Custom principles and DnsPermission.Demand()

From: andrew lowe (andrew.lowe###a-t###geac.com)
Date: 03/29/05

  • Next message: Stelrad Doulton: "Windows 2003 and socket based server"
    Date: Tue, 29 Mar 2005 13:39:19 +1000
    
    

    Hi

    We have windows application and have created our own custom principle &
    identity objects that implement IPrinciple and IIdentity. When a user logs
    into our system we set the threads principle to our custom principle object
    by calling Thread.CurrentPrinciple = blah. This all works great for role
    based security. BUT lets say i want to run one line of code which causes an
    imperative security demand:

    Dns.GetHostName();

    CAS will now throw security exceptions when we try to run code that demands
    permissions. I thought the following code might be a work around

    IPrincipal currentPrinciple = Thread.CurrentPrincipal;
    try
    {
        Thread.CurrentPrincipal = new
    WindowsPrincipal(WindowsIdentity.GetCurrent());
        Dns.GetHostName();
    }
    finally
    {
        Thread.CurrentPrincipal = currentPrinciple;
    }

    But alas the DnsPermission.Demand() still throws a security exception. I
    think the following article and quote might explain why
    http://support.microsoft.com/default.aspx?scid=kb;en-us;318169

    "Imperative security uses code that is executed at run time to enforce
    security. At run time, when a Demand method is called from an Identity
    Permission class, the call stack is evaluated to verify the code. If there
    is a point in the call stack where assemblies that were previously called do
    not have the same identity as the code, exceptions are thrown."

    So, I wish to use alot of classes that have security demands in them but if
    i use my own principle objects i can no longer use them. It seems to be a
    wee bit of a conundrum. Anyone have any thoughts besides

    tia
    andrew


  • Next message: Stelrad Doulton: "Windows 2003 and socket based server"

    Relevant Pages

    • Custom principles and DnsPermission.Demand()
      ... We have windows application and have created our own custom principle & ... identity objects that implement IPrinciple and IIdentity. ... imperative security demand: ... CAS will now throw security exceptions when we try to run code that demands ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Custom principles and DnsPermission.Demand()
      ... I think there is some confusion here regarding how CAS works. ... security decisions based on the permissions granted to the actual code. ... > We have windows application and have created our own custom principle & ...
      (microsoft.public.dotnet.security)
    • Re: role, domain, and user based security...
      ... IPrinciple, I am leaning this way but I want to understand ... I don't think AzMan supports direct mapping of users to ... were using Windows security auth with AD, ... >> what Microsoft's security model is setup to handle. ...
      (microsoft.public.dotnet.security)
    • Re: Custom IPrincipal and declarative security checking
      ... > PrinciplePermissionAttribute) to work with my custom IPrincipal ... > I created a custom principal class, ... > MyMethod) fail with a security exception (Exception Details: ... > would work with every implementation of IPrinciple, ...
      (microsoft.public.dotnet.security)
    • Re: Security Exception thrown from non-executed code? WHY WHY WHY???
      ... What i think may be happening is that the security check is being ... scanned for security exceptions before the JIT compilation begins for ... > This is very strange. ...
      (microsoft.public.dotnet.framework.windowsforms)