ServiceAuthorizationManager.CheckAccessCore(OperationContext) 方法

定義

命名空間:

System.ServiceModel

組件:

System.ServiceModel.dll

檢查根據預設原則評估所指定作業內容的授權。

protected:
 virtual bool CheckAccessCore(System::ServiceModel::OperationContext ^ operationContext);

protected virtual bool CheckAccessCore (System.ServiceModel.OperationContext operationContext);

abstract member CheckAccessCore : System.ServiceModel.OperationContext -> bool
override this.CheckAccessCore : System.ServiceModel.OperationContext -> bool

Protected Overridable Function CheckAccessCore (operationContext As OperationContext) As Boolean

參數

operationContext

OperationContext

目前授權要求的 OperationContext。

傳回

Boolean

如果授與存取權，則為 true，否則為 false。 預設為 true。

範例

下例範例示範 CheckAccessCore 方法的覆寫。

protected override bool CheckAccessCore(OperationContext operationContext)
{
  // Extract the action URI from the OperationContext. Match this against the claims
  // in the AuthorizationContext.
  string action = operationContext.RequestContext.RequestMessage.Headers.Action;

  // Iterate through the various claim sets in the AuthorizationContext.
  foreach(ClaimSet cs in operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets)
  {
    // Examine only those claim sets issued by System.
    if (cs.Issuer == ClaimSet.System)
    {
      // Iterate through claims of type "http://www.contoso.com/claims/allowedoperation".
        foreach (Claim c in cs.FindClaims("http://www.contoso.com/claims/allowedoperation", Rights.PossessProperty))
      {
        // If the Claim resource matches the action URI then return true to allow access.
        if (action == c.Resource.ToString())
          return true;
      }
    }
  }

  // If this point is reached, return false to deny access.
  return false;
}

Protected Overrides Function CheckAccessCore(ByVal operationContext As OperationContext) As Boolean 
    ' Extract the action URI from the OperationContext. Match this against the claims.
    ' in the AuthorizationContext.
    Dim action As String = operationContext.RequestContext.RequestMessage.Headers.Action
    
    ' Iterate through the various claimsets in the AuthorizationContext.
    Dim cs As ClaimSet
    For Each cs In  operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets
        ' Examine only those claim sets issued by System.
        If cs.Issuer Is ClaimSet.System Then
            ' Iterate through claims of type "http://www.contoso.com/claims/allowedoperation".
            Dim c As Claim
            For Each c In  cs.FindClaims("http://www.contoso.com/claims/allowedoperation", _
                 Rights.PossessProperty)
                ' If the Claim resource matches the action URI then return true to allow access.
                If action = c.Resource.ToString() Then
                    Return True
                End If
            Next c
        End If
    Next cs 
    ' If this point is reached, return false to deny access.
    Return False

End Function

如需其他範例，請參閱 如何：建立服務的自訂授權管理員。

備註

ServiceSecurityContext 通常是預設原則評估產生的結果。

覆寫這個方法，即可提供自訂授權決策。

這個方法可用於建立以宣告集為基礎的授權決策，該宣告集的取得方式是依傳入權杖推斷或是透過外部授權原則新增。 它也可以根據傳入訊息的屬性來建立授權決策，例如動作標頭等屬性。

使用這個方法時，應用程式可以使用 operationContext 參數來存取呼叫者身分識別 (ServiceSecurityContext)。 藉由從 RequestContext 屬性傳回 RequestContext 物件，應用程式便可以存取整個要求訊息 (RequestMessage)。 藉由從 MessageHeaders 屬性傳回 IncomingMessageHeaders 物件，應用程式便可以存取服務 URL (To) 和作業 (Action)。 使用這份資訊，應用程式便可以據此執行授權決策。

使用者所做的宣告會在由 ClaimSet 之 ClaimSets 屬性所傳回的 AuthorizationContext 中找到。 目前的 AuthorizationContext 是由 ServiceSecurityContext 類別之 OperationContext 屬性所傳回。