Re: PrincipalPermission trouble
From: Viorel Ghilas (vghilas_at_hotmail.com)
Date: 06/20/05
- Next message: Dominick Baier [DevelopMentor]: "Re: PrincipalPermission trouble"
- Previous message: Mary Chipman [MSFT]: "Re: reference for .net security"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: PrincipalPermission trouble"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: PrincipalPermission trouble"
- Reply: Dominick Baier [DevelopMentor]: "Re: PrincipalPermission trouble"
- Reply: Dominick Baier [DevelopMentor]: "Re: PrincipalPermission trouble"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 20 Jun 2005 09:14:35 +0300
I am absolutly know that it's the principal that must be checked. It's not a
security issuer in authentication, it's microsoft defenition of LinkDemand
a.. LinkDemand happens at just-in-time (JIT) compilation time and checks
only the immediate caller. This security check does not check the caller's
caller. Once this check passes, there is no additional security overhead no
matter how many times the caller might call. However, there is also no
protection from luring attacks. With LinkDemand, any code that passes the
test and can reference your code can potentially break security by allowing
malicious code to call using the authorized code. Therefore, do not use
LinkDemand unless all the possible weaknesses can be thoroughly avoided.
But Demand I don't use for performance reasions. So I decide to move from
declarative LinkDemand security permissions to my own imperative security
check method and I will check all cases and will log more graceful errors.
With best regards
Viorel
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OgsJFy0cFHA.2288@TK2MSFTNGP14.phx.gbl...
> Are you absolutely positive that the correct principal is on the thread
when
> you make your checks? Is Thread.CurrentPrincipal pointing to a different
> user every time or the same user? Perhaps there is a bug in your
> authentication or something.
>
> Joe K.
>
> "Viorel Ghilas" <vghilas@hotmail.com> wrote in message
> news:%23pR4JmkcFHA.796@TK2MSFTNGP09.phx.gbl...
> > Hi all,
> >
> > I have a library that have methods protected with PrincipalPermission,
for
> > ex.
> > [PrincipalPermission(SecurityAction.LinkDemand, Role="DBAdmin")]
> > public Guid GetAdminId() {
> > return new Guid("{BCA26163-E488-4ce8-BF6B-597EB0BE388F}");
> > }
> >
> > and I have a web app that create an user with a role on login. The
problem
> > is that after one user with "DBAdmin" role call GetAdminId then after it
> > every user with every role that are loged in system could call this
> > method.
> > How can I resolve this problem. If I put Demand otherwise LinkDemand it
> > will
> > work, but I dont use because of performance reason. I suppose that .NET
> > cached method calls with it's securiy permissions? Sure I protect web
> > pages
> > with authorization mecanism, but the library will be used with other
> > person,
> > and all validation must be on business layer. One solution is to use my
> > customer imperative security mecanism. But I want to know what is wrong?
> >
> > With best regards
> > Viorel
> >
> >
>
>
- Next message: Dominick Baier [DevelopMentor]: "Re: PrincipalPermission trouble"
- Previous message: Mary Chipman [MSFT]: "Re: reference for .net security"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: PrincipalPermission trouble"
- Next in thread: Dominick Baier [DevelopMentor]: "Re: PrincipalPermission trouble"
- Reply: Dominick Baier [DevelopMentor]: "Re: PrincipalPermission trouble"
- Reply: Dominick Baier [DevelopMentor]: "Re: PrincipalPermission trouble"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
