Re: IPrincipal and IsInRole
From: Nicole Calinoiu (nicolec_at_somewhere.net)
Date: 08/27/04
- Previous message: Nicole Calinoiu: "Re: DPAPI with User Profile"
- In reply to: Arturo: "IPrincipal and IsInRole"
- Next in thread: Nicole Calinoiu: "Re: IPrincipal and IsInRole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Aug 2004 14:46:56 -0400
"Arturo" <arturo-g@lycos.com> wrote in message
news:e1a45d36.0408270311.1d87e844@posting.google.com...
> Hello. I have a question:
>
> My methods are implementing the <PrincipalPermission> attribute and
> checking through role in the identity. I have implemented my own
> Principal and Identity object. The user should logon and the info is
> loaded from a database.
>
> If this library exposes public methods and another developer makes a
> console app and creates it's own implementation of IPrincipal and
> IIdentity and always returns true in IsInRole, is he going to be able
> to execute my code?
Yes. See, for example,
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconreplacingprincipalobject.asp.
Please note that SecurityPermission.ControlPrincipal is part of the
FullTrust named permission set (which a developer can most likely grant to
any code running on his own machine or have granted to his code on other
machines), and it can be bypassed anyway by disabling CAS on the machine.
Also, it doesn't only affect public methods since low accessibility
(private, internal, protected) members can be accessed via reflection.
>
> Is there any way to tag the method to request only Windows security or
> My own security IPrincipal or IIdentity of type X, but nothing else?
Yup, but it'll just raise the bar a bit since the developer could decompile
your library, remove the verifications, and recompile. I agree that this is
a major PITA but, within the current .NET Framework context, there's not
much you can do to prevent it if the code executes on a machine that is
directly or indirectly in your putative malicious and/or ignorant
developer's control.
If your code is running on a "safe" machine, your best bet for assuring that
a specific IPrincipal or IIdentity type may be to create a new
permission/attribute pair analogous to PrincipalPermission[Attribute].
Otherwise, you would need to check that the correct type is being used every
time a target class or member is accessed. The burden of the latter
approach could be lightened somewhat by using another attribute that simply
checks the principal type rather than making this verification within the
target members.
>
> Many thanks!
- Previous message: Nicole Calinoiu: "Re: DPAPI with User Profile"
- In reply to: Arturo: "IPrincipal and IsInRole"
- Next in thread: Nicole Calinoiu: "Re: IPrincipal and IsInRole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
