Re: Security Exception
From: Chris R. Timmons (crtimmons_at_X_NOSPAM_Xcrtimmonsinc.com)
Date: 01/14/05
- Next message: Jason: "Page asking for domain logon"
- Previous message: Mark: "Re: How can I tell if a visitor is a search engine bot?"
- In reply to: Jason: "Security Exception"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 14 Jan 2005 01:15:49 -0800
"Jason" <c_bananas@mighty.co.za> wrote in
news:OgMsdMg#EHA.2572@tk2msftngp13.phx.gbl:
> Hi
>
> I have a ASP.NET application where i would like to authenticate
> the connecting users according to the Local Users and Groups on
> the web server. I have the following code in the ASP.NET
> project.
>
> private static void Demand(string[] groups)
> {
> WindowsIdentity processIdentity =
> WindowsIdentity.GetCurrent();
> Console.WriteLine(processIdentity.Name);
>
> IPermission permission = null;
> foreach(string strGroup in groups)
> {
> string strDomainAndGroup = strGroup;
> if(strGroup.IndexOf ('\\') == -1)
> {
> strDomainAndGroup = Environment.MachineName + "\\" +
> strGroup;
> }
>
>
>
> if(permission == null)
> {
> permission = new PrincipalPermission(null,
> strDomainAndGroup);
> }
> else
> {
> permission = permission.Union(new PrincipalPermission(null,
> strDomainAndGroup));
> }
> }
>
> if(permission != null)
> {
> permission.Demand();
>
> // Revert to self, so that all actions now happen as the
> // process user, not as the impersonated user.
> Win32.AdvApi.RevertToSelf();
>
> }
> }
>
>
>
> but i get the following error when i hit the
> "permission.Demand();" line
>
> Security Exception
> Description: The application attempted to perform an operation
> not allowed by the security policy. To grant this application
> the required permission please contact your system administrator
> or change the application's trust level in the configuration
> file.
>
> Exception Details: System.Security.SecurityException: Request
> for principal permission failed.
>
> I know it says i must change the application's trust level. but
> i dont know how to do this? someone have an example? or a
> solution to my problem even? it would be much appreciated...
> thanks.
Jason,
I think you may have the wrong impression as to what the
Demand() method does.
Demand() is not a "demand" in the sense that your code is
demanding to be given a permission. There is no way for
code to grant itself more permissions that it was granted
by the security policies set by the administrator.
Demand() is "demanding" that .Net verify a certain state is
true. In this case, the state to be verified is whether
or not the role and ID of the PrincipalPermission match
the role and ID of the current thread's principal.
You are getting an exception because one or more of
your groups is not in the list of roles of the current
thread's principal.
or
You could change your void method Demand to a boolean method
called IsAuthenticated. Wrap the permission.Demand() call
in a try/catch block, and return false from the catch block.
Return true if no exceptions occur.
You also appear to be doing some kind of identity impersonation
through the Windows API. (Note that Demand() does not have anything
to do with impersonation). Managed wrappers for this functionality
are provided in the .Net framework.
or
There are also many messages in Google Groups and pages in the
regular Google search engine relating to ASP.Net impersonation.
-- Hope this helps. Chris. ------------- C.R. Timmons Consulting, Inc. http://www.crtimmonsinc.com/
- Next message: Jason: "Page asking for domain logon"
- Previous message: Mark: "Re: How can I tell if a visitor is a search engine bot?"
- In reply to: Jason: "Security Exception"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
