|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Weird behaviour of the PrincipalPermission attribute[PrincipalPermission(SecurityAction.Demand, Authenticated = true)] public class TestClass { [PrincipalPermission(SecurityAction.Demand, Role = "Administrator")] public void CallMe() { PrincipalPermission MyPermission = new PrincipalPermission("User", "Administrator"); MyPermission.Demand(); } } And the following code snippet that uses it: class Class1 { [STAThread] static void Main(string[] args) { SetPrincipal("bad user"); TestClass tp = new TestClass(); tp.CallMe(); } private static void SetPrincipal(string role) { GenericIdentity myIdentity = new GenericIdentity("User"); String[] myStringArray = { role }; GenericPrincipal myPrincipal = new GenericPrincipal(myIdentity, myStringArray); Thread.CurrentPrincipal = myPrincipal; } } The weird thing about this code that declarative permission check allows to call method TestClass.CallMe() (though it is not supposed to) but imperative check within this method throws an exception and behaves correctly. Now if I remove declarative permission check from the class declaration and leave one on the method everything works as expected. Any thoughts will be appreciated. Thanks in advance. Declarative PrincipalPermission demands are unioned within a class. If you
mark a class with an authenticated demand, any authenticated user will be able to use any class member. Imperative demands are independent of declarative demands, which is why yours blocks access despite the class-level demand. Show quoteHide quote "Amid" <A***@discussions.microsoft.com> wrote in message news:E4697750-BC34-458A-8970-DE65744F547E@microsoft.com... > Let's suppose we have the following class: > > [PrincipalPermission(SecurityAction.Demand, Authenticated = true)] > public class TestClass > { > [PrincipalPermission(SecurityAction.Demand, Role = "Administrator")] > public void CallMe() > { > PrincipalPermission MyPermission = new PrincipalPermission("User", > "Administrator"); > MyPermission.Demand(); > } > } > > And the following code snippet that uses it: > > class Class1 > { > [STAThread] > static void Main(string[] args) > { > SetPrincipal("bad user"); > TestClass tp = new TestClass(); > tp.CallMe(); > } > > private static void SetPrincipal(string role) > { > GenericIdentity myIdentity = new GenericIdentity("User"); > > String[] myStringArray = { role }; > GenericPrincipal myPrincipal = new GenericPrincipal(myIdentity, > myStringArray); > > Thread.CurrentPrincipal = myPrincipal; > } > } > > The weird thing about this code that declarative permission check allows > to > call method TestClass.CallMe() (though it is not supposed to) but > imperative > check within this method throws an exception and behaves correctly. > Now if I remove declarative permission check from the class declaration > and > leave one on the method everything works as expected. > > Any thoughts will be appreciated. Thanks in advance. 
Other interesting topics
CASPOL - StrongName trusts not being applied
Help me to understand Code Access Security. I don't get it. Help me to understand ?? CAS and Strong Named EntLib 2.0 Assemblies Any Obfuscator can hide the Key & iv? Thread.CurrentPrincipal only set once XML files and .Net, digital signatures, WebService Security how to use microsoft application blocks ent lib june 2005 UserControl on Web Page - can I use dependent assemblies on client interop assembly requiring full trust |
|||||||||||||||||||||||
