claim that is matched by the specified predicate.

FindFirst(String)

检索有指定声明类型的第一个声明。Retrieves the first claim with the specified claim type.

GetHashCode()

作为默认哈希函数。Serves as the default hash function.

(继承自 Object)
GetObjectData(SerializationInfo, StreamingContext)

用序列化当前SerializationInfo 对象所需的数据来填充 ClaimsPrincipalPopulates the SerializationInfo with data needed to serialize the current ClaimsPrincipal object.

GetType()

获取当前实例的 TypeGets the Type of the current instance.

(继承自 Object)
HasClaim(Predicate<Claim>)

确定与此声明主体相关联的任何声明标识是否包含由指定的谓词匹配的声明。Determines whether any of the claims identities associated with this claims principal contains a claim that is matched by the specified predicate.

HasClaim(String, String)

确定与此声明主体相关联的任何声明标识是否包含具有指定声明类型和值的声明。Determines whether any of the claims identities associated with this claims principal contains a claim with the specified claim type and value.

IsInRole(String)

返回一个值,该值表示此声明主体代表的实体(用户)是否属于指定角色。Returns a value that indicates whether the entity (user) represented by this claims principal is in the specified role.

MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(继承自 Object)
ToString()

返回表示当前对象的字符串。Returns a string that represents the current object.

(继承自 Object)
WriteTo(BinaryWriter)

使用 BinaryWriter 序列化。Serializes using a BinaryWriter.

WriteTo(BinaryWriter, Byte[])

使用 BinaryWriter 序列化。Serializes using a BinaryWriter.

适用于

另请参阅