RE: PrincipalPermissionAttribute and custom IPrincipal

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi Andrew,

The key to do this is to set Thread.CurrentPrincipal instead of
Context.User. Here's a sample. For the simplicity I hard coded the role.
The following code only allows Role1 to access MYBLL. You can try to change
[PrincipalPermission(SecurityAction.Demand,Role="Role2")] to see the effect.

Aspx:
<asp:Button ID="Button1" runat="server" Text="Button"
onclick="Button1_Click" />

Aspx.cs:

[PrincipalPermission(SecurityAction.Demand,Role="Role1")]
public class MYBLL
{

}
public partial class _Default : System.Web.UI.Page
{
protected void Page_PreInit(object sender, EventArgs e)
{
Thread.CurrentPrincipal=new SitePrincipal(1773);

}

protected void Button1_Click(object sender, EventArgs e)
{
MYBLL test = new MYBLL();
}
}
public class SitePrincipal : System.Security.Principal.IPrincipal
{
public SitePrincipal(int accountID)
{
_identity = new SiteIdentity(accountID);
}
#region IPrincipal Members
SiteIdentity _identity;
public System.Security.Principal.IIdentity Identity
{
get { return _identity; }
}
public bool IsInRole(string role)
{
if (role == "Role1")
return true;
else { return false;
}
}

#endregion
}
public class SiteIdentity : IIdentity
{
string _name;
public SiteIdentity(int accountID)
{
_name = accountID.ToString();

}
#region IIdentity Members

public string AuthenticationType
{
get { throw new NotImplementedException(); }
}

public bool IsAuthenticated
{
get { return true; }
}

public string Name
{
get { return _name; }
}

#endregion
}

Please have a try and let me know if it works. If you have additional
questions please feel free to ask.

Regards,
Allen Chen
Microsoft Online Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

Quantcast