123 lines
9.8 KiB
XML
123 lines
9.8 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<Type Name="PrincipalPermissionMode" FullName="System.ServiceModel.Description.PrincipalPermissionMode">
|
|
<TypeSignature Language="C#" Value="public enum PrincipalPermissionMode" />
|
|
<TypeSignature Language="ILAsm" Value=".class public auto ansi sealed PrincipalPermissionMode extends System.Enum" />
|
|
<AssemblyInfo>
|
|
<AssemblyName>System.ServiceModel</AssemblyName>
|
|
<AssemblyVersion>4.0.0.0</AssemblyVersion>
|
|
</AssemblyInfo>
|
|
<Base>
|
|
<BaseTypeName>System.Enum</BaseTypeName>
|
|
</Base>
|
|
<Docs>
|
|
<remarks>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>When applying the <see cref="T:System.Security.Permissions.PrincipalPermissionAttribute" /> to a method, this mode specifies which set of roles to use when authorizing access. By default, the attribute uses Windows groups (such as Administrator or Users) to specify the role to which the user must belong.</para>
|
|
<para>To set the mode programmatically, create an instance of the ServiceHost class, then find the <see cref="T:System.ServiceModel.Description.ServiceAuthorizationBehavior" /> in its collection of behaviors, and set the <see cref="P:System.ServiceModel.Description.ServiceAuthorizationBehavior.PrincipalPermissionMode" /> to the appropriate enumeration. The following example sets the property to <see cref="F:System.ServiceModel.Description.PrincipalPermissionMode.UseAspNetRoles" />.</para>
|
|
<para>code reference: PrincipalPermissionMode#1</para>
|
|
<para>You can also set the behavior in configuration by adding a <format type="text/html"><a href="18cddad5-ddcb-4839-a0ac-1d6f6ab783ca"><serviceAuthorization> element</a></format> to the <format type="text/html"><a href="5aed9062-cc36-4b72-b9dd-a3018b8ffafc">serviceBehaviors section</a></format> of a configuration file, as shown in the following code.</para>
|
|
<para>code reference: PrincipalPermissionMode#10</para>
|
|
<para>The enumeration affects how the <see cref="T:System.Security.Permissions.PrincipalPermissionAttribute" /> attribute authorizes a user when it is applied to a method. The following example applies the attribute to a method and demands that the user belong to the Users group on the computer. This code works only when the <see cref="P:System.ServiceModel.Description.ServiceAuthorizationBehavior.PrincipalPermissionMode" /> is set to UseWindowsGroup (the default setting).</para>
|
|
<para>code reference: PrincipalPermissionMode#2</para>
|
|
<format type="text/html">
|
|
<h2>UseAspNetRoles</h2>
|
|
</format>
|
|
<para>The <see cref="F:System.ServiceModel.Description.PrincipalPermissionMode.UseAspNetRoles" /> value is used for all credential types. This mode enables indigo1 to use the ASP.NET role provider to make authorization decisions. </para>
|
|
<para>When the credential for a service is an X.509 certificate, you can set the Name property of the <see cref="T:System.Security.Permissions.PrincipalPermissionAttribute" /> to a string that consists of the concatenated values of the Subject field and the Thumbprint field, as shown in the following example.</para>
|
|
<para>code reference: PrincipalPermissionMode#3</para>
|
|
<para>The concatenated string consists of the subject and thumbprint values separated by a semicolon and a space.</para>
|
|
<para>It is also possible for a certificate to have a Subject field set to a null string. In that case, you can set the Name property to a semicolon followed by a space and then the thumbprint, as shown in the following example.</para>
|
|
<para>code reference: PrincipalPermissionMode#4</para>
|
|
<para>If an ASP.NET role provider is present, you can also set the <see cref="P:System.Security.Permissions.PrincipalPermissionAttribute.Role" /> property to a role in the database. By default, the database is represented by the <see cref="T:System.Web.Security.SqlRoleProvider" />. You can also set a custom role provider with the <see cref="P:System.ServiceModel.Description.ServiceAuthorizationBehavior.RoleProvider" /> property of the <see cref="T:System.ServiceModel.Description.ServiceAuthorizationBehavior" /> class. The following code sets the role to Administrators. Note that the role provider must map the user account to that role.</para>
|
|
<para>code reference: PrincipalPermissionMode#13</para>
|
|
<para>crabout the ASP.NET Role provider, see <see cref="http://go.microsoft.com/fwlink/?LinkId=96692">How To: Use Role Manager in ASP.NET 2.0</see>.</para>
|
|
<para>crabout using indigo2 and the role provider, see <format type="text/html"><a href="88d33a81-8ac7-48de-978c-5c5b1257951e">How To: Use the ASP.NET Role Provider</a></format>.</para>
|
|
<format type="text/html">
|
|
<h2>Custom</h2>
|
|
</format>
|
|
<para>When the property is set to <see cref="F:System.ServiceModel.Description.PrincipalPermissionMode.Custom" />, you must also provide a custom class that implements the <see cref="T:System.IdentityModel.Policy.IAuthorizationPolicy" /> class. This class is responsible for providing the caller's IPrincipal representation inside the <see cref="P:System.IdentityModel.Policy.EvaluationContext.Properties" /> collection. It must store the IPrincipal instance to the properties collection using the "Principal" string key, as shown in the following example.</para>
|
|
<code>evaluationContext.Properties["Principal"]=new CustomPrincipal(identity);</code>
|
|
<format type="text/html">
|
|
<h2>Background</h2>
|
|
</format>
|
|
<para>The role-based security in dnprdnshort enables applications to specify authorizations through code. By specifying the <see cref="T:System.Security.Permissions.PrincipalPermission" /> demand, the <see cref="P:System.Threading.Thread.CurrentPrincipal" /> must satisfy the PrincipalPermission requirement. For example, that the user must be in a specific role or group. Otherwise, the thread is not authorized to execute the code, which results in an exception. indigo2 provides a set of <see cref="T:System.ServiceModel.Description.PrincipalPermissionMode" /> selections to specify the <see cref="P:System.Threading.Thread.CurrentPrincipal" /> based on <see cref="T:System.Security.SecurityContext" /> accordingly.</para>
|
|
</remarks>
|
|
<summary>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>Sets the mode for authorization checks when using the <see cref="T:System.Security.Permissions.PrincipalPermissionAttribute" /> to control access to a method. </para>
|
|
</summary>
|
|
</Docs>
|
|
<Members>
|
|
<Member MemberName="Custom">
|
|
<MemberSignature Language="C#" Value="Custom" />
|
|
<MemberSignature Language="ILAsm" Value=".field public static literal valuetype System.ServiceModel.Description.PrincipalPermissionMode Custom = int32(3)" />
|
|
<MemberType>Field</MemberType>
|
|
<AssemblyInfo>
|
|
<AssemblyVersion>4.0.0.0</AssemblyVersion>
|
|
</AssemblyInfo>
|
|
<ReturnValue>
|
|
<ReturnType>System.ServiceModel.Description.PrincipalPermissionMode</ReturnType>
|
|
</ReturnValue>
|
|
<Docs>
|
|
<summary>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>Enables the user to specify a custom <see cref="T:System.Security.Principal.IPrincipal" /> class for <see cref="P:System.Threading.Thread.CurrentPrincipal" />.</para>
|
|
</summary>
|
|
</Docs>
|
|
</Member>
|
|
<Member MemberName="None">
|
|
<MemberSignature Language="C#" Value="None" />
|
|
<MemberSignature Language="ILAsm" Value=".field public static literal valuetype System.ServiceModel.Description.PrincipalPermissionMode None = int32(0)" />
|
|
<MemberType>Field</MemberType>
|
|
<AssemblyInfo>
|
|
<AssemblyVersion>4.0.0.0</AssemblyVersion>
|
|
</AssemblyInfo>
|
|
<ReturnValue>
|
|
<ReturnType>System.ServiceModel.Description.PrincipalPermissionMode</ReturnType>
|
|
</ReturnValue>
|
|
<Docs>
|
|
<summary>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>
|
|
<see cref="P:System.Threading.Thread.CurrentPrincipal" /> is not set.</para>
|
|
</summary>
|
|
</Docs>
|
|
</Member>
|
|
<Member MemberName="UseAspNetRoles">
|
|
<MemberSignature Language="C#" Value="UseAspNetRoles" />
|
|
<MemberSignature Language="ILAsm" Value=".field public static literal valuetype System.ServiceModel.Description.PrincipalPermissionMode UseAspNetRoles = int32(2)" />
|
|
<MemberType>Field</MemberType>
|
|
<AssemblyInfo>
|
|
<AssemblyVersion>4.0.0.0</AssemblyVersion>
|
|
</AssemblyInfo>
|
|
<ReturnValue>
|
|
<ReturnType>System.ServiceModel.Description.PrincipalPermissionMode</ReturnType>
|
|
</ReturnValue>
|
|
<Docs>
|
|
<summary>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>
|
|
<see cref="P:System.Threading.Thread.CurrentPrincipal" /> is set based on the vstecasp role provider (<see cref="T:System.Web.Security.RoleProvider" />). </para>
|
|
</summary>
|
|
</Docs>
|
|
</Member>
|
|
<Member MemberName="UseWindowsGroups">
|
|
<MemberSignature Language="C#" Value="UseWindowsGroups" />
|
|
<MemberSignature Language="ILAsm" Value=".field public static literal valuetype System.ServiceModel.Description.PrincipalPermissionMode UseWindowsGroups = int32(1)" />
|
|
<MemberType>Field</MemberType>
|
|
<AssemblyInfo>
|
|
<AssemblyVersion>4.0.0.0</AssemblyVersion>
|
|
</AssemblyInfo>
|
|
<ReturnValue>
|
|
<ReturnType>System.ServiceModel.Description.PrincipalPermissionMode</ReturnType>
|
|
</ReturnValue>
|
|
<Docs>
|
|
<summary>
|
|
<attribution license="cc4" from="Microsoft" modified="false" />
|
|
<para>
|
|
<see cref="P:System.Threading.Thread.CurrentPrincipal" /> is set based on Windows (<see cref="T:System.Security.Principal.WindowsPrincipal" />). If the user identity is not associated with a Windows account, anonymous Windows is used. </para>
|
|
</summary>
|
|
</Docs>
|
|
</Member>
|
|
</Members>
|
|
</Type> |