Back to Windows Azure Active Directory Solutions For Developers 

Table of Contents


Scenario

In this scenario application requires to implement complex authorization rules logic, something that cannot be satisfied using only roles. The application enforces access by calculating the outcome - grant or deny access - based on the information available in the request including the claims in the incoming token.

Solution Approach

The solution relies on ClaimsAuthorizationManager - WIF' extensibility point. You develop custom ClaimsAuthorizationManager and register it in web.config. You can optionally express the rules as a policy in the web.config so that the custom ClaimsAuthorizationManager can read them at run time and enforce them for the incoming requests. For detailed step-by-step walkthrough read How To: Implement Claims Authorization in a Claims-Aware ASP.NET Application Using WIF and ACS.

Analysis

Implement claims-cased authorization when role base access control (RBAC) is insufficient to satisfy authorization requirements. Read more about RBAC in Role-Based Access Control (RBAC) Authorization In Claims-Aware Applications 

How-To's

Code Samples

Resources