IAuthorizationPolicy.Evaluate(EvaluationContext, Object) 方法

定義

命名空間:

System.IdentityModel.Policy

組件:

System.ServiceModel.Primitives.dll

套件:

System.ServiceModel.Primitives v6.2.0

來源:

IAuthorizationPolicy.cs

評估使用者是否符合此授權原則的要求。

public:
 bool Evaluate(System::IdentityModel::Policy::EvaluationContext ^ evaluationContext, System::Object ^ % state);

public bool Evaluate (System.IdentityModel.Policy.EvaluationContext evaluationContext, ref object state);

abstract member Evaluate : System.IdentityModel.Policy.EvaluationContext * obj -> bool

Public Function Evaluate (evaluationContext As EvaluationContext, ByRef state As Object) As Boolean

參數

evaluationContext

EvaluationContext

包含授權原則評估之宣告集的 EvaluationContext。

state

Object

由傳址 (By Reference) 方式所傳遞的 Object，表示此授權原則的自訂狀態。

傳回

Boolean

如果其他授權原則新增額外宣告至 evaluationContext，必須呼叫此授權原則的 Evaluate(EvaluationContext, Object) 方法，則為 false；否則為 true，以聲明此授權原則不需要進行額外評估。

範例

public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
    bool bRet = false;
    CustomAuthState customstate = null;

    // If state is null, then this method has not been called before, so
    // set up a custom state.
    if (state == null)
    {
        customstate = new CustomAuthState();
        state = customstate;
    }
    else
    {
        customstate = (CustomAuthState)state;
    }

    Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate");

    // If claims have not been added yet...
    if (!customstate.ClaimsAdded)
    {
        // Create an empty list of Claims.
        IList<Claim> claims = new List<Claim>();

        // Iterate through each of the claim sets in the evaluation context.
        foreach (ClaimSet cs in evaluationContext.ClaimSets)
            // Look for Name claims in the current claim set.
            foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
                // Get the list of operations the given username is allowed to call.
                foreach (string s in GetAllowedOpList(c.Resource.ToString()))
                {
                    // Add claims to the list.
                    claims.Add(new Claim("http://example.org/claims/allowedoperation", s, Rights.PossessProperty));
                    Console.WriteLine("Claim added {0}", s);
                }

        // Add claims to the evaluation context.
        evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer,claims));

        // Record that claims have been added.
        customstate.ClaimsAdded = true;

        // Return true, which indicates this need not be called again.
        bRet = true;
    }
    else
    {
        // This point should not be reached, but just in case...
        bRet = true;
    }

    return bRet;
}

Public Function Evaluate(ByVal evaluationContext As EvaluationContext, _
     ByRef state As Object) As Boolean Implements IAuthorizationPolicy.Evaluate

    Dim bRet As Boolean = False
    Dim customstate As CustomAuthState = Nothing

    ' If state is null, then this method has not been called before, so 
    ' set up a custom state.
    If state Is Nothing Then
        customstate = New CustomAuthState()
        state = customstate
    Else
        customstate = CType(state, CustomAuthState)
    End If
    Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate")

    ' If the claims have not been added yet...
    If Not customstate.ClaimsAdded Then
        ' Create an empty list of Claims
        Dim claims As New List(Of Claim)

        ' Iterate through each of the claimsets in the evaluation context.
        Dim cs As ClaimSet
        For Each cs In evaluationContext.ClaimSets
            ' Look for Name claims in the current claim set.
            Dim c As Claim
            For Each c In cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty)
                ' Get the list of operations the given username is allowed to call.
                Dim s As String
                For Each s In GetAllowedOpList(c.Resource.ToString())

                    ' Add claims to the list
                    claims.Add(New Claim("http://example.org/claims/allowedoperation", _
                                s, Rights.PossessProperty))
                    Console.WriteLine("Claim added {0}", s)
                Next s
            Next c
        Next cs 
        
        ' Add claims to the evaluation context.
        evaluationContext.AddClaimSet(Me, New DefaultClaimSet(Me.Issuer, claims))

        ' Record that claims have been added.
        customstate.ClaimsAdded = True

        ' Return true, which indicates the method need not to be called again.
        bRet = True
    Else
        ' Should never get here, but just in case...
        bRet = True
    End If


    Return bRet

End Function 'Evaluate

備註

注意

實作 IAuthorizationPolicy 介面會預期由不同的執行緒呼叫 Evaluate 方法多次。

實作 IAuthorizationPolicy 介面可使用 state 參數來追蹤呼叫和 Evaluate 方法之間的狀態。 如果在對 Evaluate 方法的指定呼叫中設定狀態物件，則在目前評估流程中相同的物件執行個體會傳遞至對 Evaluate 方法的每個後續呼叫。