ServiceAuthorizationManager.CheckAccessCore(OperationContext) 方法

  • 参考

定义

命名空间:
System.ServiceModel
程序集:
System.ServiceModel.dll

基于默认的策略评估,检查给定操作上下文和可选消息的授权。

protected:
 virtual bool CheckAccessCore(System::ServiceModel::OperationContext ^ operationContext);
protected virtual bool CheckAccessCore (System.ServiceModel.OperationContext operationContext);
abstract member CheckAccessCore : System.ServiceModel.OperationContext -> bool
override this.CheckAccessCore : System.ServiceModel.OperationContext -> bool
Protected Overridable Function CheckAccessCore (operationContext As OperationContext) As Boolean

参数

operationContext
OperationContext

当前授权请求的 OperationContext

返回

Boolean

如果授予访问权限,则为 true;否则为 false。 默认值为 true

示例

下面的示例演示对 CheckAccessCore 方法的重写。

protected override bool CheckAccessCore(OperationContext operationContext)
{
  // Extract the action URI from the OperationContext. Match this against the claims
  // in the AuthorizationContext.
  string action = operationContext.RequestContext.RequestMessage.Headers.Action;

  // Iterate through the various claim sets in the AuthorizationContext.
  foreach(ClaimSet cs in operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets)
  {
    // Examine only those claim sets issued by System.
    if (cs.Issuer == ClaimSet.System)
    {
      // Iterate through claims of type "http://www.contoso.com/claims/allowedoperation".
        foreach (Claim c in cs.FindClaims("http://www.contoso.com/claims/allowedoperation", Rights.PossessProperty))
      {
        // If the Claim resource matches the action URI then return true to allow access.
        if (action == c.Resource.ToString())
          return true;
      }
    }
  }

  // If this point is reached, return false to deny access.
  return false;
}

Protected Overrides Function CheckAccessCore(ByVal operationContext As OperationContext) As Boolean 
    ' Extract the action URI from the OperationContext. Match this against the claims.
    ' in the AuthorizationContext.
    Dim action As String = operationContext.RequestContext.RequestMessage.Headers.Action
    
    ' Iterate through the various claimsets in the AuthorizationContext.
    Dim cs As ClaimSet
    For Each cs In  operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets
        ' Examine only those claim sets issued by System.
        If cs.Issuer Is ClaimSet.System Then
            ' Iterate through claims of type "http://www.contoso.com/claims/allowedoperation".
            Dim c As Claim
            For Each c In  cs.FindClaims("http://www.contoso.com/claims/allowedoperation", _
                 Rights.PossessProperty)
                ' If the Claim resource matches the action URI then return true to allow access.
                If action = c.Resource.ToString() Then
                    Return True
                End If
            Next c
        End If
    Next cs 
    ' If this point is reached, return false to deny access.
    Return False

End Function

有关另一个示例,请参阅 如何:为服务创建自定义授权管理器

注解

ServiceSecurityContext 通常是由默认的策略评估生成的。

重写此方法以提供自定义授权决定。

此方法可用于根据基于传入令牌所推断的或通过外部授权策略所添加的声明集做出授权决定。 此方法还可以根据传入消息(如操作标头)的属性做出授权决定。

在此方法中,应用程序可以使用 operationContext 参数访问调用方标识 (ServiceSecurityContext)。 通过从 RequestContext 属性返回 RequestContext 对象,应用程序可以访问整个请求消息 (RequestMessage)。 通过从 MessageHeaders 属性返回 IncomingMessageHeaders 对象,应用程序可以访问服务 URL (To) 和操作 (Action)。 获取这些消息后,应用程序可以据此执行授权决定。

用户做出的声明出现在由 ClaimSetClaimSets 属性所返回的 AuthorizationContext 中。 当前的 AuthorizationContextServiceSecurityContext 类的 OperationContext 属性返回。

适用于