AuthorizationAttribute Class
[WCF RIA Services Version 1 Service Pack 2 is compatible with either .NET framework 4 or .NET Framework 4.5, and with either Silverlight 4 or Silverlight 5.]
Serves as base class for classes that are used to control authorization through custom metadata.
Inheritance Hierarchy
System.Object
System.Attribute
System.ComponentModel.DataAnnotations.AuthorizationAttribute
System.ServiceModel.DomainServices.Server.RequiresAuthenticationAttribute
System.ServiceModel.DomainServices.Server.RequiresRoleAttribute
Namespace: System.ComponentModel.DataAnnotations
Assembly: System.ServiceModel.DomainServices.Server (in System.ServiceModel.DomainServices.Server.dll)
Syntax
'Declaration
Public MustInherit Class AuthorizationAttribute _
Inherits Attribute
'Usage
Dim instance As AuthorizationAttribute
public abstract class AuthorizationAttribute : Attribute
public ref class AuthorizationAttribute abstract : public Attribute
[<AbstractClassAttribute>]
type AuthorizationAttribute =
class
inherit Attribute
end
public abstract class AuthorizationAttribute extends Attribute
The AuthorizationAttribute type exposes the following members.
Constructors
| Name | Description | |
|---|---|---|
.gif "Protected method") |
AuthorizationAttribute | Initializes a new instance of the AuthorizationAttribute class. |
Top
Properties
| Name | Description | |
|---|---|---|
.gif "Public property") |
ErrorMessage | Gets or sets the literal error message or resource key intended to be returned in an ErrorMessage. |
|
ResourceType | Gets or sets the Type to use as the resource manager for ErrorMessage. |
|
TypeId | (Inherited from Attribute.) |
Top
Methods
| Name | Description | |
|---|---|---|
.gif "Public method") |
Authorize | Determines whether the given principal object is authorized to perform a specific operation described by the given AuthorizationContext. |
|
Equals | (Inherited from Attribute.) |
|
Finalize | (Inherited from Object.) |
|
FormatErrorMessage | Gets the formatted error message for the current AuthorizationAttribute to present to the user. |
|
GetHashCode | (Inherited from Attribute.) |
|
GetType | (Inherited from Object.) |
|
IsAuthorized | Implementation specific method to determine whether the given IPrincipal object is authorized to perform a specific operation described by the given AuthorizationContext object. |
|
IsDefaultAttribute | (Inherited from Attribute.) |
|
Match | (Inherited from Attribute.) |
|
MemberwiseClone | (Inherited from Object.) |
|
ToString | (Inherited from Object.) |
Top
Explicit Interface Implementations
| Name | Description | |
|---|---|---|
.gif "Explicit interface implemetation") .gif "Private method") |
_Attribute.GetIDsOfNames | (Inherited from Attribute.) |
|
_Attribute.GetTypeInfo | (Inherited from Attribute.) |
|
_Attribute.GetTypeInfoCount | (Inherited from Attribute.) |
|
_Attribute.Invoke | (Inherited from Attribute.) |
Top
Remarks
You create a class that derives from the AuthorizationAttribute class to implement a customized authorization policy. When you create a derived class, you must implement the authorization logic in the IsAuthorized method. The IsAuthorized method includes parameters for an IPrincipal object and an AuthorizationContext object. You can use these parameters to determine if a user is authorized. In the derived class, you can add properties that are specified in the attribute declaration and used in the authorization logic. You apply the attribute to operations that need the customized authorization policy.
Examples
The following example shows an implementation of the AuthorizationAttribute class.
Public Class CheckAttendeeNameAttribute
Inherits System.Web.DomainServices.AuthorizationAttribute
Public Overrides Function Authorize(ByVal principal As System.Security.Principal.IPrincipal) As Boolean
If (principal.IsInRole("Attendee") And principal.Identity.Name.StartsWith("A")) Then
Return True
Else
Return False
End If
End Function
End Class
Public Class RestrictAccessToAssignedManagers
Inherits AuthorizationAttribute
Protected Overrides Function IsAuthorized(ByVal principal As System.Security.Principal.IPrincipal, ByVal authorizationContext As System.ComponentModel.DataAnnotations.AuthorizationContext) As System.ComponentModel.DataAnnotations.AuthorizationResult
Dim eph As EmployeePayHistory
Dim selectedEmployee As Employee
Dim authenticatedUser As Employee
eph = CType(authorizationContext.Instance, EmployeePayHistory)
Using context As New AdventureWorksEntities()
selectedEmployee = context.Employees.SingleOrDefault(Function(e) e.EmployeeID = eph.EmployeeID)
authenticatedUser = context.Employees.SingleOrDefault(Function(e) e.LoginID = principal.Identity.Name)
End Using
If (selectedEmployee.ManagerID = authenticatedUser.EmployeeID) Then
Return AuthorizationResult.Allowed
Else
Return New AuthorizationResult("Only the authenticated manager for the employee can add a new record.")
End If
End Function
End Class
public class CheckAttendeeNameAttribute : System.Web.DomainServices.AuthorizationAttribute
{
public override bool Authorize(System.Security.Principal.IPrincipal principal)
{
if (principal.IsInRole("Attendee") && principal.Identity.Name.StartsWith("A"))
{
return true;
}
else
{
return false;
}
}
}
public class RestrictAccessToAssignedManagers : AuthorizationAttribute
{
protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext)
{
EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance;
Employee selectedEmployee;
Employee authenticatedUser;
using (AdventureWorksEntities context = new AdventureWorksEntities())
{
selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID);
authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name);
}
if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID)
{
return AuthorizationResult.Allowed;
}
else
{
return new AuthorizationResult("Only the authenticated manager for the employee can add a new record.");
}
}
}
Thread Safety
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.