description | title | ms.date | dev_langs | helpviewer_keywords | ms.assetid | ||||
---|---|---|---|---|---|---|---|---|---|
Learn more about: How to: Compare Claims |
How to: Compare Claims |
03/30/2017 |
|
|
0c4ec84d-53df-408f-8953-9bc437f56c28 |
The Identity Model infrastructure in Windows Communication Foundation (WCF) is used to perform authorization checking. As such, a common task is to compare claims in the authorization context to the claims required to perform the requested action or access the requested resource. This topic describes how to compare claims, including built-in and custom claim types. For more information about the Identity Model infrastructure, see Managing Claims and Authorization with the Identity Model.
Claim comparison involves comparing the three parts of a claim (type, right, and resource) against the same parts in another claim to see if they are equal. See the following example.
[!code-csharpc_CustomClaimComparison#9] [!code-vbc_CustomClaimComparison#9]
Both claims have a claim type of xref:System.IdentityModel.Claims.ClaimTypes.Name%2A, a right of xref:System.IdentityModel.Claims.Rights.PossessProperty%2A, and a resource of the string "someone". As all three parts of the claim are equal, the claims themselves are equal.
The built-in claim types are compared using the xref:System.IdentityModel.Claims.Claim.Equals%2A method. Claim-specific comparison code is used where necessary. For example, given the following two user principal name (UPN) claims, the comparison code in the xref:System.IdentityModel.Claims.Claim.Equals%2A method returns true
, assuming example\someone
identifies the same domain user as someone@example.com
.
[!code-csharpc_CustomClaimComparison#4] [!code-vbc_CustomClaimComparison#4]
Custom claim types can also be compared using the xref:System.IdentityModel.Claims.Claim.Equals%2A method. However, in cases where the type returned by the xref:System.IdentityModel.Claims.Claim.Resource%2A property of the claim is something other than a primitive type, the xref:System.IdentityModel.Claims.Claim.Equals%2A returns true
only if the values returned by the Resource
properties are equal according to the xref:System.IdentityModel.Claims.Claim.Equals%2A method. In cases where this is not appropriate, the custom type returned by the Resource
property should override the xref:System.IdentityModel.Claims.Claim.Equals%2A and xref:System.Object.GetHashCode%2A methods to perform whatever custom processing is necessary.
-
Given two instances of the xref:System.IdentityModel.Claims.Claim class, use the xref:System.IdentityModel.Claims.Claim.Equals%2A to make the comparison, as shown in the following code.
[!code-csharpc_CustomClaimComparison#5] [!code-vbc_CustomClaimComparison#5]
-
For custom claims with primitive resource types, comparison can be performed as for built-in claims, as shown in the following code.
[!code-csharpc_CustomClaimComparison#6] [!code-vbc_CustomClaimComparison#6]
-
For custom claims with structure or class based resource types, the resource type should override the xref:System.IdentityModel.Claims.Claim.Equals%2A method.
-
First check whether the
obj
parameter isnull
, and if so, returnfalse
.[!code-csharpc_CustomClaimComparison#7] [!code-vbc_CustomClaimComparison#7]
-
Next call xref:System.Object.ReferenceEquals%2A and pass
this
andobj
as parameters. If it returnstrue
, then returntrue
.[!code-csharpc_CustomClaimComparison#8] [!code-vbc_CustomClaimComparison#8]
-
Next attempt to assign
obj
to a local variable of the class type. If this fails, the reference isnull
. In such cases, returnfalse
. -
Perform the custom comparison necessary to correctly compare the current claim to the provided claim.
The following example shows a comparison of custom claims where the claim resource is a non-primitive type.
[!code-csharpc_CustomClaimComparison#0] [!code-vbc_CustomClaimComparison#0]