RE: Security Attribute on Event?

From: v-schang@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
Date: Wed, 18 May 2005 02:01:13 GMT

Hi Xenophon,

Welcome to ASPNET newsgroup.
Regarding on the program on using Declarative role based security through
..net 's PrincipalPermission attribute in asp.net app, here are some of my
understanding:

The PrincipalPermissionAttribute will have the same behavior as we
programmatically use PrincipalPermission class instance to demand the
permission. Like:

PrincipalPermission permission = new PrincipalPermission(null, "Role1",
true);
permission.Demand();
So what's the behavior on your page is you use the above programmatical
demand?

Also, I'm not quite sure on the "quietly failed" you mentioned, when and
how does it happen? Is it only happen when you apply the security demand on
a helper function rather than control's event handler function?

If convenient, would you also send me a test page so that I can perform
the same test on my side?

Looking forward to your response. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

.

Follow-Ups:
- Re: Security Attribute on Event?
  - From: xenophon

References:
- Security Attribute on Event?
  - From: xenophon

Prev by Date: Re: javascript confirm fires after deletion instead of before
Next by Date: Re: Long time in Render phase on production server
Previous by thread: Security Attribute on Event?
Next by thread: Re: Security Attribute on Event?
Index(es):
- Date
- Thread

Relevant Pages

Re: PrincipalPermission trouble
... I agree that PrincipalPermission is not really a CAS Permission because it ... > so in other words - there is no performance optimization using LinkDemand ... This security check does not check ... >> But Demand I don't use for performance reasions. ...
(microsoft.public.dotnet.security)
Re: Security Attribute on Event?
... >.net 's PrincipalPermission attribute in asp.net app, ... >programmatically use PrincipalPermission class instance to demand the ... Is it only happen when you apply the security demand on ... >a helper function rather than control's event handler function? ...
(microsoft.public.dotnet.framework.aspnet)
Re: Reg Role BAsed security..
... My question is the same security I can achive by using session. ... So what are the advantages of using rolebased security..over using session.. ... > lets you use the PrincipalPermission class as well as the ... > PrincipalPermission or PrincipalPermissionAttribute classes). ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Reg Role BAsed security..
... > My question is the same security I can achive by using session. ... >> lets you use the PrincipalPermission class as well as the ... >> have no reference to your ASP.NET code or session variables by simply ... >> PrincipalPermission or PrincipalPermissionAttribute classes). ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Security Exception
... > the connecting users according to the Local Users and Groups on ... > permission = permission.Union(new PrincipalPermission(null, ... Demand() method does. ... or not the role and ID of the PrincipalPermission match ...
(microsoft.public.dotnet.framework.aspnet)