如何:检查安全性上下文
在编程 Windows Communication Foundation (WCF) 服务时,服务安全性上下文可用于确定有关用来向服务进行身份验证的客户端凭据和声明的详细信息。 这是使用 ServiceSecurityContext 类的属性进行的。
例如,使用 PrimaryIdentity 或 WindowsIdentity 属性可检索当前客户端的标识。 若要确定客户端是否匿名,请使用 IsAnonymous 属性。
通过循环访问 AuthorizationContext 属性中的声明集合,还可以确定以客户端的名义进行了哪些声明。
获取当前安全上下文
- 访问静态属性 Current 以获取当前的安全上下文。 从参考检查当前上下文的任何属性。
确定调用方的标识
- 打印 PrimaryIdentity 和 WindowsIdentity 属性的值。
分析调用方的声明
返回当前 AuthorizationContext 类。 使用 Current 属性返回当前服务安全上下文,然后使用
AuthorizationContext属性返回 AuthorizationContext。分析由 ClaimSet 类的 ClaimSets 属性返回的 AuthorizationContext 对象的集合。
示例
下面的示例打印当前安全上下文的 WindowsIdentity 和 PrimaryIdentity 属性的值及 ClaimType 属性、声明的资源值,以及当前安全上下文中每个声明的 Right 属性。
// Run this method from within a method protected by the PrincipalPermissionAttribute
// to see the security context data, including the primary identity.
public void WriteServiceSecurityContextData(string fileName)
{
using (StreamWriter sw = new StreamWriter(fileName))
{
// Write the primary identity and Windows identity. The primary identity is derived from
// the credentials used to authenticate the user. The Windows identity may be a null string.
sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);
sw.WriteLine();
// Write the claimsets in the authorization context. By default, there is only one claimset
// provided by the system.
foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
{
foreach (Claim claim in claimset)
{
// Write out each claim type, claim value, and the right. There are two
// possible values for the right: "identity" and "possessproperty".
sw.WriteLine("Claim Type = {0}", claim.ClaimType);
sw.WriteLine("\t Resource = {0}", claim.Resource.ToString());
sw.WriteLine("\t Right = {0}", claim.Right);
}
}
}
}
' Run this method from within a method protected by the PrincipalPermissionAttribute
' to see the security context data, including the primary identity.
Public Sub WriteServiceSecurityContextData(ByVal fileName As String)
Dim sw As New StreamWriter(fileName)
Try
' Write the primary identity and Windows identity. The primary identity is derived from
' the credentials used to authenticate the user. The Windows identity may be a null string.
sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name)
sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name)
sw.WriteLine()
' Write the claimsets in the authorization context. By default, there is only one claimset
' provided by the system.
Dim claimset As ClaimSet
For Each claimset In ServiceSecurityContext.Current.AuthorizationContext.ClaimSets
Dim claim As Claim
For Each claim In claimset
' Write out each claim type, claim value, and the right. There are two
' possible values for the right: "identity" and "possessproperty".
sw.WriteLine("Claim Type = {0}", claim.ClaimType)
sw.WriteLine(vbTab + " Resource = {0}", claim.Resource.ToString())
sw.WriteLine(vbTab + " Right = {0}", claim.Right)
Next claim
Next claimset
Finally
sw.Dispose()
End Try
End Sub
编译代码
该代码使用以下命名空间: