ServiceSecurityContext 類別

定義

表示遠端一方的安全性內容。Represents the security context of a remote party. 在用戶端,表示服務身分識別,而在服務上,則表示用戶端身分識別。On the client, represents the service identity and, on the service, represents the client identity.

public ref class ServiceSecurityContext
public class ServiceSecurityContext
type ServiceSecurityContext = class
Public Class ServiceSecurityContext
繼承
ServiceSecurityContext

範例

下列範例使用 ServiceSecurityContext 類別提供有關目前安全性內容的資訊。The following example uses the ServiceSecurityContext class to provide information about the current security context. 程式碼會建立 StreamWriter 類別的執行個體,將資訊寫入檔案中。The code creates an instance of the StreamWriter class to write the information to a file.

// When this method runs, the caller must be an authenticated user
// and the ServiceSecurityContext is not a null instance.
public double Add(double n1, double n2)
{
    // Write data from the ServiceSecurityContext to a file using the StreamWriter class.
    using (StreamWriter sw = new StreamWriter(@"c:\ServiceSecurityContextInfo.txt"))
    {
        // Write the primary identity and Windows identity. The primary identity is derived from
        // the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);

        // Write the claimsets in the authorization context. By default, there is only one claimset
        // provided by the system.
        foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
        {
            foreach (Claim claim in claimset)
            {
                // Write out each claim type, claim value, and the right. There are two
                // possible values for the right: "identity" and "possessproperty".
                sw.WriteLine("Claim Type: {0}, Resource: {1} Right: {2}",
                    claim.ClaimType,
                    claim.Resource.ToString(),
                    claim.Right);
                sw.WriteLine();
            }
        }
    }
    return n1 + n2;
}
' When this method runs, the caller must be an authenticated user and the ServiceSecurityContext 
' is not a null instance. 
Public Function Add(ByVal n1 As Double, ByVal n2 As Double) As Double Implements ICalculator.Add
    ' Write data from the ServiceSecurityContext to a file using the StreamWriter class.
    Dim sw As New StreamWriter("c:\ServiceSecurityContextInfo.txt")
    Try
        ' Write the primary identity and Windows identity. The primary identity is derived from 
        ' the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name)
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name)

        ' Write the claimsets in the authorization context. By default, there is only one claimset
        ' provided by the system. 
        Dim claimset As ClaimSet
        For Each claimset In ServiceSecurityContext.Current.AuthorizationContext.ClaimSets
            Dim claim As Claim
            For Each claim In claimset
                ' Write out each claim type, claim value, and the right. There are two
                ' possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type: {0}, Resource: {1} Right: {2}", _
                claim.ClaimType, _
                claim.Resource.ToString(), _
                claim.Right)
                sw.WriteLine()
            Next claim
        Next claimset
    Finally
        sw.Dispose()
    End Try
    Return n1 + n2
End Function

下列範例示範使用 CheckAccessCore 來剖析一組宣告的 ServiceSecurityContext 方法的實作。The following example shows an implementation of the CheckAccessCore method that uses the ServiceSecurityContext to parse a set of claims.

public class MyServiceAuthorizationManager : ServiceAuthorizationManager
{
    protected override bool CheckAccessCore(OperationContext operationContext)
    {
        // Extract the action URI from the OperationContext. Match this against the claims
        // in the AuthorizationContext.
        string action = operationContext.RequestContext.RequestMessage.Headers.Action;
        Console.WriteLine("action: {0}", action);

        // Iterate through the various claimsets in the AuthorizationContext.
        foreach(ClaimSet cs in operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets)
        {
            // Examine only those claim sets issued by System.
            if (cs.Issuer == ClaimSet.System)
            {
                // Iterate through claims of type "http://example.org/claims/allowedoperation".
                foreach (Claim c in cs.FindClaims("http://example.org/claims/allowedoperation",
                    Rights.PossessProperty))
                {
                    // Write the Claim resource to the console.
                    Console.WriteLine("resource: {0}", c.Resource.ToString());

                    // If the Claim resource matches the action URI then return true to allow access.
                    if (action == c.Resource.ToString())
                        return true;
                }
            }
        }

        // If this point is reached, return false to deny access.
         return false;
    }
}
Public Class MyServiceAuthorizationManager
    Inherits ServiceAuthorizationManager
    
    Protected Overrides Function CheckAccessCore(ByVal operationContext As OperationContext) As Boolean 
        ' Extract the action URI from the OperationContext. Match this against the claims
        ' in the AuthorizationContext.
        Dim action As String = operationContext.RequestContext.RequestMessage.Headers.Action
        Console.WriteLine("action: {0}", action)
        
        ' Iterate through the various claimsets in the authorizationcontext.
        Dim cs As ClaimSet
        For Each cs In  operationContext.ServiceSecurityContext.AuthorizationContext.ClaimSets
            ' Examine only those claim sets issued by System.
            If cs.Issuer Is ClaimSet.System Then
                ' Iterate through claims of type "http://example.org/claims/allowedoperation".
                Dim c As Claim
                For Each c In  cs.FindClaims("http://example.org/claims/allowedoperation", _
                        Rights.PossessProperty)
                    ' Write the Claim resource to the console.
                    Console.WriteLine("resource: {0}", c.Resource.ToString())
                    
                    ' If the Claim resource matches the action URI then return true to allow access.
                    If action = c.Resource.ToString() Then
                        Return True
                    End If
                Next c
            End If
        Next cs 
        ' If we get here, return false, denying access.
        Return False
    
    End Function 
End Class 

備註

資料是訊息的 SecurityMessageProperty 的一部分。The data is part of the SecurityMessageProperty for a message.

您可以使用這個類別,在執行時間取得遠端安全性內容的相關資訊。Use this class to obtain information about a remote security context at runtime. 當用戶端成功經過驗證,並獲授權可存取方法時,便會建立安全性內容。A security context is created when a client is successfully authenticated and authorized to access a method. 當成功驗證並授權訊息時,便可以從這個類別的執行個體取得來自用戶端以及目前服務執行個體的安全性資訊。When a message is successfully authenticated and authorized, the security information from the client and for the current service instance can be obtained from an instance of this class.

您可以從 ServiceSecurityContext 類別的 Current 屬性擷取 OperationContext 的執行個體,或從服務作業方法中使用它,如下列範例所示。You can retrieve an instance of the ServiceSecurityContext from the Current property of the OperationContext class, or use it from within a service operation method, as shown in the following example.

剖析 ClaimSetParsing a ClaimSet

這個類別的常見用法是擷取目前的一組宣告,以便在用戶端存取某個方法時進行識別或授權。A common use of the class is to retrieve the current set of claims for the purpose of identifying or authorizing a client when accessing a method. ClaimSet 類別包含 Claim 物件的集合,且每個都可剖析以判斷是否有特定的宣告。The ClaimSet class contains a collection of Claim objects, and each can be parsed to determine whether a specific claim is present. 如果已提供指定的宣告,就可以授與授權。If the specified claim is provided, authorization can be granted. 這個功能是藉由覆寫 CheckAccessCore 類別的 ServiceAuthorizationManager 方法來提供的。This functionality is provided by overriding the CheckAccessCore method of the ServiceAuthorizationManager class. 如需完整範例,請參閱授權原則For a complete example, see the Authorization Policy.

請注意,在某些情況下,即使遠端用戶端經過驗證為匿名使用者,IsAuthenticated 介面的 IIdentity 屬性仍會傳回 trueNote that under some circumstances, the IsAuthenticated property of the IIdentity interface returns true even if the remote client is authenticated as an anonymous user. PrimaryIdentity 屬性會傳回 IIdentity 介面的實作為)。下列情況必須為 true,才會發生此情況:(The PrimaryIdentity property returns an implementation of the IIdentity interface.) The following circumstances must be true for this to occur:

  • 服務使用 Windows 驗證。The service uses Windows authentication.

  • 服務允許匿名登入。The service allows anonymous logons.

  • 系結是<customBinding>The binding is a <customBinding>.

  • 自訂繫結包含 <security> 項目。The custom binding includes a <security> element.

  • <security> 元素包含<的secureConversationBootstrap>requireSecurityContextCancellation 屬性會設定為 falseThe <security> element includes a <secureConversationBootstrap> with the requireSecurityContextCancellation attribute set to false.

建構函式

ServiceSecurityContext(AuthorizationContext)

使用指定的授權參數,初始化 ServiceSecurityContext 類別的新執行個體。Initializes a new instance of the ServiceSecurityContext class with the specified authorization parameters.

ServiceSecurityContext(AuthorizationContext, ReadOnlyCollection<IAuthorizationPolicy>)

使用指定的授權參數和原則的集合,初始化 ServiceSecurityContext 類別的新執行個體。Initializes a new instance of the ServiceSecurityContext class with the specified authorization parameters and collection of policies.

ServiceSecurityContext(ReadOnlyCollection<IAuthorizationPolicy>)

使用原則物件的集合,初始化 ServiceSecurityContext 類別的新執行個體。Initializes a new instance of the ServiceSecurityContext class with the collection of policies object.

屬性

Anonymous

傳回 ServiceSecurityContext 類別的執行個體,包含通常用於表示匿名一方的宣告、識別和其他內容資料的空集合。Returns an instance of the ServiceSecurityContext class that contains an empty collection of claims, identities, and other context data that is usually used to represent an anonymous party.

AuthorizationContext

取得這個類別的執行個體的授權資訊。Gets the authorization information for an instance of this class. AuthorizationContext 包含 ClaimSet 的集合,應用程式可以質詢及擷取群體的資訊。The AuthorizationContext contains a collection of ClaimSet that the application can interrogate and retrieve the information of the party.

AuthorizationPolicies

取得與這個類別的執行個體關聯的原則集合。Gets the collection of policies associated with an instance of this class.

Current

取得目前的 ServiceSecurityContextGets the current ServiceSecurityContext.

IsAnonymous

取得值,這個值表示目前的用戶端是否已提供認證給服務。Gets a value that indicates whether the current client has provided credentials to the service.

PrimaryIdentity

取得與目前設定關聯的主要身分識別。Gets the primary identity associated with the current setting.

WindowsIdentity

取得目前設定的 Windows 身分識別。Gets the Windows identity of the current setting.

方法

Equals(Object)

判斷指定的物件是否等於目前的物件。Determines whether the specified object is equal to the current object.

(繼承來源 Object)
GetHashCode()

做為預設雜湊函式。Serves as the default hash function.

(繼承來源 Object)
GetType()

取得目前執行個體的 TypeGets the Type of the current instance.

(繼承來源 Object)
MemberwiseClone()

建立目前 Object 的淺層複製。Creates a shallow copy of the current Object.

(繼承來源 Object)
ToString()

傳回代表目前物件的字串。Returns a string that represents the current object.

(繼承來源 Object)

適用於

另請參閱