c# - Annotating a class using ClaimsPrincipalPermission with a claim returned by ADFS 2.0 -

i using claims enable web app. want lock down web page custom attribute allow access page if claim(s) present..

i following

claim claim = claimsidentity.claims.firstordefault(c => c.claimtype  == "http://somedomain.com/claims/memberofgroup" && c.value == "domain\\test group"); 

and redirect them away page if claim null..

but how annotating class.

i looking @ claimsprincipalpermission

[claimsprincipalpermission(securityaction.demand, resource="", operation="")] 

but life of me can't see put resource , operation. how claim returned adfs claimsprincipalpermission. need write lot of custom classes this?

thanks,

you have create own authorizationmanager class inherits claimsauthorizationmanager , override checkaccess() method. method called method decorated claimsprincipalpermission attribute. passed authorizationcontext object contains resource string, operation string , iprincipal object contains claims current user has. inside method can parse data way choose determine access , return true or false.

in wif sdk samples, find simple, console app project called claimsauthorization demonstrates this. uses resource , operation in application config file see claims user needs , returns true or false accordingly. of course, don't have that, can use other logic choose.

the sample under c:\program files (x86)\windows identity foundation sdk\v4.0\samples\extensibility\claims based authorization

hope helps