Re: Different results between declarative and imperative security
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 19 Sep 2006 09:52:53 -0500
The role name is probably not "Administrators", but "machine\administrators"
or "builtin\administrators" when using the PrincipalPermissionAttribute.
Windows groups and users are always prefixed like that when using the
Windows-based security system (WindowsPrincipal/WindowsIdentity).
Personally, I'd recommend against using the PrincipalPermissionAttribute
with Windows security principals, as you can't change the strings at
runtime. They must be compiled in. That makes it difficult for your code
to move between environments. I think you will get better results by
calling IsInRole explicitly.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Karin" <karin@xxxxxxxxxxxxx> wrote in message
news:_5KPg.5091$vD2.4623@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
Can anyone tell me why I get two different results with the following 2
ways of checking to see if I'm in the Administrators group? This is in a
Windows form in C#:
If I comment out the first line (the PrincipalPermissionAttribute line),
then I get the message that I am an Administrator. Yet, when I uncomment
the declarative security attribute then I get the error message: "Request
for principal permission failed".
Seems like since I am in the local administrator's group that I should be
allowed to access the class.
[PrincipalPermission(SecurityAction.Demand, Role="Administrators")]
public class Security_Test : System.Windows.Forms.Form
{
/*
... Initialize Component stuff and Constructor removed for brevity
*/
private void Security_Test_Load(object sender, System.EventArgs e)
{
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
WindowsPrincipal prin = (WindowsPrincipal)
System.Threading.Thread.CurrentPrincipal;
bool fAdmin = prin.IsInRole(WindowsBuiltInRole.Administrator);
if(fAdmin)
{
MessageBox.Show(
"You are a member of the Administrators group");
}
}
}
}
Thanks,
Karin
.
- Follow-Ups:
- References:
- Prev by Date: Re: Pure LDAP Authentication using vb.net
- Next by Date: Re: Pure LDAP Authentication using vb.net
- Previous by thread: Different results between declarative and imperative security
- Next by thread: Re: Different results between declarative and imperative security
- Index(es):
Relevant Pages
|
