Claim 類別

定義

表示與實體關聯的宣告。Represents a claim that is associated with an entity.

public ref class Claim
[System.Runtime.Serialization.DataContract(Namespace="http://schemas.xmlsoap.org/ws/2005/05/identity")]
public class Claim
type Claim = class
Public Class Claim
繼承
Claim
屬性

範例

// Run this method from within a method protected by the PrincipalPermissionAttribute
// to see the security context data, including the primary identity.
public void WriteServiceSecurityContextData(string fileName)
{
    using (StreamWriter sw = new StreamWriter(fileName))
    {
        // Write the primary identity and Windows identity. The primary identity is derived from the
        // the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);
        sw.WriteLine();
        // Write the claimsets in the authorization context. By default, there is only one claimset
        // provided by the system. 
        foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
        {
            foreach (Claim claim in claimset)
            {
                // Write out each claim type, claim value, and the right. There are two
                // possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type = {0}", claim.ClaimType);
                sw.WriteLine("\t Resource = {0}", claim.Resource.ToString());
                sw.WriteLine("\t Right = {0}", claim.Right);
            }
        }
    }
}

' Run this method from within a method protected by the PrincipalPermissionAttribute
' to see the security context data, including the primary identity.
Public Sub WriteServiceSecurityContextData(ByVal fileName As String)
    Dim sw As New StreamWriter(fileName)
    Try
        ' Write the primary identity and Windows identity. The primary identity is derived from the
        ' the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name)
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name)
        sw.WriteLine()
        ' Write the claimsets in the authorization context. By default, there is only one claimset
        ' provided by the system. 
        Dim claimset As ClaimSet
        For Each claimset In ServiceSecurityContext.Current.AuthorizationContext.ClaimSets
            Dim claim As Claim
            For Each claim In claimset
                ' Write out each claim type, claim value, and the right. There are two
                ' possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type = {0}", claim.ClaimType)
                sw.WriteLine(vbTab + " Resource = {0}", claim.Resource.ToString())
                sw.WriteLine(vbTab + " Right = {0}", claim.Right)
            Next claim
        Next claimset
    Finally
        sw.Dispose()
    End Try

End Sub

備註

身分識別模型為宣告架構的授權系統。The Identity Model is a claims-based authorization system. 宣告會描述與系統中某些實體關聯的功能,這類實體通常是指該系統的使用者。Claims describe the capabilities associated with some entity in the system, often a user of that system. 與特定實體關聯的一組宣告可以視為金鑰。The set of claims associated with a given entity can be thought of as a key. 這些特定宣告會定義該金鑰的形狀,就像是用來開啟門鎖的實體鑰匙。The particular claims define the shape of that key; much like a physical key is used to open a lock in a door. 如此一來,宣告就可用來取得資源的存取權。In this way, claims are used to gain access to resources. 判定特定受保護資源之存取權的方式,就是比較存取該資源時所需要的宣告以及與嘗試進行存取之實體關聯的宣告。Access to a given protected resource is determined by comparing the claims required to access that resource with the claims associated with the entity that attempts access.

宣告就是權限對於特定值的運算式。A claim is the expression of a right with respect to a particular value. 權限可以是讀取、寫入或擁有權限,A right could be read, write, or possess. 值可以是資料庫、檔案、信箱或屬性。A value could be a database, a file, a mailbox, or a property. 宣告也具有宣告類型,Claims also have a claim type. 宣告類型和權限共同提供的機制適用於使用值進行指定的各項功能。The combination of claim type and right provides the mechanism for capabilities being specified with respect to the value. 例如,如果 file 類型的宣告對 read 值擁有 biography.doc 權限,表示具有此類宣告的實體擁有 biography.doc 檔案的讀取權限。如果某個類型名稱的宣告對 值擁有 Martin 權限,表示具有該宣告的實體擁有值為 NameMartin 屬性。For example, a claim of type file with the right read over the value biography.doc indicates that the entity with such a claim has read access to the file biography.doc. A claim of type name with the right PossessProperty over the value Martin indicates that the entity with the claim possesses a Name property with the value Martin.

雖然各種宣告類型和權限都是定義為身分識別模型的一部分,但是系統仍具備擴充性。Although various claim types and rights are defined as part of Identity Model, the system is extensible. 以身分識別模型基礎架構為基礎的各種系統可以視需要定義宣告類型和權限。The various systems building on top of the Identity Model infrastructure can define claim types and rights as required.

建構函式

Claim(String, Object, String)

使用指定的類型、資源和權限初始化 Claim 類別的新執行個體。Initializes a new instance of the Claim class with the specified type, resource, and right.

屬性

ClaimType

取得宣告類型。Gets the type of the claim.

DefaultComparer

取得可以比較兩個 Claim 物件是否相等的物件。Gets an object that can compare two Claim objects for equality.

Resource

取得與這個 Claim 物件關聯的資源。Gets the resource with which this Claim object is associated.

Right

統一資源識別元 (URI) 的字串表示,指定與這個 Claim 物件關聯的權限。A string representation of a uniform resource identifier (URI) that specifies the right associated with this Claim object. 預先定義的權限可做為 Rights 類別的靜態屬性。Pre-defined rights are available as static properties of the Rights class.

System

表示系統實體的預先定義宣告。A pre-defined claim that represents the system entity.

方法

CreateDenyOnlyWindowsSidClaim(SecurityIdentifier)

建立 Claim 物件,這個物件表示 deny-only 指定安全識別項 (SID)。Creates a Claim object that represents a deny-only specified security identifier (SID).

CreateDnsClaim(String)

建立 Claim 物件,這個物件表示指定的網域名稱系統 (DNS) 名稱。Creates a Claim object that represents the specified Domain Name System (DNS) name.

CreateHashClaim(Byte[])

建立 Claim 物件,這個物件表示指定的雜湊值。Creates a Claim object that represents the specified hash value.

CreateMailAddressClaim(MailAddress)

建立 Claim 物件,這個物件表示指定的電子郵件地址。Creates a Claim object that represents the specified email address.

CreateNameClaim(String)

建立 Claim 物件,這個物件表示指定的名稱。Creates a Claim object that represents the specified name.

CreateRsaClaim(RSA)

建立 Claim 物件,這個物件表示指定的 RSA 金鑰。Creates a Claim object that represents the specified RSA key.

CreateSpnClaim(String)

建立 Claim 物件,這個物件表示指定的服務主要名稱 (SPN)。Creates a Claim object that represents the specified Service Principal Name (SPN).

CreateThumbprintClaim(Byte[])

建立 Claim 物件,這個物件表示指定的指紋。Creates a Claim object that represents the specified thumbprint.

CreateUpnClaim(String)

建立 Claim 物件,這個物件表示指定的通用主要名稱 (UPN)。Creates a Claim object that represents the specified Universal Principal Name (UPN).

CreateUriClaim(Uri)

建立 Claim 物件,這個物件表示指定的統一資源定位器 (URL)。Creates a Claim object that represents the specified Uniform Resource Locator (URL).

CreateWindowsSidClaim(SecurityIdentifier)

建立 Claim 物件,這個物件表示指定的安全識別項 (SID)。Creates a Claim object that represents the specified security identifier (SID).

CreateX500DistinguishedNameClaim(X500DistinguishedName)

建立 Claim 物件,這個物件表示指定的 X.500 辨別名稱。Creates a Claim object that represents the specified X.500 distinguished name.

Equals(Object)

判斷指定的物件是否表示與目前 Claim 物件相同的宣告。Determines whether the specified object represents the same claim as the current Claim object.

GetHashCode()

傳回目前宣告的雜湊程式碼。Returns a hash code for the current claim.

GetType()

取得目前執行個體的 TypeGets the Type of the current instance.

(繼承來源 Object)
MemberwiseClone()

建立目前 Object 的淺層複製。Creates a shallow copy of the current Object.

(繼承來源 Object)
ToString()

傳回這個 Claim 物件的字串表示。Returns a string representation of this Claim object.

適用於