Re: Custom IPrincipal and declarative security checking

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 03/15/05


Date: Tue, 15 Mar 2005 13:32:25 -0800

Hello Baileys,

only apply your IPrincipal impl to Context.User -

there is a undocumented event "DefaultAuthentication" that fires directly
after AuthenticateRequest that copies Context.User to Thread.CurrentPrincipal.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi,
>
> I'm having trouble getting declarative checks (using
> PrinciplePermissionAttribute) to work with my custom IPrincipal
> implementation in a web scenario.
>
> I created a custom principal class (MyPrincipal), implementing the
> IPrincipal interface
> I added code to the global.asax Application_AuthenticateRequest
> handler to
> construct an instance of MyPrincipal, and assign this instance to
> Context.User (also tried assigning the instance to both Context.User
> and
> Thread.CurrentPrincipal).
> I've got a class (MyClass) defined as follows:
> public class MyClass
> {
> [PrincipalPermission(SecurityAction.Demand, Role="Admin")]
> public static void MyMethod()
> {
> // do stuff
> }
> }
> I have got a web page containing the following code in Page_Load:
>
> bool test = Thread.CurrentPrincipal.IsInRole("Admin"); // 1. works
> (test=true) bool test2 = Context.User.IsInRole("Admin");
> // 2. works (test2=true)
>
> PrincipalPermission p = new PrincipalPermission(null, "Admin");
> p.Demand();
> // 3 .Fails
>
> MyClass.MyMethod() //
> 4. Fails
>
> The last 2 methods (using PrincipalPermission.Demand and calling the
> MyMethod) fail with a security exception ( Exception Details:
> System.Security.SecurityException: Request for principal permission
> failed.).
>
> I was under the impression that PrincipalPermissionAttribute class
> would work with every implementation of IPrinciple, and not just with
> the WindowsPrincipal & GenericPrincipal, is that correct?
>
> Am i missing something obvious here? Would especially be grateful for
> links to docs exploring .NET security with custom implementations of
> different security related classes...
>
> Thanks in advance, all help welcome...
>
> Baileys.
>



Relevant Pages

  • Custom IPrincipal and declarative security checking
    ... PrinciplePermissionAttribute) to work with my custom IPrincipal ... implementation in a web scenario. ... I created a custom principal class, ... work with every implementation of IPrinciple, ...
    (microsoft.public.dotnet.security)
  • Re: role, domain, and user based security...
    ... IPrinciple, I am leaning this way but I want to understand ... I don't think AzMan supports direct mapping of users to ... were using Windows security auth with AD, ... >> what Microsoft's security model is setup to handle. ...
    (microsoft.public.dotnet.security)
  • Custom principles and DnsPermission.Demand()
    ... We have windows application and have created our own custom principle & ... identity objects that implement IPrinciple and IIdentity. ... imperative security demand: ... CAS will now throw security exceptions when we try to run code that demands ...
    (microsoft.public.dotnet.languages.csharp)
  • Custom principles and DnsPermission.Demand()
    ... We have windows application and have created our own custom principle & ... identity objects that implement IPrinciple and IIdentity. ... imperative security demand: ... CAS will now throw security exceptions when we try to run code that demands ...
    (microsoft.public.dotnet.security)