Re: Weird behaviour of the PrincipalPermission attribute

---

• From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
• Date: Sat, 14 Oct 2006 17:14:54 -0400

---

Declarative PrincipalPermission demands are unioned within a class. If you mark a class with an authenticated demand, any authenticated user will be able to use any class member. Imperative demands are independent of declarative demands, which is why yours blocks access despite the class-level demand.


"Amid" <Amid@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:E4697750-BC34-458A-8970-DE65744F547E@xxxxxxxxxxxxxxxx

Let's suppose we have the following class:

[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
public class TestClass
{
[PrincipalPermission(SecurityAction.Demand, Role = "Administrator")]
public void CallMe()
{
PrincipalPermission MyPermission = new PrincipalPermission("User",
"Administrator");
MyPermission.Demand();
}
}

And the following code snippet that uses it:

class Class1
{
[STAThread]
static void Main(string[] args)
{
SetPrincipal("bad user");
TestClass tp = new TestClass();
tp.CallMe();
}

private static void SetPrincipal(string role)
{
GenericIdentity myIdentity = new GenericIdentity("User");

String[] myStringArray = { role };
GenericPrincipal myPrincipal = new GenericPrincipal(myIdentity,
myStringArray);

Thread.CurrentPrincipal = myPrincipal;
}
}

The weird thing about this code that declarative permission check allows to
call method TestClass.CallMe() (though it is not supposed to) but imperative
check within this method throws an exception and behaves correctly.
Now if I remove declarative permission check from the class declaration and
leave one on the method everything works as expected.

Any thoughts will be appreciated. Thanks in advance.

.

---

• Prev by Date: Re: ActiveDirectory group membership in offline profile
• Next by Date: Re: CASPOL - StrongName trusts not being applied
• Previous by thread: ActiveDirectory group membership in offline profile
• Next by thread: Re: UserControl on Web Page - can I use dependent assemblies on client
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: allowing a function to be called only from a specific function ... CBFalconer schreef: ... compilation unit. ... only if the a static declaration is already in scope, ... static void f1{ ... (comp.lang.c) Re: allowing a function to be called only from a specific function ... CBFalconer schreef: ... compilation unit. ... only if the a static declaration is already in scope, ... static void f1{ ... (comp.lang.c) Re: Forward declarations to static variables ... > It's a declaration and a *tentative* definition. ... static int is_our_file(char *filename) ... static void play_file ... Of course I could make forward declarations of my static functions, ... (comp.lang.c) Re: C# Language Proposal for out Parameters ... you wont have to goto to see the method declaration to find out if the ... > but it seems superfluous to have to specify them at every call. ... >> static void Main ... >> technique is used, promoting readability. ... (microsoft.public.dotnet.languages.csharp) C# Language Proposal for out Parameters ... static void Main ... int i = GetValue; ... The solution to this problem would be to allow the declaration of the ... technique is used, promoting readability. ... (microsoft.public.dotnet.languages.csharp)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2006-10