|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
linkdemand for principalpermissionIf linkdemands are satisfied at JIT phase, how can it figure out the current principal before running the code? For example, if I was going to use windowsprincipals to make RBS decisions, and I decorate a method with a linkdemand for principalpermission of "BUILTIN\ADMINISTARTORS" like this: [PrincipalPermissionAttribute(SecurityAction.LinkDemand, Role = @"BUILTIN\Administrators")] static void MethodA() how would the JIT figure this out without running the code? When I runthe above code, it always produces "SecurityException: Request for principal permission failed....". And it looks that is happening at JIT phase not runtime. This becomes even more of an issue when I'm using generic roles. Am I missing something? "Jas" <J**@discussions.microsoft.com> wrote in message Pretty much nothing.news:14C94F27-6A8A-4A9B-A826-048517566E73@microsoft.com... >I can't seem to understand what a linkdemand for a principalpermission >means? > If linkdemands are satisfied at JIT phase, how can it figure out the It can't.> current > principal before running the code? Show quoteHide quote > For example, if I was going to use windowsprincipals to make RBS You should be using SecurityAction.Demand, not SecuirtyAction.LinkDemand, in > decisions, > and I decorate a method with a linkdemand for principalpermission of > "BUILTIN\ADMINISTARTORS" like this: > > [PrincipalPermissionAttribute(SecurityAction.LinkDemand, Role = > @"BUILTIN\Administrators")] > static void MethodA() > > > how would the JIT figure this out without running the code? When I runthe > above code, it always produces "SecurityException: Request for principal > permission failed....". And it looks that is happening at JIT phase not > runtime. This becomes even more of an issue when I'm using generic roles. > > Am I missing something? your PrincipalPermission attributes (and, for other reasons, most other permission request attributes with the occasional exception of identity permissions). PrincipalPermission does not inherit from CodeAccessPermission, and it does not perform a stack walk, so there's essentially no point in even trying the link demand approach anyway (even if it did work <g>). Nicole,
Thanks, that's what I thought but I wanted to be sure. Show quoteHide quote "Jas" wrote: > I can't seem to understand what a linkdemand for a principalpermission means? > If linkdemands are satisfied at JIT phase, how can it figure out the current > principal before running the code? > > For example, if I was going to use windowsprincipals to make RBS decisions, > and I decorate a method with a linkdemand for principalpermission of > "BUILTIN\ADMINISTARTORS" like this: > > [PrincipalPermissionAttribute(SecurityAction.LinkDemand, Role = > @"BUILTIN\Administrators")] > static void MethodA() > > > how would the JIT figure this out without running the code? When I runthe > above code, it always produces "SecurityException: Request for principal > permission failed....". And it looks that is happening at JIT phase not > runtime. This becomes even more of an issue when I'm using generic roles. > > Am I missing something? 
Other interesting topics
Prevent access to advapi32.dll RevertToSelf()
enumerate runtime permissions TripleDESCryptoServiceProvider Custom security permission exception error message Logon with Digital Siganture (PKI/OCES - or what else they're called) Correctly using RSACryptoServiceProvider? Code Signing Certificates for individuals / open-source simple way to encrypt data windows authentication problem security engineering for windows forms |
|||||||||||||||||||||||
