<serviceAuthorization> 元素<serviceAuthorization> element

指定用于授予服务操作访问权限的设置。Specifies settings that authorize access to service operations



<serviceAuthorization impersonateCallerForAllOperations="Boolean"
    <add policyType="String" />

特性和元素Attributes and elements

以下各节描述了特性、子元素和父元素:The following sections describe attributes, child elements, and parent elements:


属性Attribute 说明Description
impersonateCallerForAllOperationsimpersonateCallerForAllOperations 一个布尔值,指定是否服务中的所有操作都模拟调用方。A Boolean value that specifies if all the operations in the service impersonate the caller. 默认为 falseThe default is false.

当特定服务操作模拟调用方时,线程上下文会在执行指定服务前切换为调用方上下文。When a specific service operation impersonates the caller, the thread context is switched to the caller context before executing the specified service.
principalPermissionModeprincipalPermissionMode 设置用于在服务器上执行操作的主体。Sets the principal used to carry out operations on the server. 包括以下值:Values include the following:

-无- None
-UseWindowsGroups- UseWindowsGroups
-UseAspNetRoles- UseAspNetRoles
-Custom- Custom

默认值为 UseWindowsGroups。The default value is UseWindowsGroups. 此值的类型为 PrincipalPermissionModeThe value is of type PrincipalPermissionMode. 有关使用此属性的详细信息,请参阅如何:使用 PrincipalPermissionAttribute 类限制访问权限For more information on using this attribute, see How to: Restrict Access with the PrincipalPermissionAttribute Class.
roleProviderNameroleProviderName 一个字符串,指定为 Windows Communication Foundation (WCF) 应用程序提供角色信息的角色提供程序的名称。A string that specifies the name of the role provider, which provides role information for a Windows Communication Foundation (WCF) application. 默认值为空字符串。The default is an empty string.
ServiceAuthorizationManagerTypeServiceAuthorizationManagerType 一个包含服务授权管理器的类型的字符串。A string containing the type of the service authorization manager. 有关详细信息,请参阅 ServiceAuthorizationManagerFor more information, see ServiceAuthorizationManager.

子元素Child elements

元素Element 描述Description
authorizationPoliciesauthorizationPolicies 包含可使用 add 关键字添加的授权策略类型的集合。Contains a collection of authorization policy types, which can be added using the add keyword. 每个授权类型都包含一个所需的 policyType 属性,此属性是一个字符串。Each authorization policy contains a single required policyType attribute that is a string. 该属性指定一个授权策略,可以将一组输入声明转换为另一组声明。The attribute specifies an authorization policy, which enables transformation of one set of input claims into another set of claims. 可以根据该授权策略来授予或拒绝访问控制。Access control can be granted or denied based on that. 有关详细信息,请参阅 AuthorizationPolicyTypeElementFor more information, see AuthorizationPolicyTypeElement.

父元素Parent elements

元素Element 描述Description
<behavior> 包含服务行为的设置集合。Contains a collection of settings for the behavior of a service.


本节包含一些影响授权、自定义角色提供程序和模拟的元素。This section contains elements affecting authorization, custom role providers, and impersonation.

principalPermissionMode 属性指定在授权使用受保护方法时要使用的用户组。The principalPermissionMode attribute specifies the groups of users to use when authorizing use of a protected method. 默认值为 UseWindowsGroups,该值指定在 Windows 组(例如,“Administrators”或“Users”)中搜索试图访问某个资源的标识。The default value is UseWindowsGroups and specifies that Windows groups, such as "Administrators" or "Users," are searched for an identity trying to access a resource. 你还可以指定 UseAspNetRoles 以使用在元素下配置的自定义角色提供程序 <system.web> ,如以下代码所示:You can also specify UseAspNetRoles to use a custom role provider that is configured under the <system.web> element, as shown in the following code:

  <membership defaultProvider="SqlProvider"
      <clear />
      <add name="SqlProvider"
           passwordFormat="Hashed" />
  <!-- Other configuration code not shown. -->

下面的代码演示了 roleProviderName 与属性一起使用的 principalPermissionModeThe following code shows the roleProviderName used with the principalPermissionMode attribute:

  <behavior name="ServiceBehaviour">
    <serviceAuthorization principalPermissionMode ="UseAspNetRoles"
                          roleProviderName ="SqlProvider" />
  <!-- Other configuration code not shown. -->

有关使用此配置元素的详细示例,请参阅授权访问服务操作授权策略For a detailed example of using this configuration element, see Authorizing Access to Service Operations and Authorization Policy.

另请参阅See also