Custom IPrincipal and declarative security checking

From: Baileys (
Date: 03/15/05

Date: Tue, 15 Mar 2005 05:29:03 -0800


I'm having trouble getting declarative checks (using
PrinciplePermissionAttribute) to work with my custom IPrincipal
implementation in a web scenario.

I created a custom principal class (MyPrincipal), implementing the
IPrincipal interface
I added code to the global.asax Application_AuthenticateRequest handler to
construct an instance of MyPrincipal, and assign this instance to
Context.User (also tried assigning the instance to both Context.User and
I've got a class (MyClass) defined as follows:

public class MyClass
  [PrincipalPermission(SecurityAction.Demand, Role="Admin")]
  public static void MyMethod()
    // do stuff

I have got a web page containing the following code in Page_Load:

bool test = Thread.CurrentPrincipal.IsInRole("Admin"); // 1. works (test=true)
bool test2 = Context.User.IsInRole("Admin"); // 2. works

PrincipalPermission p = new PrincipalPermission(null, "Admin");
p.Demand(); // 3

MyClass.MyMethod() // 4. Fails

The last 2 methods (using PrincipalPermission.Demand and calling the
MyMethod) fail with a security exception ( Exception Details:
System.Security.SecurityException: Request for principal permission failed.).

I was under the impression that PrincipalPermissionAttribute class would
work with every implementation of IPrinciple, and not just with the
WindowsPrincipal & GenericPrincipal, is that correct?

Am i missing something obvious here? Would especially be grateful for links
to docs exploring .NET security with custom implementations of different
security related classes...

Thanks in advance, all help welcome...