Re: bug? -- PrincipalPermissionAttribute & GetCustomAttributes

From: Shawn Farkas [MS] (shawnfa_at_online.microsoft.com)
Date: 06/21/03

Next message: Joe Ocampo: "Unique ID Generator"

Previous message: Shawn Farkas [MS]: "Re: Unauthenticate a user"
In reply to: lx: "Re: bug? -- PrincipalPermissionAttribute & GetCustomAttributes"
Next in thread: Ivan Medvedev [MS]: "Re: bug? -- PrincipalPermissionAttribute & GetCustomAttributes"
Reply: Ivan Medvedev [MS]: "Re: bug? -- PrincipalPermissionAttribute & GetCustomAttributes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 20 Jun 2003 19:39:39 -0700

This refers to all declaritive security demands, any permission that you put
in an attribute will be unreadable through reflection.

-- 
--------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights
"lx" <alex@merchise.com> wrote in message 
news:#0#VAa4NDHA.2768@tk2msftngp13.phx.gbl...
> Hi Shawn,
>
> Unfortunately,  nowhere in .NET Documentation, Microsoft warns developers
> about this "peculiarity".
>
> It seems that not even Microsoft Technical Writers are aware of that 
> patch:
>
> Keith Brown published:
>
> Bear in mind that you can use reflection to read these attributes 
> ("relative
> to PrincipalPermissionAttribute") from an assembly. This should make it 
> easy
> to generate documentation for your classes, including which roles are
> allowed access to which classes and methods. This is another good reason 
> to
> prefer using declarative checks over imperative checks wherever 
> possible...
>
> MSDN Magazine > January 2002 > SECURITY BRIEFS | Managed Security Context 
> in
> ASP.NET
> http://msdn.microsoft.com/msdnmag/issues/02/01/security/
>
>
> This undocumented peculiarity refers to "PrincipalPermissionAttribute" 
> only.
> Or does it include a wider range of "Attribute-Morphos" framework objects 
> ?
>
> Thanks,
>
> alex
>
>
>
> "Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in message
> news:O$cPz73NDHA.1556@TK2MSFTNGP10.phx.gbl...
>> Hi Alex,
>>
>>     Unfortunately, although they look like custom attributes when you
> apply
>> them, declarative security demands are not stored as custom attributes in
> an
>> assembly.  Therefore you won't be able to see them when you reflect over
> the
>> custom security.  In current releases of the framework, there is no way 
>> to
>> use reflection to access declaritive security, although we are 
>> considering
>> adding this feature to a future version.
>>
>> -Shawn
>>
>
>

Next message: Joe Ocampo: "Unique ID Generator"

Previous message: Shawn Farkas [MS]: "Re: Unauthenticate a user"
In reply to: lx: "Re: bug? -- PrincipalPermissionAttribute & GetCustomAttributes"
Next in thread: Ivan Medvedev [MS]: "Re: bug? -- PrincipalPermissionAttribute & GetCustomAttributes"
Reply: Ivan Medvedev [MS]: "Re: bug? -- PrincipalPermissionAttribute & GetCustomAttributes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]