Re: Different results between declarative and imperative security
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 20 Sep 2006 10:18:17 +0000 (UTC)
PrincipalPermission relies on the fact that you have populated Thread.CurrentPrincipal like
Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com
Thanks Joe, but I've tried both of these:
[PrincipalPermission(SecurityAction.Demand,
Role=@"builtin\administrators")]
and
[PrincipalPermission(SecurityAction.Demand,
Role=@"<machinename>\administrators")]
and neither one works, even though
Boolean fAdmin = prin.IsInRole(WindowsBuiltInRole.Administrator);
works.
Any other ideas?
Thanks,
Karin
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23JyMKt$2GHA.4228@xxxxxxxxxxxxxxxxxxxxxxx
The role name is probably not "Administrators", but
"machine\administrators" or "builtin\administrators" when using the
PrincipalPermissionAttribute. Windows groups and users are always
prefixed like that when using the Windows-based security system
(WindowsPrincipal/WindowsIdentity).
Personally, I'd recommend against using the
PrincipalPermissionAttribute with Windows security principals, as you
can't change the strings at runtime. They must be compiled in. That
makes it difficult for your code to move between environments. I
think you will get better results by calling IsInRole explicitly.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Karin" <karin@xxxxxxxxxxxxx> wrote in message
news:_5KPg.5091$vD2.4623@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
Can anyone tell me why I get two different results with the
following 2
ways of checking to see if I'm in the Administrators group? This is
in a
Windows form in C#:
If I comment out the first line (the PrincipalPermissionAttribute
line),
then I get the message that I am an Administrator. Yet, when I
uncomment
the declarative security attribute then I get the error message:
"Request
for principal permission failed".
Seems like since I am in the local administrator's group that I
should be allowed to access the class.
[PrincipalPermission(SecurityAction.Demand, Role="Administrators")]
public class Security_Test : System.Windows.Forms.Form
{
/*
... Initialize Component stuff and Constructor removed for brevity
*/
private void Security_Test_Load(object sender, System.EventArgs e) {
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPr
incipal);
WindowsPrincipal prin = (WindowsPrincipal)
System.Threading.Thread.CurrentPrincipal;
bool fAdmin = prin.IsInRole(WindowsBuiltInRole.Administrator);
if(fAdmin)
{
MessageBox.Show(
"You are a member of the Administrators group");
}
}
}
}
Thanks,
Karin
.
- References:
- Prev by Date: Re: Authentication problem
- Next by Date: Re: Different results between declarative and imperative security
- Previous by thread: Re: Different results between declarative and imperative security
- Next by thread: Re: Different results between declarative and imperative security
- Index(es):
Relevant Pages
|
