Custom principles and DnsPermission.Demand()

From: andrew lowe (andrew.lowe###a-t###geac.com)
Date: 03/29/05

  • Next message: Stelrad Doulton: "Windows 2003 and socket based server"
    Date: Tue, 29 Mar 2005 13:39:19 +1000
    
    

    Hi

    We have windows application and have created our own custom principle &
    identity objects that implement IPrinciple and IIdentity. When a user logs
    into our system we set the threads principle to our custom principle object
    by calling Thread.CurrentPrinciple = blah. This all works great for role
    based security. BUT lets say i want to run one line of code which causes an
    imperative security demand:

    Dns.GetHostName();

    CAS will now throw security exceptions when we try to run code that demands
    permissions. I thought the following code might be a work around

    IPrincipal currentPrinciple = Thread.CurrentPrincipal;
    try
    {
        Thread.CurrentPrincipal = new
    WindowsPrincipal(WindowsIdentity.GetCurrent());
        Dns.GetHostName();
    }
    finally
    {
        Thread.CurrentPrincipal = currentPrinciple;
    }

    But alas the DnsPermission.Demand() still throws a security exception. I
    think the following article and quote might explain why
    http://support.microsoft.com/default.aspx?scid=kb;en-us;318169

    "Imperative security uses code that is executed at run time to enforce
    security. At run time, when a Demand method is called from an Identity
    Permission class, the call stack is evaluated to verify the code. If there
    is a point in the call stack where assemblies that were previously called do
    not have the same identity as the code, exceptions are thrown."

    So, I wish to use alot of classes that have security demands in them but if
    i use my own principle objects i can no longer use them. It seems to be a
    wee bit of a conundrum. Anyone have any thoughts besides

    tia
    andrew


  • Next message: Stelrad Doulton: "Windows 2003 and socket based server"