ServiceSecurityContext ServiceSecurityContext ServiceSecurityContext ServiceSecurityContext Class

定义

表示远程方的安全上下文。Represents the security context of a remote party. 在客户端,表示服务标识;而在服务端,则表示客户端标识。On the client, represents the service identity and, on the service, represents the client identity.

public ref class ServiceSecurityContext
public class ServiceSecurityContext
type ServiceSecurityContext = class
Public Class ServiceSecurityContext
继承
ServiceSecurityContextServiceSecurityContextServiceSecurityContextServiceSecurityContext

示例

下面的示例使用 ServiceSecurityContext 类提供有关当前安全上下文的信息。The following example uses the ServiceSecurityContext class to provide information about the current security context. 此代码创建一个 StreamWriter 类的实例,以将此信息写入文件。The code creates an instance of the StreamWriter class to write the information to a file.

// When this method runs, the caller must be an authenticated user 
// and the ServiceSecurityContext is not a null instance. 
public double Add(double n1, double n2)
{
    // Write data from the ServiceSecurityContext to a file using the StreamWriter class.
    using (StreamWriter sw = new StreamWriter(@"c:\ServiceSecurityContextInfo.txt"))
    {
        // Write the primary identity and Windows identity. The primary identity is derived from 
        // the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);

        // Write the claimsets in the authorization context. By default, there is only one claimset
        // provided by the system. 
        foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
        {
            foreach (Claim claim in claimset)
            {
                // Write out each claim type, claim value, and the right. There are two
                // possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type: {0}, Resource: {1} Right: {2}",
                    claim.ClaimType,
                    claim.Resource.ToString(),
                    claim.Right);
                sw.WriteLine();
            }
        }
    }
    return n1 + n2;
}
' When this method runs, the caller must be an authenticated user and the ServiceSecurityContext 
' is not a null instance. 
Public Function Add(ByVal n1 As Double, ByVal n2 As Double) As Double Implements ICalculator.Add
    ' Write data from the ServiceSecurityContext to a file using the StreamWriter class.
    Dim sw As New StreamWriter("c:\ServiceSecurityContextInfo.txt")
    Try
        ' Write the primary identity and Windows identity. The primary identity is derived from 
        ' the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name)
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name)

        ' Write the claimsets in the authorization context. By default, there is only one claimset
        ' provided by the system. 
        Dim claimset As ClaimSet
        For Each claimset In ServiceSecurityContext.Current.AuthorizationContext.ClaimSets
            Dim claim As Claim
            For Each claim In claimset
                ' Write out each claim type, claim value, and the right. There are two
                ' possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type: {0}, Resource: {1} Right: {2}", _
                claim.ClaimType, _
                claim.Resource.ToString(), _
                claim.Right)
                sw.WriteLine()
            Next claim
        Next claimset
    Finally
        sw.Dispose()
    End Try
    Return n1 + n2
End Function

下面的示例演示使用 CheckAccessCore 分析声明集的 ServiceSecurityContext 方法的实现。The following example shows an implementation of the CheckAccessCore method that uses the ServiceSecurityContext to parse a set of claims.

public class MyServiceAuthorizationManager : ServiceAuthorizationManager
{
    protected override bool CheckAccessCore(OperationContext operationContext)
    {                
        // Extract the action URI from the OperationContext. Match this against the claims
        // in the AuthorizationContext.
        string action = operationContext.RequestContext.RequestMessage.Headers.Action;
        Console.WriteLine("action: {0}", action);

        // Iterate through the various claimsets in the AuthorizationContext.
        foreach(ClaimSet cs in operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets)
        {
            // Examine only those claim sets issued by System.
            if (cs.Issuer == ClaimSet.System)
            {
                // Iterate through claims of type "http://example.org/claims/allowedoperation".
                foreach (Claim c in cs.FindClaims("http://example.org/claims/allowedoperation", 
                    Rights.PossessProperty))
                {
                    // Write the Claim resource to the console.
                    Console.WriteLine("resource: {0}", c.Resource.ToString());

                    // If the Claim resource matches the action URI then return true to allow access.
                    if (action == c.Resource.ToString())
                        return true;
                }
            }
        }

        // If this point is reached, return false to deny access.
         return false;                 
    }
}
Public Class MyServiceAuthorizationManager
    Inherits ServiceAuthorizationManager
    
    Protected Overrides Function CheckAccessCore(ByVal operationContext As OperationContext) As Boolean 
        ' Extract the action URI from the OperationContext. Match this against the claims
        ' in the AuthorizationContext.
        Dim action As String = operationContext.RequestContext.RequestMessage.Headers.Action
        Console.WriteLine("action: {0}", action)
        
        ' Iterate through the various claimsets in the authorizationcontext.
        Dim cs As ClaimSet
        For Each cs In  operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets
            ' Examine only those claim sets issued by System.
            If cs.Issuer Is ClaimSet.System Then
                ' Iterate through claims of type "http://example.org/claims/allowedoperation".
                Dim c As Claim
                For Each c In  cs.FindClaims("http://example.org/claims/allowedoperation", _
                        Rights.PossessProperty)
                    ' Write the Claim resource to the console.
                    Console.WriteLine("resource: {0}", c.Resource.ToString())
                    
                    ' If the Claim resource matches the action URI then return true to allow access.
                    If action = c.Resource.ToString() Then
                        Return True
                    End If
                Next c
            End If
        Next cs 
        ' If we get here, return false, denying access.
        Return False
    
    End Function 
End Class 

注解

此数据是消息的 SecurityMessageProperty 的一部分。The data is part of the SecurityMessageProperty for a message.

此类用于获取有关远程的信息安全上下文在运行时。Use this class to obtain information about a remote security context at runtime. 当客户端成功通过身份验证并获得访问某个方法的授权时,将会创建安全上下文。A security context is created when a client is successfully authenticated and authorized to access a method. 当某个消息成功通过身份验证并获得授权时,即可从此类的实例中获取客户端和当前服务实例的安全信息。When a message is successfully authenticated and authorized, the security information from the client and for the current service instance can be obtained from an instance of this class.

您可以从 ServiceSecurityContext 类的 Current 属性检索 OperationContext 的实例,或者在服务操作方法中使用该实例,如下面的示例所示。You can retrieve an instance of the ServiceSecurityContext from the Current property of the OperationContext class, or use it from within a service operation method, as shown in the following example.

分析 ClaimSetParsing a ClaimSet

该类通常用于检索当前声明集,以便在访问方法时对客户端进行标识和授权。A common use of the class is to retrieve the current set of claims for the purpose of identifying or authorizing a client when accessing a method. ClaimSet 类包含 Claim 对象的集合,您可以分析每个对象以确定是否存在特定的声明。The ClaimSet class contains a collection of Claim objects, and each can be parsed to determine whether a specific claim is present. 如果提供的是指定的声明,即可获得授权。If the specified claim is provided, authorization can be granted. 此功能通过重写 CheckAccessCore 类的 ServiceAuthorizationManager 方法提供。This functionality is provided by overriding the CheckAccessCore method of the ServiceAuthorizationManager class. 有关完整示例,请参阅授权策略For a complete example, see the Authorization Policy.

请注意,在某些情况下,即使远程客户端经身份验证为匿名用户,IsAuthenticated 接口的 IIdentity 属性仍将返回 trueNote that under some circumstances, the IsAuthenticated property of the IIdentity interface returns true even if the remote client is authenticated as an anonymous user. PrimaryIdentity 属性将返回 IIdentity 接口的实现。)为此,必须满足下列情况:(The PrimaryIdentity property returns an implementation of the IIdentity interface.) The following circumstances must be true for this to occur:

  • 服务使用的是 Windows 身份验证。The service uses Windows authentication.

  • 服务允许匿名登录。The service allows anonymous logons.

  • 绑定是 <customBinding>The binding is a <customBinding>.

  • 自定义绑定包括 <security> 元素。The custom binding includes a <security> element.

  • <security>元素包含 <secureConversationBootstrap> requireSecurityContextCancellation属性设置为falseThe <security> element includes a <secureConversationBootstrap> with the requireSecurityContextCancellation attribute set to false.

构造函数

ServiceSecurityContext(AuthorizationContext) ServiceSecurityContext(AuthorizationContext) ServiceSecurityContext(AuthorizationContext) ServiceSecurityContext(AuthorizationContext)

使用指定的授权参数初始化 ServiceSecurityContext 类的新实例。Initializes a new instance of the ServiceSecurityContext class with the specified authorization parameters.

ServiceSecurityContext(AuthorizationContext, ReadOnlyCollection<IAuthorizationPolicy>) ServiceSecurityContext(AuthorizationContext, ReadOnlyCollection<IAuthorizationPolicy>) ServiceSecurityContext(AuthorizationContext, ReadOnlyCollection<IAuthorizationPolicy>) ServiceSecurityContext(AuthorizationContext, ReadOnlyCollection<IAuthorizationPolicy>)

使用指定的授权参数和策略集合初始化 ServiceSecurityContext 类的新实例。Initializes a new instance of the ServiceSecurityContext class with the specified authorization parameters and collection of policies.

ServiceSecurityContext(ReadOnlyCollection<IAuthorizationPolicy>) ServiceSecurityContext(ReadOnlyCollection<IAuthorizationPolicy>) ServiceSecurityContext(ReadOnlyCollection<IAuthorizationPolicy>) ServiceSecurityContext(ReadOnlyCollection<IAuthorizationPolicy>)

使用策略对象集合初始化 ServiceSecurityContext 类的新实例。Initializes a new instance of the ServiceSecurityContext class with the collection of policies object.

属性

Anonymous Anonymous Anonymous Anonymous

返回一个 ServiceSecurityContext 类的实例,该实例包含空的声明集合、标识和通常用于表示匿名方的其他上下文数据。Returns an instance of the ServiceSecurityContext class that contains an empty collection of claims, identities, and other context data that is usually used to represent an anonymous party.

AuthorizationContext AuthorizationContext AuthorizationContext AuthorizationContext

获取此类的实例的授权信息。Gets the authorization information for an instance of this class. AuthorizationContext 包含一个可供应用程序询问和检索远程方信息的 ClaimSet 集合。The AuthorizationContext contains a collection of ClaimSet that the application can interrogate and retrieve the information of the party.

AuthorizationPolicies AuthorizationPolicies AuthorizationPolicies AuthorizationPolicies

获取与此类的实例关联的策略集合。Gets the collection of policies associated with an instance of this class.

Current Current Current Current

获取当前 ServiceSecurityContextGets the current ServiceSecurityContext.

IsAnonymous IsAnonymous IsAnonymous IsAnonymous

获取一个值,该值指示当前客户端是否已向服务提供凭据。Gets a value that indicates whether the current client has provided credentials to the service.

PrimaryIdentity PrimaryIdentity PrimaryIdentity PrimaryIdentity

获取与当前设置关联的主标识。Gets the primary identity associated with the current setting.

WindowsIdentity WindowsIdentity WindowsIdentity WindowsIdentity

获取当前设置的 Windows 标识。Gets the Windows identity of the current setting.

方法

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

确定指定的对象是否等于当前对象。Determines whether the specified object is equal to the current object.

(Inherited from Object)
GetHashCode() GetHashCode() GetHashCode() GetHashCode()

作为默认哈希函数。Serves as the default hash function.

(Inherited from Object)
GetType() GetType() GetType() GetType()

获取当前实例的 TypeGets the Type of the current instance.

(Inherited from Object)
MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(Inherited from Object)
ToString() ToString() ToString() ToString()

返回表示当前对象的字符串。Returns a string that represents the current object.

(Inherited from Object)

适用于

另请参阅