本文转自:https://msdn.microsoft.com/en-us/library/aa702720(v=vs.110).aspx

The PrincipalPermissionAttribute is a declarative means of controlling access to service methods. When using this attribute, the PrincipalPermissionMode enumeration specifies the mode for performing authorization checks. When this mode is set to Custom, it enables the user to specify a custom IPrincipal class returned by the CurrentPrincipal property. This topic illustrates the scenario when Custom is used in combination with a custom authorization policy and a custom principal.

For more information about using the PrincipalPermissionAttribute, see How to: Restrict Access with the PrincipalPermissionAttribute Class.

Example

namespace CustomMode

{

    public class Test

    {

        public static void Main()

        {

            try

            {

                ShowPrincipalPermissionModeCustom ppwm = new ShowPrincipalPermissionModeCustom();

                ppwm.Run();

            }

            catch (Exception exc)

            {

                Console.WriteLine("Error: {0}", exc.Message);

                Console.ReadLine();

            }

        }

    }

    class ShowPrincipalPermissionModeCustom

    {

        [ServiceContract]

        interface ISecureService

        {

            [OperationContract]

            string Method1(string request);

        }

        [ServiceBehavior]

        class SecureService : ISecureService

        {

            [PrincipalPermission(SecurityAction.Demand, Role = "everyone")]

            public string Method1(string request)

            {

                return String.Format("Hello, \"{0}\"", Thread.CurrentPrincipal.Identity.Name);

            }

        }

        public void Run()

        {

            Uri serviceUri = new Uri(@"http://localhost:8006/Service");

            ServiceHost service = new ServiceHost(typeof(SecureService));

            service.AddServiceEndpoint(typeof(ISecureService), GetBinding(), serviceUri);

            List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>();

            policies.Add(new CustomAuthorizationPolicy());

            service.Authorization.ExternalAuthorizationPolicies = policies.AsReadOnly();

            service.Authorization.PrincipalPermissionMode = PrincipalPermissionMode.Custom;

            service.Open();

            EndpointAddress sr = new EndpointAddress(

                serviceUri, EndpointIdentity.CreateUpnIdentity(WindowsIdentity.GetCurrent().Name));

            ChannelFactory<ISecureService> cf = new ChannelFactory<ISecureService>(GetBinding(), sr);

            ISecureService client = cf.CreateChannel();

            Console.WriteLine("Client received response from Method1: {0}", client.Method1("hello"));

            ((IChannel)client).Close();

            Console.ReadLine();

            service.Close();

        }

        public static Binding GetBinding()

        {

            WSHttpBinding binding = new WSHttpBinding(SecurityMode.Message);

            binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;

            return binding;

        }

        class CustomAuthorizationPolicy : IAuthorizationPolicy

        {

            string id = Guid.NewGuid().ToString();

            public string Id

            {

                get { return this.id; }

            }

            public ClaimSet Issuer

            {

                get { return ClaimSet.System; }

            }

            public bool Evaluate(EvaluationContext context, ref object state)

            {

                object obj;

                if (!context.Properties.TryGetValue("Identities", out obj))

                    return false;

                IList<IIdentity> identities = obj as IList<IIdentity>;

                if (obj == null || identities.Count <= 0)

                    return false;

                context.Properties["Principal"] = new CustomPrincipal(identities[0]);

                return true;

            }

        }

        class CustomPrincipal : IPrincipal

        {

            IIdentity identity;

            public CustomPrincipal(IIdentity identity)

            {

                this.identity = identity;

            }

            public IIdentity Identity

            {

                get { return this.identity; }

            }

            public bool IsInRole(string role)

            {

                return true;

            }

        }

    }

}

[转]How to: Create a Custom Principal Identity的更多相关文章

  1. [转]How do you create a custom AuthorizeAttribute in ASP.NET Core?

    问: I'm trying to make a custom authorization attribute in ASP.NET Core. In previous versions it was ...

  2. Part 13 Create a custom filter in AngularJS

    Custom filter in AngularJS 1. Is a function that returns a function 2. Use the filter function to cr ...

  3. How could I create a custom windows message?

    [问题] Our project is running on Windows CE 6.0 and is written in C++ . We have some problems with the ...

  4. [Angular] Create a custom validator for reactive forms in Angular

    Also check: directive for form validation User input validation is a core part of creating proper HT ...

  5. [Angular] Create a custom validator for template driven forms in Angular

    User input validation is a core part of creating proper HTML forms. Form validators not only help yo ...

  6. how to create react custom hooks with arguments

    how to create react custom hooks with arguments React Hooks & Custom Hooks // reusable custom ho ...

  7. [Angular] Create a custom pipe

    For example we want to create a pipe, to tranform byte to Mb. We using it in html like: <div> ...

  8. Create a custom configSection in web.config or app.config file

    config file: <?xml version="1.0" encoding="utf-8" ?> <configuration> ...

  9. How to create a custom action type with a custom control (BarCheckItem), associated with it

    https://www.devexpress.com/Support/Center/Example/Details/E1977/how-to-create-a-custom-action-type-w ...

随机推荐

  1. LLBL Gen Pro 5.0 企业应用开发入门

    Solutions Design 公司于2016年5月发布了LLBL Gen Pro 5.0,这个新版本的发布出乎于我的意料.我的猜想是从4.2升级到4.5,再升级5.x版本,主版本号的变更会给原有客 ...

  2. 【.net 深呼吸】自定义特性(Attribute)的实现与检索方法

    在.net的各个语言中,尤其是VB.NET和C#,都有特性这一东东,具体的概念,大家可以网上查,这里老周说一个非标准的概念——特性者,就是对象的附加数据.对象自然可以是类型.类型成员,以及程序集. 说 ...

  3. 使用AWS亚马逊云搭建Gmail转发服务(二)

    title: 使用AWS亚马逊云搭建Gmail转发服务(二) author:青南 date: 2014-12-31 14:44:27 categories: [Python] tags: [Pytho ...

  4. jQuery源码分析系列

    声明:本文为原创文章,如需转载,请注明来源并保留原文链接Aaron,谢谢! 版本截止到2013.8.24 jQuery官方发布最新的的2.0.3为准 附上每一章的源码注释分析 :https://git ...

  5. JS中 call() 与apply 方法

    1.方法定义 call方法: 语法:call([thisObj[,arg1[, arg2[,   [,.argN]]]]]) 定义:调用一个对象的一个方法,以另一个对象替换当前对象. 说明: call ...

  6. NodeJs对Mysql封装

    之前在学习NodeJs的时候,每次操作数据库都需要连接数据库然后开始写Sql操作,这样非常麻烦,然后自己对Mysql进行了封装,一共100多行代码. github地址: Mysql操作 我在里面对My ...

  7. 【NLP】揭秘马尔可夫模型神秘面纱系列文章(五)

    向前向后算法解决隐马尔可夫模型机器学习问题 作者:白宁超 2016年7月12日14:28:10 摘要:最早接触马尔可夫模型的定义源于吴军先生<数学之美>一书,起初觉得深奥难懂且无什么用场. ...

  8. 多项目并行开发如何做到快速切换——sublime Text3

    sublime text有一个很人性化的功能,就是打开窗口的时候,它会把上一次关闭时的编辑器工作区状态完全复原(不论文件是否已经保存). 只有一个项目的时候,这个功能非常方便,可以保证重启电脑后cod ...

  9. grunt自定义任务——合并压缩css和js

    npm文档:www.npmjs.com grunt基础教程:http://www.gruntjs.net/docs/getting-started/ http://www.w3cplus.com/to ...

  10. 【分布式】Zookeeper序列化及通信协议

    一.前言 前面介绍了Zookeeper的系统模型,下面进一步学习Zookeeper的底层序列化机制,Zookeeper的客户端与服务端之间会进行一系列的网络通信来实现数据传输,Zookeeper使用J ...