Resource-based security with IPermission?

• Previous message: Scott B: "Question on"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 31 Mar 2004 23:00:11 -0800

I am trying to protect custom resources such as Projects, and Ledgers.
 The permissions should be assigned to the resource and the
administrators should be able to grant/deny users or groups specific
actions at the resource.

For example:
All Projects: Grant "Project Managers"
Project ABC: Deny "Bob"
Project XYZ: Grant "Sally"

At first I was thinking I should try to integrate into the .NET
security model and could do something like the FileIOPermission where
access could be granted to a list of projects. CodeAccessSecurity
didn't really apply here as I don't care about the assembly evidence.
So I looked into extending the PrincipalPermission. Role-based
security however still doesn't tell that Bob as a Project Manager is
denied access to Project ABC or Sally is Granted access to XYZ. I was
thinking I could do a hybrid kind of thing and it wouldn't be too
difficult to extend PrincipalPermission but when I was thinking about
how I would implement Demand and test if the permission was granted
things didn't look so good. The granted resources and the associated
permissions are stored in a database, thus my implementation of
Demand() would query the database rather then use the
GrantedPermissions, this is easy enough, however I wondered how or if
SecurityManager.IsGranted would work correctly because it determines
what is "granted" from the Policy files and I of course can't override
it. (This made me curious about IsGranted using a PrincipalPermission,
so I decided I would test it and I well results were not what one
would expect (included below). Apparently, SecurityManager has some
special test if the permission is a PrincipalPermission it checks the
windows user groups regardless of the actual CurrentPrincipal). I
knew I would need to implement my own SecurityManager to authorize
permissions, but then I began to ask myself what does implementing
IPermission really offer? I'm beginning to think that IPermission is
designed *only* to be used for CodeAccessSecurity (despite the
existence of PrincipalPermission that 'IsGranted' unexpectedly). The
only benefit I can think of is the declarative security, for some
methods where I know ahead of time what the resource required is i.e.
[CreateProjectPermission(PermissionState.Unrestricted)] might be
useful, but most checks would need to be imperative as I don't know
ahead of time what resource will need to be checked. Does anyone have
any thoughts on this? Should I just forget about IPermission and do
my-own-thing?

-----
Quick test of PrincipalPermission and IsGranted with a
GenericPrincipal
(works as expected with a WindowsPrincipal but not a
GenericPrincipal):

IPrincipal p = new GenericPrincipal(new GenericIdentity("guest"),
null);
Thread.CurrentPrincipal = p;
IPermission perm = new PrincipalPermission(p.Identity.Name,
"BUILTIN\\Administrators");
Debug.WriteLine(SecurityManager.IsGranted(perm));
try
{
  perm.Demand();
}
catch(SecurityException e)
{
  Debug.WriteLine("Demand failed " + e.ToString());
}

output:

True
Demand failed System.Security.SecurityException: Request for principal
permission failed.
   at System.Security.Permissions.PrincipalPermission.Demand()
   at TestPrincipalPermission.Class1.Main() in c:\documents and
settings\kurt harriger\my documents\visual studio
projects\testprincipalpermission\class1.cs:line 26

• Previous message: Scott B: "Question on"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]