AuthorizationAttribute.IsAuthorized Method
[WCF RIA Services Version 1 Service Pack 2 is compatible with either .NET framework 4 or .NET Framework 4.5, and with either Silverlight 4 or Silverlight 5.]
Implementation specific method to determine whether the given IPrincipal object is authorized to perform a specific operation described by the given AuthorizationContext object.
Namespace: System.ComponentModel.DataAnnotations
Assembly: System.ServiceModel.DomainServices.Server (in System.ServiceModel.DomainServices.Server.dll)
Syntax
'Declaration
Protected MustOverride Function IsAuthorized ( _
principal As IPrincipal, _
authorizationContext As AuthorizationContext _
) As AuthorizationResult
'Usage
Dim principal As IPrincipal
Dim authorizationContext As AuthorizationContext
Dim returnValue As AuthorizationResult
returnValue = Me.IsAuthorized(principal, _
authorizationContext)
protected abstract AuthorizationResult IsAuthorized(
IPrincipal principal,
AuthorizationContext authorizationContext
)
protected:
virtual AuthorizationResult^ IsAuthorized(
IPrincipal^ principal,
AuthorizationContext^ authorizationContext
) abstract
abstract IsAuthorized :
principal:IPrincipal *
authorizationContext:AuthorizationContext -> AuthorizationResult
protected abstract function IsAuthorized(
principal : IPrincipal,
authorizationContext : AuthorizationContext
) : AuthorizationResult
Parameters
- principal
Type: System.Security.Principal.IPrincipal
The IPrincipal object to be authorized.
- authorizationContext
Type: System.ComponentModel.DataAnnotations.AuthorizationContext
The AuthorizationContext describing the context in which authorization has been requested.
Return Value
Type: System.ComponentModel.DataAnnotations.AuthorizationResult
An AuthorizationResult object that indicates whether the operation is allowed or denied. Returns Allowed when the operation is allowed. Returns a non-null AuthorizationResult when the request has been denied. The ErrorMessage property contains the error message that is displayed to users.
Remarks
This protected abstract method contains the implementation-specific logic for this particular subclass of AuthorizationAttribute. It is invoked strictly by the public Authorize method.
Examples
The following example shows an implementation of the AuthorizationAttribute class.
Public Class CheckAttendeeNameAttribute
Inherits System.Web.DomainServices.AuthorizationAttribute
Public Overrides Function Authorize(ByVal principal As System.Security.Principal.IPrincipal) As Boolean
If (principal.IsInRole("Attendee") And principal.Identity.Name.StartsWith("A")) Then
Return True
Else
Return False
End If
End Function
End Class
Public Class RestrictAccessToAssignedManagers
Inherits AuthorizationAttribute
Protected Overrides Function IsAuthorized(ByVal principal As System.Security.Principal.IPrincipal, ByVal authorizationContext As System.ComponentModel.DataAnnotations.AuthorizationContext) As System.ComponentModel.DataAnnotations.AuthorizationResult
Dim eph As EmployeePayHistory
Dim selectedEmployee As Employee
Dim authenticatedUser As Employee
eph = CType(authorizationContext.Instance, EmployeePayHistory)
Using context As New AdventureWorksEntities()
selectedEmployee = context.Employees.SingleOrDefault(Function(e) e.EmployeeID = eph.EmployeeID)
authenticatedUser = context.Employees.SingleOrDefault(Function(e) e.LoginID = principal.Identity.Name)
End Using
If (selectedEmployee.ManagerID = authenticatedUser.EmployeeID) Then
Return AuthorizationResult.Allowed
Else
Return New AuthorizationResult("Only the authenticated manager for the employee can add a new record.")
End If
End Function
End Class
public class CheckAttendeeNameAttribute : System.Web.DomainServices.AuthorizationAttribute
{
public override bool Authorize(System.Security.Principal.IPrincipal principal)
{
if (principal.IsInRole("Attendee") && principal.Identity.Name.StartsWith("A"))
{
return true;
}
else
{
return false;
}
}
}
public class RestrictAccessToAssignedManagers : AuthorizationAttribute
{
protected override AuthorizationResult IsAuthorized(System.Security.Principal.IPrincipal principal, AuthorizationContext authorizationContext)
{
EmployeePayHistory eph = (EmployeePayHistory)authorizationContext.Instance;
Employee selectedEmployee;
Employee authenticatedUser;
using (AdventureWorksEntities context = new AdventureWorksEntities())
{
selectedEmployee = context.Employees.SingleOrDefault(e => e.EmployeeID == eph.EmployeeID);
authenticatedUser = context.Employees.SingleOrDefault(e => e.LoginID == principal.Identity.Name);
}
if (selectedEmployee.ManagerID == authenticatedUser.EmployeeID)
{
return AuthorizationResult.Allowed;
}
else
{
return new AuthorizationResult("Only the authenticated manager for the employee can add a new record.");
}
}
}