Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
ClaimTypes Class
Definition
- Namespace:
- System.IdentityModel.Claims
- Assembly:
- System.ServiceModel.Primitives.dll
- Assembly:
- System.IdentityModel.dll
- Package:
- System.ServiceModel.Primitives v10.0.652802
- Source:
- ClaimTypes.cs
- Source:
- ClaimTypes.cs
- Source:
- ClaimTypes.cs
Important
Some information relates to prerelease product that may be substantially modified before itβs released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Represents the pre-defined types of claims that an entity can claim. This class cannot be inherited.
public ref class ClaimTypes abstract sealedpublic static class ClaimTypestype ClaimTypes = classPublic Class ClaimTypes- Inheritance
-
ClaimTypes
Examples
using System;
using System.Collections.Generic;
using System.Security.Cryptography.X509Certificates;
using System.IdentityModel.Claims;
using System.IdentityModel.Policy;
using System.IdentityModel.Tokens;
using System.IdentityModel.Selectors;
using System.ServiceModel;
namespace Microsoft.ServiceModel.Samples.SupportingTokens
{
[ServiceContract]
public interface IEchoService : IDisposable
{
[OperationContract]
string Echo();
}
// Service class that implements the service contract.
[ServiceBehavior(IncludeExceptionDetailInFaults = true)]
public class EchoService : IEchoService
{
public string Echo()
{
string userName;
string certificateSubjectName;
GetCallerIdentities(OperationContext.Current.ServiceSecurityContext, out userName, out certificateSubjectName);
return String.Format("Hello {0}, {1}", userName, certificateSubjectName);
}
public void Dispose()
{
}
bool TryGetClaimValue<TClaimResource>(ClaimSet claimSet, string claimType, out TClaimResource resourceValue)
where TClaimResource : class
{
resourceValue = default(TClaimResource);
IEnumerable<Claim> matchingClaims = claimSet.FindClaims(claimType, Rights.PossessProperty);
if (matchingClaims == null)
return false;
IEnumerator<Claim> enumerator = matchingClaims.GetEnumerator();
if (enumerator.MoveNext())
{
resourceValue = (enumerator.Current.Resource == null) ? null : (enumerator.Current.Resource as TClaimResource);
return true;
}
else
{
return false;
}
}
// Returns the username and certificate subject name provided by the client.
void GetCallerIdentities(ServiceSecurityContext callerSecurityContext, out string userName, out string certificateSubjectName)
{
userName = null;
certificateSubjectName = null;
// Look in all the claimsets in the authorization context.
foreach (ClaimSet claimSet in callerSecurityContext.AuthorizationContext.ClaimSets)
{
// Try to find a Upn claim. This has been generated from the windows username.
string tmpName;
if (TryGetClaimValue<string>(claimSet, ClaimTypes.Upn, out tmpName))
{
userName = tmpName;
}
else
{
// Try to find an X500DistinguishedName claim. This has been generated from the client certificate.
X500DistinguishedName tmpDistinguishedName;
if (TryGetClaimValue<X500DistinguishedName>(claimSet, ClaimTypes.X500DistinguishedName, out tmpDistinguishedName))
{
certificateSubjectName = tmpDistinguishedName.Name;
}
}
}
}
}
}
Imports System.Collections.Generic
Imports System.Security.Cryptography.X509Certificates
Imports System.IdentityModel.Claims
Imports System.IdentityModel.Policy
Imports System.IdentityModel.Tokens
Imports System.IdentityModel.Selectors
Imports System.ServiceModel
' Service class that implements the service contract.
<ServiceBehavior(IncludeExceptionDetailInFaults:=True)> _
Public Class EchoService
Implements IEchoService
<ServiceContract()> _
Public Interface IEchoService
: Inherits IDisposable
<OperationContract()> _
Function Echo() As String
End Interface 'IEchoService
Public Function Echo() As String Implements IEchoService.Echo
Dim userName As String = String.Empty
Dim certificateSubjectName As String = String.Empty
GetCallerIdentities(OperationContext.Current.ServiceSecurityContext, userName, certificateSubjectName)
Return String.Format("Hello {0}, {1}", userName, certificateSubjectName)
End Function 'Echo
Public Sub Dispose() Implements IDisposable.Dispose
End Sub
Function TryGetClaimValue(Of TClaimResource)(ByVal claimSet As ClaimSet, ByVal claimType As String, ByRef resourceValue As TClaimResource) As Boolean
Dim matchingClaims As IEnumerable(Of Claim) = claimSet.FindClaims(claimType, Rights.PossessProperty)
If matchingClaims Is Nothing Then
Return False
End If
Dim enumerator As IEnumerator(Of Claim) = matchingClaims.GetEnumerator()
If enumerator.MoveNext() Then
If enumerator.Current.Resource Is Nothing Then
resourceValue = Nothing
Else
resourceValue = CType(enumerator.Current.Resource, TClaimResource)
End If
Return True
Else
Return False
End If
End Function
Sub GetCallerIdentities(ByVal callerSecurityContext As ServiceSecurityContext, ByRef userName As String, ByRef certificateSubjectName As String)
' Returns the username and certificate subject name provided by the client.
userName = Nothing
certificateSubjectName = Nothing
' Look in all the claimsets in the authorization context.
Dim claimSet As ClaimSet
For Each claimSet In callerSecurityContext.AuthorizationContext.ClaimSets
' Try to find a Upn claim. This has been generated from the Windows username.
Dim tmpName As String = String.Empty
If TryGetClaimValue(Of String)(claimSet, ClaimTypes.Upn, tmpName) Then
userName = tmpName
Else
' Try to find an X500DistinguishedName claim. This has been generated from the client certificate.
Dim tmpDistinguishedName As X500DistinguishedName = Nothing
If TryGetClaimValue(Of X500DistinguishedName)(claimSet, ClaimTypes.X500DistinguishedName, tmpDistinguishedName) Then
certificateSubjectName = tmpDistinguishedName.Name
End If
End If
Next claimSet
End Sub
End Class
Remarks
Use the ClaimTypes class to search for a particular type of claim in a ClaimSet or to create a claim. To search for a particular type of claim in a ClaimSet, use the FindClaims(String, String) method and use the properties of this class to specify the claim type for the claimType parameter. When the constructor for the Claim class is used to create a new claim, use the properties of the ClaimTypes class to specify the claimType parameter. For many of the claim types, the Claim class has static properties that return a claim of a specific type. For instance, the CreateHashClaim(Byte[]) method returns a claim using the Hash claim type.
Properties
| Name | Description |
|---|---|
| Anonymous |
Gets the URI for a claim that specifies the anonymous user. |
| Authentication |
Gets the URI for a claim that specifies details about whether an identity is authenticated. |
| AuthorizationDecision |
Gets the URI for a claim that specifies an authorization decision on an entity. |
| Country |
Gets the URI for a claim that specifies the country/region in which an entity resides. |
| DateOfBirth |
Gets the URI for a claim that specifies the date of birth of an entity. |
| DenyOnlySid |
Gets the URI for a claim that specifies a deny-only security identifier (SID) for an entity. |
| Dns |
Gets the URI for a claim that specifies the DNS name associated with the computer name or with the alternative name of either the subject or issuer of an X.509 certificate. |
|
Gets the URI for a claim that specifies the email address of an entity. |
|
| Gender |
Gets the URI for a claim that specifies the gender of an entity. |
| GivenName |
Gets the URI for a claim that specifies the given name of an entity. |
| Hash |
Gets the URI for a claim that specifies a hash value. |
| HomePhone |
Gets the URI for a claim that specifies the home phone number of an entity. |
| Locality |
Gets the URI for a claim that specifies the locale in which an entity resides. |
| MobilePhone |
Gets the URI for a claim that specifies the mobile phone number of an entity. |
| Name |
Gets the URI for a claim that specifies the name of an entity. |
| NameIdentifier |
Gets the URI for a claim that specifies the name of an entity. |
| OtherPhone |
Gets the URI for a claim that specifies the alternative phone number of an entity. |
| PostalCode |
Gets the URI for a claim that specifies the postal code of an entity. |
| PPID |
Gets the URI for a claim that specifies the private personal identifier (PPI) of an entity. |
| Rsa |
Gets the URI for a claim that specifies an RSA key. |
| Sid |
Gets the URI for a claim that specifies a security identifier (SID). |
| Spn |
Gets the URI for a claim that specifies a service principal name (SPN) claim. |
| StateOrProvince |
Gets the URI for a claim that specifies the state or province in which an entity resides. |
| StreetAddress |
Gets the URI for a claim that specifies the street address of an entity. |
| Surname |
Gets the URI for a claim that specifies the surname of an entity. |
| System |
Gets the URI for a claim that identifies the system entity. |
| Thumbprint |
Gets the URI for a claim that specifies a thumbprint. |
| Upn |
Gets the URI for a claim that specifies a user principal name (UPN). |
| Uri |
Gets the URI for a claim that specifies a URI. |
| Webpage |
Gets the URI for a claim that specifies the Web page of an entity. |
| X500DistinguishedName |
Gets the string that contains the URI for a distinguished name claim of an X.509 certificate. |
Applies to
Feedback
Was this page helpful?