1. 技术文章
  2. Code is ignoring PrincipalPermission attribute?

Code is ignoring PrincipalPermission attribute?

ぃ、小莉子 提交于 2019-12-22 08:23:23

问题


I have a Delete method on all my business objects that has the PrincipalPermission attribute on it.

Example:

[PrincipalPermission(SecurityAction.Demand, Role = "Vendor Manager")]
        public static bool Delete(Vendor myVendor)
        {

            //do work here
        }

The problem is that it appears to be completely ignoring my PrincipalPermission. It lets anyone through, no matter what role they may be part of.

Is there something else I've forgotten to do? I have added the following to my Application's global.asax in the Application Startup section:

AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);

But that doesn't make any difference either.

I also just tried the following:

public static bool Delete(Vendor myVendor)
        {
            PrincipalPermission iPerm = new PrincipalPermission(null, "Vendor Manager");
            iPerm.Demand();

            //do work here
        }

and wouldn't ya know, this works just fine!.... any ideas on why it works one way but not the other?


回答1:


Did you get an answer for this? I just tested this in my own application and it works pretty well. I'm specifically NOT adding

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);

And, I'm using Forms Authentication (ASP.NET Membership), MVC 2, .NET 3.5.

I did however discover if I decorate my class with the following my method decorations do not work.

[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]



回答2:


Only one observation for any people that says that sample does not work. Check the name for the role according with your local culture. For example, if you resides in Mexico, you must to use: @"BUILTIN\Administradores" instead of @"BUILTIN\Administrators".




回答3:


Have you validated that the Windows principal doesn't happen to have the permission you're requiring? Something like this (modified from here) -- I would think -- should mimic that behavior and allow you to step through. It should indicate whether or not the permission is granted.

If this passes, then I would expect the attribute to pass on through as well. If this fails, but the attribute passes through, then I'm as stumped as you are.

static void Main(string[] args)
{
    AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
    PrincipalPermission principalPerm = new PrincipalPermission(null, "Vendor Manager");
    try
    {
        principalPerm.Demand();
        Console.WriteLine("Demand succeeded.");
    }
    catch (Exception secEx)
    {
        Console.WriteLine("Demand failed.");
    }
    Console.ReadLine();
}


来源:https://stackoverflow.com/questions/4128186/code-is-ignoring-principalpermission-attribute

标签
c#
security
permissions
iprincipal
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!