如何:检查安全上下文

在编程 Windows Communication Foundation (WCF) 服务时,服务安全上下文可用于确定有关用来向服务验明身份的客户端凭据和声明的详细信息。这是使用 ServiceSecurityContext 类的属性进行的。

例如,使用 PrimaryIdentityWindowsIdentity 属性可检索当前客户端的标识。若要确定客户端是否匿名,请使用 IsAnonymous 属性。

通过循环访问 AuthorizationContext 属性中的声明集合,还可以确定以客户端的名义进行了哪些声明。

获取当前安全上下文

  • 访问静态属性 Current 以获取当前的安全上下文。从参考检查当前上下文的任何属性。

确定调用方的标识

  1. 打印 PrimaryIdentityWindowsIdentity 属性的值。

分析调用方的声明

  1. 返回当前 AuthorizationContext 类。使用 Current 属性返回当前服务安全上下文,然后使用 AuthorizationContext 属性返回 AuthorizationContext

  2. 分析由 AuthorizationContext 类的 ClaimSets 属性返回的 ClaimSet 对象的集合。

示例

下面的示例打印当前安全上下文的 WindowsIdentityPrimaryIdentity 属性的值及 ClaimType 属性、声明的资源值,以及当前安全上下文中每个声明的 Right 属性。

' Run this method from within a method protected by the PrincipalPermissionAttribute
' to see the security context data, including the primary identity.
Public Sub WriteServiceSecurityContextData(ByVal fileName As String) 
    Dim sw As New StreamWriter(fileName)
    Try
        ' Write the primary identity and Windows identity. The primary identity is derived from 
        ' the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name)
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name)
        sw.WriteLine()
        ' Write the claimsets in the authorization context. By default, there is only one claimset
        ' provided by the system. 
        Dim claimset As ClaimSet
        For Each claimset In  ServiceSecurityContext.Current.AuthorizationContext.ClaimSets
            Dim claim As Claim
            For Each claim In  claimset
                ' Write out each claim type, claim value, and the right. There are two
                ' possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type = {0}", claim.ClaimType)
                sw.WriteLine(vbTab + " Resource = {0}", claim.Resource.ToString())
                sw.WriteLine(vbTab + " Right = {0}", claim.Right)
            Next claim
        Next claimset
    Finally
        sw.Dispose()
    End Try

End Sub 
// Run this method from within a method protected by the PrincipalPermissionAttribute
// to see the security context data, including the primary identity.
public void WriteServiceSecurityContextData(string fileName)
{
    using (StreamWriter sw = new StreamWriter(fileName))
    {
        // Write the primary identity and Windows identity. The primary identity is derived from
        // the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);
        sw.WriteLine();
        // Write the claimsets in the authorization context. By default, there is only one claimset
        // provided by the system. 
        foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
        {
            foreach (Claim claim in claimset)
            {
                // Write out each claim type, claim value, and the right. There are two
                // possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type = {0}", claim.ClaimType);
                sw.WriteLine("\t Resource = {0}", claim.Resource.ToString());
                sw.WriteLine("\t Right = {0}", claim.Right);
            }
        }
    }
}

编译代码

该代码使用以下命名空间:

另请参见

概念

保证服务的安全
服务标识和身份验证