本文转自:https://msdn.microsoft.com/en-us/library/aa702720(v=vs.110).aspx

The PrincipalPermissionAttribute is a declarative means of controlling access to service methods. When using this attribute, the PrincipalPermissionMode enumeration specifies the mode for performing authorization checks. When this mode is set to Custom, it enables the user to specify a custom IPrincipal class returned by the CurrentPrincipal property. This topic illustrates the scenario when Custom is used in combination with a custom authorization policy and a custom principal.

For more information about using the PrincipalPermissionAttribute, see How to: Restrict Access with the PrincipalPermissionAttribute Class.

Example

namespace CustomMode

{

    public class Test

    {

        public static void Main()

        {

            try

            {

                ShowPrincipalPermissionModeCustom ppwm = new ShowPrincipalPermissionModeCustom();

                ppwm.Run();

            }

            catch (Exception exc)

            {

                Console.WriteLine("Error: {0}", exc.Message);

                Console.ReadLine();

            }

        }

    }

    class ShowPrincipalPermissionModeCustom

    {

        [ServiceContract]

        interface ISecureService

        {

            [OperationContract]

            string Method1(string request);

        }

        [ServiceBehavior]

        class SecureService : ISecureService

        {

            [PrincipalPermission(SecurityAction.Demand, Role = "everyone")]

            public string Method1(string request)

            {

                return String.Format("Hello, \"{0}\"", Thread.CurrentPrincipal.Identity.Name);

            }

        }

        public void Run()

        {

            Uri serviceUri = new Uri(@"http://localhost:8006/Service");

            ServiceHost service = new ServiceHost(typeof(SecureService));

            service.AddServiceEndpoint(typeof(ISecureService), GetBinding(), serviceUri);

            List<IAuthorizationPolicy> policies = new List<IAuthorizationPolicy>();

            policies.Add(new CustomAuthorizationPolicy());

            service.Authorization.ExternalAuthorizationPolicies = policies.AsReadOnly();

            service.Authorization.PrincipalPermissionMode = PrincipalPermissionMode.Custom;

            service.Open();

            EndpointAddress sr = new EndpointAddress(

                serviceUri, EndpointIdentity.CreateUpnIdentity(WindowsIdentity.GetCurrent().Name));

            ChannelFactory<ISecureService> cf = new ChannelFactory<ISecureService>(GetBinding(), sr);

            ISecureService client = cf.CreateChannel();

            Console.WriteLine("Client received response from Method1: {0}", client.Method1("hello"));

            ((IChannel)client).Close();

            Console.ReadLine();

            service.Close();

        }

        public static Binding GetBinding()

        {

            WSHttpBinding binding = new WSHttpBinding(SecurityMode.Message);

            binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;

            return binding;

        }

        class CustomAuthorizationPolicy : IAuthorizationPolicy

        {

            string id = Guid.NewGuid().ToString();

            public string Id

            {

                get { return this.id; }

            }

            public ClaimSet Issuer

            {

                get { return ClaimSet.System; }

            }

            public bool Evaluate(EvaluationContext context, ref object state)

            {

                object obj;

                if (!context.Properties.TryGetValue("Identities", out obj))

                    return false;

                IList<IIdentity> identities = obj as IList<IIdentity>;

                if (obj == null || identities.Count <= 0)

                    return false;

                context.Properties["Principal"] = new CustomPrincipal(identities[0]);

                return true;

            }

        }

        class CustomPrincipal : IPrincipal

        {

            IIdentity identity;

            public CustomPrincipal(IIdentity identity)

            {

                this.identity = identity;

            }

            public IIdentity Identity

            {

                get { return this.identity; }

            }

            public bool IsInRole(string role)

            {

                return true;

            }

        }

    }

}

[转]How to: Create a Custom Principal Identity的更多相关文章

  1. [转]How do you create a custom AuthorizeAttribute in ASP.NET Core?

    问: I'm trying to make a custom authorization attribute in ASP.NET Core. In previous versions it was ...

  2. Part 13 Create a custom filter in AngularJS

    Custom filter in AngularJS 1. Is a function that returns a function 2. Use the filter function to cr ...

  3. How could I create a custom windows message?

    [问题] Our project is running on Windows CE 6.0 and is written in C++ . We have some problems with the ...

  4. [Angular] Create a custom validator for reactive forms in Angular

    Also check: directive for form validation User input validation is a core part of creating proper HT ...

  5. [Angular] Create a custom validator for template driven forms in Angular

    User input validation is a core part of creating proper HTML forms. Form validators not only help yo ...

  6. how to create react custom hooks with arguments

    how to create react custom hooks with arguments React Hooks & Custom Hooks // reusable custom ho ...

  7. [Angular] Create a custom pipe

    For example we want to create a pipe, to tranform byte to Mb. We using it in html like: <div> ...

  8. Create a custom configSection in web.config or app.config file

    config file: <?xml version="1.0" encoding="utf-8" ?> <configuration> ...

  9. How to create a custom action type with a custom control (BarCheckItem), associated with it

    https://www.devexpress.com/Support/Center/Example/Details/E1977/how-to-create-a-custom-action-type-w ...

随机推荐

  1. 正则表达式和文本挖掘(Text Mining)

    在进行文本挖掘时,TSQL中的通配符(Wildchar)显得功能不足,这时,使用“CLR+正则表达式”是非常不错的选择,正则表达式看似非常复杂,但,万变不离其宗,熟练掌握正则表达式的元数据,就能熟练和 ...

  2. SQL Server 即时文件初始化

    一.本文所涉及的内容(Contents) 本文所涉及的内容(Contents) 背景(Contexts) 基础知识(Rudimentary Knowledge) 实现过程(Process) 疑问(Qu ...

  3. GDB调试命令

    1.查看源码: list [函数名][行数] 2.暂停程序 (1)设置断点: a.break + [源代码行号][源代码函数名][内存地址] b.break ... if condition   .. ...

  4. 记一次nginx部署yii2项目时502 bad gateway错误的排查

    周六闲来无事,就试着安装和部署下yii2,安装过程没什么问题,但部署到nginx上时遇到了502 bad gatewary问题,折腾了半天才搞定.这个问题是我以前在部署yii2时没有遇到过的,因此记在 ...

  5. 解决MyEclipe出现An error has occurred,See error log for more details的错误

    今晚在卸载MyEclipse时出现An error has occurred,See error log for more details的错误,打开相应路径下的文件查看得如下: !SESSION 2 ...

  6. JAVA多态

    多态是指当系统A访问系统B的服务时,系统B可以通过多种方式来提供服务,而这一切对系统A是透明的.比如动物园的饲养员能够给各种各样的动物喂食.下图显示了饲养员Feeder,食物Food和动物Animal ...

  7. PreEmptive Dotfuscator and Analytics CE

    PreEmptive Dotfuscator and Analytics CE Dotfuscator 是领先的 .NET 模糊处理程序和压缩程序,有助于防止程序遭到反向工程,同时使程序更小更高效.D ...

  8. 『.NET Core CLI工具文档』(九)dotnet-run

    说明:本文是个人翻译文章,由于个人水平有限,有不对的地方请大家帮忙更正. 原文:dotnet-run 翻译:dotnet-run 名称 dotnet-run -- 没有任何明确的编译或启动命令运行&q ...

  9. C#-#define条件编译

    本文导读: C#的预处理器指令从来不会转化为可执行代码的命令,但是会影响编译过程的各个方面,常用的预处理器指令有#define.#undef.#if,#elif,#else和#endif等等,下面介绍 ...

  10. C++进程间通信

    # C++进程间通信 # 进程间通讯的四种方式:剪贴板.匿名管道.命名管道和邮槽 ## 剪切板 ## //设置剪切板内容 CString str; this->GetDlgItemText(ID ...