Note

Access to this page requires authorization. You can try signing in or .

Access to this page requires authorization. You can try .

IAuthorizationPolicy.Evaluate(EvaluationContext, Object) Method

Definition

Namespace:
System.IdentityModel.Policy
Assembly:
System.ServiceModel.Primitives.dll
Assembly:
System.IdentityModel.dll
Package:
System.ServiceModel.Primitives v10.0.652802
Source:
IAuthorizationPolicy.cs
Source:
IAuthorizationPolicy.cs
Source:
IAuthorizationPolicy.cs

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Evaluates whether a user meets the requirements for this authorization policy.

public:
 bool Evaluate(System::IdentityModel::Policy::EvaluationContext ^ evaluationContext, System::Object ^ % state);
public bool Evaluate(System.IdentityModel.Policy.EvaluationContext evaluationContext, ref object state);
abstract member Evaluate : System.IdentityModel.Policy.EvaluationContext * obj -> bool
Public Function Evaluate (evaluationContext As EvaluationContext, ByRef state As Object) As Boolean

Parameters

evaluationContext
EvaluationContext

An EvaluationContext that contains the claim set that the authorization policy evaluates.

state
Object

A Object, passed by reference that represents the custom state for this authorization policy.

Returns

false if the Evaluate(EvaluationContext, Object) method for this authorization policy must be called if additional claims are added by other authorization policies to evaluationContext; otherwise, true to state no additional evaluation is required by this authorization policy.

Examples

public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
 bool bRet = false;
 CustomAuthState customstate = null;

 // If state is null, then this method has not been called before, so
 // set up a custom state.
 if (state == null)
 {
 customstate = new CustomAuthState();
 state = customstate;
 }
 else
 {
 customstate = (CustomAuthState)state;
 }

 Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate");

 // If claims have not been added yet...
 if (!customstate.ClaimsAdded)
 {
 // Create an empty list of Claims.
 IList<Claim> claims = new List<Claim>();

 // Iterate through each of the claim sets in the evaluation context.
 foreach (ClaimSet cs in evaluationContext.ClaimSets)
 // Look for Name claims in the current claim set.
 foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
 // Get the list of operations the given username is allowed to call.
 foreach (string s in GetAllowedOpList(c.Resource.ToString()))
 {
 // Add claims to the list.
 claims.Add(new Claim("http://example.org/claims/allowedoperation", s, Rights.PossessProperty));
 Console.WriteLine("Claim added {0}", s);
 }

 // Add claims to the evaluation context.
 evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));

 // Record that claims have been added.
 customstate.ClaimsAdded = true;

 // Return true, which indicates this need not be called again.
 bRet = true;
 }
 else
 {
 // This point should not be reached, but just in case...
 bRet = true;
 }

 return bRet;
}

Public Function Evaluate(ByVal evaluationContext As EvaluationContext, _
 ByRef state As Object) As Boolean Implements IAuthorizationPolicy.Evaluate

 Dim bRet As Boolean = False
 Dim customstate As CustomAuthState = Nothing

 ' If state is null, then this method has not been called before, so 
 ' set up a custom state.
 If state Is Nothing Then
 customstate = New CustomAuthState()
 state = customstate
 Else
 customstate = CType(state, CustomAuthState)
 End If
 Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate")

 ' If the claims have not been added yet...
 If Not customstate.ClaimsAdded Then
 ' Create an empty list of Claims
 Dim claims As New List(Of Claim)

 ' Iterate through each of the claimsets in the evaluation context.
 Dim cs As ClaimSet
 For Each cs In evaluationContext.ClaimSets
 ' Look for Name claims in the current claim set.
 Dim c As Claim
 For Each c In cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty)
 ' Get the list of operations the given username is allowed to call.
 Dim s As String
 For Each s In GetAllowedOpList(c.Resource.ToString())

 ' Add claims to the list
 claims.Add(New Claim("http://example.org/claims/allowedoperation", _
 s, Rights.PossessProperty))
 Console.WriteLine("Claim added {0}", s)
 Next s
 Next c
 Next cs 
 
 ' Add claims to the evaluation context.
 evaluationContext.AddClaimSet(Me, New DefaultClaimSet(Me.Issuer, claims))

 ' Record that claims have been added.
 customstate.ClaimsAdded = True

 ' Return true, which indicates the method need not to be called again.
 bRet = True
 Else
 ' Should never get here, but just in case...
 bRet = True
 End If


 Return bRet

End Function 'Evaluate

Remarks

Note

Implementers of the IAuthorizationPolicy interface should expect the Evaluate method to be called multiple times by different threads.

Implementers of the IAuthorizationPolicy interface can use the state parameter to track state between calls to the Evaluate method. If a state object is set inside a given call to the Evaluate method, the same object instance is passed to each and every subsequent call to the Evaluate method in the current evaluation process.

Applies to

Feedback

Was this page helpful?