Re: Declarative security

From: Nicole Calinoiu (calinoiu)
Date: 11/15/04

  • Next message: menkaur: "protection ageinst pirates" 
    Date: Mon, 15 Nov 2004 11:28:26 -0500

    Use of a custom permission is probably a lot more work than it's worth in
    this scenario. It would be a lot simpler to make an imperative demand for
    PrincipalPersmission on the user whose profile is being updated. e.g.
    (assuming the UserProfile class has a read-only UserName property):

    private void Update(...)
    {
        PrincipalPermission perm = new PrincipalPermission(this.UserName,
    "User");
        perm.Demand();

        // Perform the actual update here.
    }

    "Jacek Hełka" <jacek.helka@aion.com.pl> wrote in message
    news:erhErMyyEHA.3824@TK2MSFTNGP09.phx.gbl...
    > Sorry,
    > It's bad example.
    > Consider my own Permission attribute and my own Permisssion class.
    >
    > class UserProfile
    > {
    > [UserProfilePermissionAttribute(SecurityAction.Demand, Role="User")]
    > private void Update(...)
    > {
    > private string userName;
    > ...
    > }
    > }
    >
    > But I'm not able to check access to UserProfile.Update() without knowing
    > UserProfile object, for which Update() method was invoked, because the
    > user
    > can edit only his own profile data.
    >
    >
    >
    > Użytkownik "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
    > napisał
    > w wiadomości news:uwcA$zxyEHA.3408@tk2msftngp13.phx.gbl...
    >> Which method of which object? In your example, if you mean the Demand
    >> method of the PrincipalPermission object created by the attribute then,
    > no,
    >> the DoSomething method could not grab a handle to that
    >> PrincipalPermission
    >> object.
    >>
    >> Is there something in particular that you are trying to accomplish with
    >> this?
    >>
    >>
    >>
    >> "Jacek Hełka" <jacek.helka@aion.com.pl> wrote in message
    >> news:%236Q1ncxyEHA.2572@tk2msftngp13.phx.gbl...
    >> > When using attributes to declare security, e.g.
    >> >
    >> > [PricipalPermissionAttribute(SecurityAction.Demand, Role="User")]
    >> > private void DoSomething()
    >> > {
    >> > ...
    >> > }
    >> >
    >> > can I obtain a reference to the object on which the method is invoked?
    >> >
    >> > Regards,
    >> > Jacek
    >> >
    >> >
    >>
    >>
    >
    >

  • Next message: menkaur: "protection ageinst pirates"

    Relevant Pages

    • Re: Design Question
      ... >> the declaration of the PrincipalPermission attribute and the call to ... Implement the check as a custom permission with a corresponding ... If I want to check permission on each public method of a web service, ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Design Question
      ... mechanism for directly retrieving a reference to the attribute target. ... permission or a principal permission with custom principal) or use a tool ... > But all role-based security information resides in AzMan store. ... >> the declaration of the PrincipalPermission attribute and the call to ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: linkdemand for principalpermission
      ... >I can't seem to understand what a linkdemand for a principalpermission ... And it looks that is happening at JIT phase not ... permission request attributes with the occasional exception of identity ...
      (microsoft.public.dotnet.security)
    • about deploying
      ... permission doesn't match the permission referenced from the book. ... private void OnFileOpen(object sender, EventArgs e) ...
      (microsoft.public.dotnet.languages.csharp)
    • Quantcast