Re: 70-340, Role Based Security question
- From: "RYoung" <no@xxxxxxxx>
- Date: Tue, 12 Sep 2006 17:48:21 -0500
Thanks Joseph.
With the info you provided I can imagine a scenario where at one time the
method was restricted to the Administrators group only, and this was
enforced with the PrincipalPermissionAttribute. At some later time, the rule
was relaxed to also allow User1 of the Managers group, so the only change
required was the additional PrincipalPermissionAttribute, and then, again
the rule was relaxed to allow "any authenticated user."
Would you agree that is a reasonable conclusion/scenario and approach?
Ron
"Joseph Bittman MVP MCSD" <RyanBittman@xxxxxxx> wrote in message
news:1450424C-56BA-42ED-9BEB-8974F3DD8349@xxxxxxxxxxxxxxxx
Sept. 12, 2006
Yes, any user who satisifies one of those demands will be able to run the
code... To address your confusion about the //comment..... basically, the
comment is using "administrator" in the context/definition of an
administrator can be in either the Administrators group, User1 in the
Managers group, or anyone else who is authenticated.
We "readers" would normally define an administrator as being *only*
someone in the Administrators group, and therefore it is a difference
between how the book is using the word administrators, and how we use
it...
Hope this helps!
--
Joseph Bittman
Microsoft Certified Solution Developer
Microsoft Most Valuable Professional -- DPM
Blog/Web Site: http://CactiDevelopers.ResDev.Net/
"RYoung" <no@xxxxxxxx> wrote in message
news:%23OUHO6p1GHA.4452@xxxxxxxxxxxxxxxxxxxxxxx
Hello all,
I was reading Tony Northrups book for 70-340/330, p. 5-22 about
declarative RBS demands.
Here is sample code that I'm concerned with:
[PrincipalPermission(SecurityAction.Demand, Name =
@"CONTOSO\Administrators")]
[PrincipalPermission(SecurityAction.Demand, Name = @"CONTOSO\User1", Role
= @"CONTOSO\Managers")]
[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
private void AdminOnlyMethod()
{
// only Administrators can run this code
}
The book states (summarized): The following code allows any of the
following to run the method - 1) Members of the local Administrators
group, 2) User named CONTOSO\User1 who is a member of CONTOSO\Managers
group, 3) Any authenticated user.
My question is that the comment in the method "//only Administrators can
run this code" seems to contradict who can run the code based on those 3
conditions above.
If "User1" logs in, he can run the AdminOnlyMethod() method correct?
Additionally, if "UserX" logs in, who is an authenticated user of "Sales"
logs in, he can run the method also - because of the last
PrincipalPermission attribute?
Thanks for any insight on that,
Ron
.
- Follow-Ups:
- Re: 70-340, Role Based Security question
- From: Joseph Bittman MVP MCSD
- Re: 70-340, Role Based Security question
- References:
- 70-340, Role Based Security question
- From: RYoung
- Re: 70-340, Role Based Security question
- From: Joseph Bittman MVP MCSD
- 70-340, Role Based Security question
- Prev by Date: Re: 70-340, Role Based Security question
- Next by Date: Re: 70-340, Role Based Security question
- Previous by thread: Re: 70-340, Role Based Security question
- Next by thread: Re: 70-340, Role Based Security question
- Index(es):
Relevant Pages
|
