共用方式為


HOW TO:檢查安全性內容

在進行 Windows Communication Foundation (WCF) 服務的程式設計時,服務安全性內容可讓您決定用來向服務進行驗證的用戶端認證及宣告的詳細資料。這可藉由使用 ServiceSecurityContext 類別的屬性達成。

例如,您可以使用 PrimaryIdentityWindowsIdentity 屬性擷取目前用戶端的識別。若要判斷用戶端是否為匿名,請使用 IsAnonymous 屬性。

您也可以透過逐一查看 AuthorizationContext 屬性中的宣告集合,以判斷代表用戶端所進行的宣告為何。

取得目前的安全性內容

  • 存取靜態屬性 Current,取得目前的安全性內容。檢視來自參考之目前內容的任一屬性。

判斷呼叫端的識別

  1. 列印 PrimaryIdentityWindowsIdentity 屬性的值。

剖析呼叫端的宣告

  1. 傳回目前的 AuthorizationContext 類別。使用 Current 屬性傳回目前的服務安全性內容,然後使用 AuthorizationContext 屬性傳回 AuthorizationContext

  2. 剖析 AuthorizationContext 類別的 ClaimSets 屬性所傳回的 ClaimSet 物件集合。

範例

以下範例會列印目前安全性內容以及 ClaimType 屬性的 WindowsIdentityPrimaryIdentity 屬性值、宣告的資源值,以及目前安全性內容中的每一項 Right 屬性。

' Run this method from within a method protected by the PrincipalPermissionAttribute
' to see the security context data, including the primary identity.
Public Sub WriteServiceSecurityContextData(ByVal fileName As String) 
    Dim sw As New StreamWriter(fileName)
    Try
        ' Write the primary identity and Windows identity. The primary identity is derived from 
        ' the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name)
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name)
        sw.WriteLine()
        ' Write the claimsets in the authorization context. By default, there is only one claimset
        ' provided by the system. 
        Dim claimset As ClaimSet
        For Each claimset In  ServiceSecurityContext.Current.AuthorizationContext.ClaimSets
            Dim claim As Claim
            For Each claim In  claimset
                ' Write out each claim type, claim value, and the right. There are two
                ' possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type = {0}", claim.ClaimType)
                sw.WriteLine(vbTab + " Resource = {0}", claim.Resource.ToString())
                sw.WriteLine(vbTab + " Right = {0}", claim.Right)
            Next claim
        Next claimset
    Finally
        sw.Dispose()
    End Try

End Sub 
// Run this method from within a method protected by the PrincipalPermissionAttribute
// to see the security context data, including the primary identity.
public void WriteServiceSecurityContextData(string fileName)
{
    using (StreamWriter sw = new StreamWriter(fileName))
    {
        // Write the primary identity and Windows identity. The primary identity is derived from
        // the credentials used to authenticate the user. The Windows identity may be a null string.
        sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
        sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);
        sw.WriteLine();
        // Write the claimsets in the authorization context. By default, there is only one claimset
        // provided by the system. 
        foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
        {
            foreach (Claim claim in claimset)
            {
                // Write out each claim type, claim value, and the right. There are two
                // possible values for the right: "identity" and "possessproperty". 
                sw.WriteLine("Claim Type = {0}", claim.ClaimType);
                sw.WriteLine("\t Resource = {0}", claim.Resource.ToString());
                sw.WriteLine("\t Right = {0}", claim.Right);
            }
        }
    }
}

編譯程式碼

程式碼會使用下列命名空間:

另請參閱

概念

保護服務的安全
服務身分識別和驗證