Re: Custom IPrincipal and declarative security checking
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: Tue, 15 Mar 2005 13:32:25 -0800
only apply your IPrincipal impl to Context.User -
there is a undocumented event "DefaultAuthentication" that fires directly
after AuthenticateRequest that copies Context.User to Thread.CurrentPrincipal.
Dominick Baier - DevelopMentor
> I'm having trouble getting declarative checks (using
> PrinciplePermissionAttribute) to work with my custom IPrincipal
> implementation in a web scenario.
> I created a custom principal class (MyPrincipal), implementing the
> IPrincipal interface
> I added code to the global.asax Application_AuthenticateRequest
> handler to
> construct an instance of MyPrincipal, and assign this instance to
> Context.User (also tried assigning the instance to both Context.User
> I've got a class (MyClass) defined as follows:
> public class MyClass
> [PrincipalPermission(SecurityAction.Demand, Role="Admin")]
> public static void MyMethod()
> // do stuff
> I have got a web page containing the following code in Page_Load:
> bool test = Thread.CurrentPrincipal.IsInRole("Admin"); // 1. works
> (test=true) bool test2 = Context.User.IsInRole("Admin");
> // 2. works (test2=true)
> PrincipalPermission p = new PrincipalPermission(null, "Admin");
> // 3 .Fails
> MyClass.MyMethod() //
> 4. Fails
> The last 2 methods (using PrincipalPermission.Demand and calling the
> MyMethod) fail with a security exception ( Exception Details:
> System.Security.SecurityException: Request for principal permission
> I was under the impression that PrincipalPermissionAttribute class
> would work with every implementation of IPrinciple, and not just with
> the WindowsPrincipal & GenericPrincipal, is that correct?
> Am i missing something obvious here? Would especially be grateful for
> links to docs exploring .NET security with custom implementations of
> different security related classes...
> Thanks in advance, all help welcome...