Delen via


ISecurityNamespaceExtension Interface

Implement this interface if you want to extend your security namespace.

Note that a given security namespace can only have one extension.

Namespace:  Microsoft.TeamFoundation.Framework.Server
Assembly:  Microsoft.TeamFoundation.Framework.Server (in Microsoft.TeamFoundation.Framework.Server.dll)

Syntax

'Declaration
<InheritedExportAttribute> _
Public Interface ISecurityNamespaceExtension
[InheritedExportAttribute]
public interface ISecurityNamespaceExtension
[InheritedExportAttribute]
public interface class ISecurityNamespaceExtension
[<InheritedExportAttribute>]
type ISecurityNamespaceExtension =  interface end
public interface ISecurityNamespaceExtension

The ISecurityNamespaceExtension type exposes the following members.

Properties

  Name Description
Public property AlwaysAllowAdministrators This flag is used to determine whether admin has implicit right to update the security namespace.
Public property SecurityNamespace After the security namespace extension is constructed and before any methods are called on it the security namespace for the extension will be set.

Top

Methods

  Name Description
Public method CheckReadPermission Evaluates whether the given user should be able to read the permissions for the given token. Note that implementing this function will cause the ReadPermission defined in the namespace not to be checked. If you want to implement this interface and still have those checked then make sure to derive from the DefaultSecurityNamespaceExtension and not override this method. This method should throw some type of access exception if the user does not have read permission on this token.
Public method CheckWritePermission Evaluates whether the given user should be able to change permissions. Note that implementing this function will cause the WritePermission defined in the namespace not to be checked. If you want to implement this interface and still have those checked then make sure to derive from the DefaultSecurityNamespaceExtension and not override this method. It is expected that this function will throw if the caller should not be able to write permissions
Public method HandleIncomingToken Allows the implementor to validate or change the incoming token. These functions will only be called when tokens are coming in from the Web service.
Public method HandleOutgoingToken Allows the implementor to validate or change the outgoing token. These functions will only be called when tokens will be going over the Web service.
Public method HasPermission This will be called every time that a permission decision is being made and allows the implementor to override the preliminary decision. Note, if a PermissionEvaluationCallback is provided to the function, it will override this decision.
Public method HasReadPermission Evaluates whether the given user should be able to read the permissions for the given token. Note that implementing this function will cause the ReadPermission defined in the namespace not to be checked. If you want to implement this interface and still have those checked, then make sure to derive from the DefaultSecurityNamespaceExtension and not override this method.
Public method HasWritePermission Evaluates whether the given user should be able to change permissions. Note that implementing this function will cause the WritePermission defined in the namespace not to be checked. If you want to implement this interface and still have those checked then make sure to derive from the DefaultSecurityNamespaceExtension and not override this method. It is expected that this function will not throw if the caller should not be able to write permissions.
Public method QueryEffectivePermissions Called each time the security namespace is about to return effective permissions to either the server API or the web service. This allows the implementor to modify the final result.
Public method QueryPermissions Called each time the security namespace is about to return AccessControlLists to either the server API or to the web service. This allows the implementor to modify any of the ACLs that are being returned.
Public method ThrowAccessDeniedException Implementing this function allows the implementer to throw there own type of exception when AccessDenied exceptions need to be thrown. If this method does not throw an exception the standard AccessCheckException will be thrown.

Top

See Also

Reference

Microsoft.TeamFoundation.Framework.Server Namespace