-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
AuthorizationContext.xml
236 lines (210 loc) · 17.3 KB
/
AuthorizationContext.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
<Type Name="AuthorizationContext" FullName="System.Security.Claims.AuthorizationContext">
<TypeSignature Language="C#" Value="public class AuthorizationContext" />
<TypeSignature Language="ILAsm" Value=".class public auto ansi beforefieldinit AuthorizationContext extends System.Object" />
<TypeSignature Language="DocId" Value="T:System.Security.Claims.AuthorizationContext" />
<TypeSignature Language="VB.NET" Value="Public Class AuthorizationContext" />
<TypeSignature Language="F#" Value="type AuthorizationContext = class" />
<TypeSignature Language="C++ CLI" Value="public ref class AuthorizationContext" />
<AssemblyInfo>
<AssemblyName>System.IdentityModel</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Base>
<BaseTypeName>System.Object</BaseTypeName>
</Base>
<Interfaces />
<Docs>
<summary>Provides context information of an authorization event. This includes the principal that represents the caller, the resource that is being requested, and the action that is being performed.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The <xref:System.Security.Claims.AuthorizationContext> class represents the context that is used by a claims authorization manager, an implementation of the <xref:System.Security.Claims.ClaimsAuthorizationManager> class, to determine whether a principal (subject) should be authorized to perform a specified action on a given resource. The claims authorization manager evaluates the authorization context in the <xref:System.Security.Claims.ClaimsAuthorizationManager.CheckAccess%2A> method and either denies or grants access based on the claims presented by the principal.
The <xref:System.Security.Claims.AuthorizationContext.Principal%2A> property contains the principal for which authorization is being requested, the <xref:System.Security.Claims.AuthorizationContext.Resource%2A> property contains the resource on which the principal is being authorized, and the <xref:System.Security.Claims.AuthorizationContext.Action%2A> property contains the actions that the principal intends to perform on the resource. Both the resource and the action are represented as a collection of claims; however, in most cases, each collection contains a single claim.
## Examples
The code example that is used in the <xref:System.Security.Claims.AuthorizationContext> topic is taken from the `Claims Based Authorization` sample. This sample provides a custom claims authorization manager that can authorize subjects based on a policy that is specified in configuration. This custom manager consists of three basic components: a class derived from <xref:System.Security.Claims.ClaimsAuthorizationManager> that implements the manager, the `ResourceAction` class that pairs a resource and an action, and a policy reader that reads and compiles policy that is specified in the configuration file. This compiled policy can then be used by the claims authorization manager to evaluate a principal in order to authorize access to resources. Not all elements are shown for the sake of brevity. For information about this sample and other samples available for WIF and about where to download them, see [WIF Code Sample Index](/previous-versions/dotnet/framework/windows-identity-foundation/wif-code-sample-index).
The following code shows the <xref:System.Security.Claims.ClaimsAuthorizationManager.CheckAccess%2A> method for the custom claims authorization manager. A function that evaluates the principal based on the resource and action specified in the <xref:System.Security.Claims.AuthorizationContext> is invoked. This function returns either `true` or `false`, which either grants or denies access to the principal.
:::code language="csharp" source="~/snippets/csharp/System.Security.Claims/AuthorizationContext/Overview/myclaimsauthorizationmanager.cs" id="Snippet3":::
:::code language="csharp" source="~/snippets/csharp/System.Security.Claims/AuthorizationContext/Overview/myclaimsauthorizationmanager.cs" id="Snippet5":::
The following XML shows an example of the authorization policy that was specified in configuration. In the first policy, the principal must possess one of the specified claims in order to perform the specified action on the specified resource. In the second policy, the principal must possess both claims to be able to perform the specified action on the specified resource. In all others, the principal is automatically granted access regardless of the claims it possesses.
```xml
<system.identityModel>
<identityConfiguration>
<claimsAuthorizationManager type="ClaimsAuthorizationLibrary.MyClaimsAuthorizationManager, ClaimsAuthorizationLibrary">
<policy resource="http://localhost:28491/Developers.aspx" action="GET">
<or>
<claim claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" claimValue="developer" />
<claim claimType="http://schemas.xmlsoap.org/claims/Group" claimValue="Administrator" />
</or>
</policy>
<policy resource="http://localhost:28491/Administrators.aspx" action="GET">
<and>
<claim claimType="http://schemas.xmlsoap.org/claims/Group" claimValue="Administrator" />
<claim claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country" claimValue="USA" />
</and>
</policy>
<policy resource="http://localhost:28491/Default.aspx" action="GET">
</policy>
<policy resource="http://localhost:28491/" action="GET">
</policy>
<policy resource="http://localhost:28491/Claims.aspx" action="GET">
</policy>
</claimsAuthorizationManager>
...
</identityConfiguration>
</system.identityModel>
```
]]></format>
</remarks>
</Docs>
<Members>
<MemberGroup MemberName=".ctor">
<AssemblyInfo>
<AssemblyName>System.IdentityModel</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Docs>
<summary>Initializes a new instance of the <see cref="T:System.Security.Claims.AuthorizationContext" /> class.</summary>
</Docs>
</MemberGroup>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public AuthorizationContext (System.Security.Claims.ClaimsPrincipal principal, System.Collections.ObjectModel.Collection<System.Security.Claims.Claim> resource, System.Collections.ObjectModel.Collection<System.Security.Claims.Claim> action);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(class System.Security.Claims.ClaimsPrincipal principal, class System.Collections.ObjectModel.Collection`1<class System.Security.Claims.Claim> resource, class System.Collections.ObjectModel.Collection`1<class System.Security.Claims.Claim> action) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Security.Claims.AuthorizationContext.#ctor(System.Security.Claims.ClaimsPrincipal,System.Collections.ObjectModel.Collection{System.Security.Claims.Claim},System.Collections.ObjectModel.Collection{System.Security.Claims.Claim})" />
<MemberSignature Language="VB.NET" Value="Public Sub New (principal As ClaimsPrincipal, resource As Collection(Of Claim), action As Collection(Of Claim))" />
<MemberSignature Language="F#" Value="new System.Security.Claims.AuthorizationContext : System.Security.Claims.ClaimsPrincipal * System.Collections.ObjectModel.Collection<System.Security.Claims.Claim> * System.Collections.ObjectModel.Collection<System.Security.Claims.Claim> -> System.Security.Claims.AuthorizationContext" Usage="new System.Security.Claims.AuthorizationContext (principal, resource, action)" />
<MemberSignature Language="C++ CLI" Value="public:
 AuthorizationContext(System::Security::Claims::ClaimsPrincipal ^ principal, System::Collections::ObjectModel::Collection<System::Security::Claims::Claim ^> ^ resource, System::Collections::ObjectModel::Collection<System::Security::Claims::Claim ^> ^ action);" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>System.IdentityModel</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Parameters>
<Parameter Name="principal" Type="System.Security.Claims.ClaimsPrincipal" />
<Parameter Name="resource" Type="System.Collections.ObjectModel.Collection<System.Security.Claims.Claim>" />
<Parameter Name="action" Type="System.Collections.ObjectModel.Collection<System.Security.Claims.Claim>" />
</Parameters>
<Docs>
<param name="principal">The principal for which authorization is to be checked.</param>
<param name="resource">A collection of claims that represents the resource for which the principal is to be authorized. The collection typically contains a single element.</param>
<param name="action">A collection of claims that represents the action to be performed on the resource. The collection typically contains a single element.</param>
<summary>Initializes a new instance of the <see cref="T:System.Security.Claims.AuthorizationContext" /> class with the specified principal, resource claim, and action claim.</summary>
<remarks>To be added.</remarks>
<exception cref="T:System.ArgumentNullException">
<paramref name="principal" /> is <see langword="null" />.
-or-
<paramref name="resource" /> is <see langword="null" />.
-or-
<paramref name="action" /> is <see langword="null" />.</exception>
</Docs>
</Member>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public AuthorizationContext (System.Security.Claims.ClaimsPrincipal principal, string resource, string action);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(class System.Security.Claims.ClaimsPrincipal principal, string resource, string action) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Security.Claims.AuthorizationContext.#ctor(System.Security.Claims.ClaimsPrincipal,System.String,System.String)" />
<MemberSignature Language="VB.NET" Value="Public Sub New (principal As ClaimsPrincipal, resource As String, action As String)" />
<MemberSignature Language="F#" Value="new System.Security.Claims.AuthorizationContext : System.Security.Claims.ClaimsPrincipal * string * string -> System.Security.Claims.AuthorizationContext" Usage="new System.Security.Claims.AuthorizationContext (principal, resource, action)" />
<MemberSignature Language="C++ CLI" Value="public:
 AuthorizationContext(System::Security::Claims::ClaimsPrincipal ^ principal, System::String ^ resource, System::String ^ action);" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>System.IdentityModel</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Parameters>
<Parameter Name="principal" Type="System.Security.Claims.ClaimsPrincipal" />
<Parameter Name="resource" Type="System.String" />
<Parameter Name="action" Type="System.String" />
</Parameters>
<Docs>
<param name="principal">The principal for which authorization is to be checked.</param>
<param name="resource">The resource for which the principal is to be authorized. The resource is specified as the value of a name claim.</param>
<param name="action">The action to be performed on the resource. The action is specified as the value of a name claim.</param>
<summary>Initializes a new instance of the <see cref="T:System.Security.Claims.AuthorizationContext" /> class with the specified principal, resource name, and action name.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The <xref:System.Security.Claims.AuthorizationContext.Action%2A> property is initialized to contain a name claim (<xref:System.Security.Claims.ClaimTypes.Name?displayProperty=nameWithType>) that has the value specified by the `action` parameter. The <xref:System.Security.Claims.AuthorizationContext.Resource%2A> property is initialized to contain a name claim that has the value specified by the `resource` parameter.
]]></format>
</remarks>
<exception cref="T:System.ArgumentNullException">
<paramref name="principal" /> is <see langword="null" />.
-or-
<paramref name="resource" /> is <see langword="null" />.
-or-
<paramref name="action" /> is <see langword="null" />.</exception>
</Docs>
</Member>
<Member MemberName="Action">
<MemberSignature Language="C#" Value="public System.Collections.ObjectModel.Collection<System.Security.Claims.Claim> Action { get; }" />
<MemberSignature Language="ILAsm" Value=".property instance class System.Collections.ObjectModel.Collection`1<class System.Security.Claims.Claim> Action" />
<MemberSignature Language="DocId" Value="P:System.Security.Claims.AuthorizationContext.Action" />
<MemberSignature Language="VB.NET" Value="Public ReadOnly Property Action As Collection(Of Claim)" />
<MemberSignature Language="F#" Value="member this.Action : System.Collections.ObjectModel.Collection<System.Security.Claims.Claim>" Usage="System.Security.Claims.AuthorizationContext.Action" />
<MemberSignature Language="C++ CLI" Value="public:
 property System::Collections::ObjectModel::Collection<System::Security::Claims::Claim ^> ^ Action { System::Collections::ObjectModel::Collection<System::Security::Claims::Claim ^> ^ get(); };" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>System.IdentityModel</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Collections.ObjectModel.Collection<System.Security.Claims.Claim></ReturnType>
</ReturnValue>
<Docs>
<summary>Gets the action for which the principal is to be authorized.</summary>
<value>A collection of claims that represents the actions relevant to the request.</value>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The collection typically contains a single element.
]]></format>
</remarks>
</Docs>
</Member>
<Member MemberName="Principal">
<MemberSignature Language="C#" Value="public System.Security.Claims.ClaimsPrincipal Principal { get; }" />
<MemberSignature Language="ILAsm" Value=".property instance class System.Security.Claims.ClaimsPrincipal Principal" />
<MemberSignature Language="DocId" Value="P:System.Security.Claims.AuthorizationContext.Principal" />
<MemberSignature Language="VB.NET" Value="Public ReadOnly Property Principal As ClaimsPrincipal" />
<MemberSignature Language="F#" Value="member this.Principal : System.Security.Claims.ClaimsPrincipal" Usage="System.Security.Claims.AuthorizationContext.Principal" />
<MemberSignature Language="C++ CLI" Value="public:
 property System::Security::Claims::ClaimsPrincipal ^ Principal { System::Security::Claims::ClaimsPrincipal ^ get(); };" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>System.IdentityModel</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Security.Claims.ClaimsPrincipal</ReturnType>
</ReturnValue>
<Docs>
<summary>Gets the principal (subject) for which authorization is being requested.</summary>
<value>The principal for which authorization is being requested.</value>
<remarks>To be added.</remarks>
</Docs>
</Member>
<Member MemberName="Resource">
<MemberSignature Language="C#" Value="public System.Collections.ObjectModel.Collection<System.Security.Claims.Claim> Resource { get; }" />
<MemberSignature Language="ILAsm" Value=".property instance class System.Collections.ObjectModel.Collection`1<class System.Security.Claims.Claim> Resource" />
<MemberSignature Language="DocId" Value="P:System.Security.Claims.AuthorizationContext.Resource" />
<MemberSignature Language="VB.NET" Value="Public ReadOnly Property Resource As Collection(Of Claim)" />
<MemberSignature Language="F#" Value="member this.Resource : System.Collections.ObjectModel.Collection<System.Security.Claims.Claim>" Usage="System.Security.Claims.AuthorizationContext.Resource" />
<MemberSignature Language="C++ CLI" Value="public:
 property System::Collections::ObjectModel::Collection<System::Security::Claims::Claim ^> ^ Resource { System::Collections::ObjectModel::Collection<System::Security::Claims::Claim ^> ^ get(); };" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>System.IdentityModel</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Collections.ObjectModel.Collection<System.Security.Claims.Claim></ReturnType>
</ReturnValue>
<Docs>
<summary>Gets the resource on which the principal is to be authorized.</summary>
<value>A collection of claims that represents the resource.</value>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The collection typically contains a single element.
]]></format>
</remarks>
</Docs>
</Member>
</Members>
</Type>