Geek Answers Handbook

Does code ignore PrincipalPermission attribute?

I have a Delete method in all my business objects that has the PrincipalPermission attribute on it.

Example:

[PrincipalPermission(SecurityAction.Demand, Role = "Vendor Manager")] public static bool Delete(Vendor myVendor) { //do work here }

The problem is that it seems to completely ignore my PrincipalPermission. It allows anyone, no matter what role they can be part of.

Is there anything else I forgot to do? I added the following to my global.asax application under the "Launch Application" section:

 AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);

But this also does not matter.

I also tried the following:

 public static bool Delete(Vendor myVendor) { PrincipalPermission iPerm = new PrincipalPermission(null, "Vendor Manager"); iPerm.Demand(); //do work here }

and I don’t know, it works great! ... any ideas on why it works in one way, but not in another?

+4
source share
3 answers

Did you get an answer for this? I just tested this in my application and it works very well. I specifically DO NOT add

 AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);

And I use forms authentication (ASP.NET membership), MVC 2, .NET 3.5.

However, I found that if I decorate my class in the following ways, it will not work.

 [PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
+2
source

Only one observation for any people who say that the sample does not work. Check the role name according to your local culture. For example, if you live in Mexico, you should use: @"BUILTIN\Administradores" instead of @"BUILTIN\Administrators" .

+1
source

Have you confirmed that the Windows Director does not have the permission you require? Something like this (modified from here ) - I would have thought - should imitate this behavior and let you pass. He must indicate whether permission is granted.

If this passes, I would expect the attribute to also pass. If this fails, but the attribute passes, then I am as deadlock as you are.

 static void Main(string[] args) { AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); PrincipalPermission principalPerm = new PrincipalPermission(null, "Vendor Manager"); try { principalPerm.Demand(); Console.WriteLine("Demand succeeded."); } catch (Exception secEx) { Console.WriteLine("Demand failed."); } Console.ReadLine(); }
0
source

More articles:


All Articles