Re: Design Question
From: Nicholas Paldino [.NET/C# MVP] (mvp_at_spam.guard.caspershouse.com)
Date: 12/22/04
- Next message: mike: "Re: Typed DataSets"
- Previous message: DanGo: "Re: exception handling with events"
- In reply to: Nicole Calinoiu: "Re: Design Question"
- Next in thread: Anders Borum [.NET/C# MCP]: "Re: Design Question"
- Reply: Anders Borum [.NET/C# MCP]: "Re: Design Question"
- Reply: John Lee: "Re: Design Question"
- Reply: Nicole Calinoiu: "Re: Design Question"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 22 Dec 2004 16:15:03 -0500
Or (and I think this is the easiest one of all), just use a custom
principal, and let Code Access Security take care of the rest. Basically,
you implement IPrincipal, and set it as the principal for the thread that is
doing the processing.
Attached is a console application which demonstrates how to use the
PrincipalPermission attribute. Basically, there is an implementation of
IPrincipal and the current thread is set to use that principal (you will
have to do something different to have web requests use a certain principal,
but Im sure you can do it). Then, you just apply the right attribute to
your method, and the runtime will take care of the rest.
Try changing the IsInRole implementation to return something else, or
the declaration of the PrincipalPermission attribute and the call to
DoSomething will fail.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mvp@spam.guard.caspershouse.com
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:O5xBXYG6EHA.1260@TK2MSFTNGP12.phx.gbl...
> Yes, but it's probably not as simple as you might have hoped. Here are
> the
> three main approaches:
>
> 1. Implement the check as a custom permission with a corresponding
> attribute
> (http://msdn.microsoft.com/library/en-us/cpguide/html/cpconcreatingyourowncodeaccesspermissions.asp).
> This may be your best bet since you can presumably control whether the
> attribute assembly is registered as a trusted assembly.
>
> 2. Place the actual method work in objects that inherit from
> System.ContextBoundObject. This might interfere with your planned object
> hierarchy, as well as introducing an otherwise unnecessary performance
> hit.
>
> 3. Use a tool like XC# (http://www.resolvecorp.com/Products.aspx) to
> generate inline code that corresponds to your custom attribute.
>
> If this truly is a security permission, #1 is probably the "cleanest"
> approach. Otherwise, #3 would probably offer the best compromise between
> design-time convenience and runtime performance.
>
> HTH,
> Nicole
>
>
>
> "John Lee" <johnl@newsgroup.nospam> wrote in message
> news:ejm4%237F6EHA.2180@TK2MSFTNGP10.phx.gbl...
>> Hi,
>>
>> If I want to check permission on each public method of a web service,
>> (assume the checking routine is ready to use and called AccessCheck) ,
>> one
>> way of doing it is to call this AccessCheck on top of each public method,
>> I want to implement it in different way but seems missing something -
>>
>> I want to develop a custom attribute, let's say
>> SecurityCheckEnabledAttribute with only Yes/No parameter, then create a
>> base class for all web service classes, Is there any way to capture the
>> public method call from base class at runtime and then check if the
>> attribute is being applied and then check the permission?
>>
>> Thanks a lot!
>>
>> Regards,
>> John
>>
>
>
begin 666 program.cs
M=7-I;F<@4WES=&5M.PT*=7-I;F<@4WES=&5M+E-E8W5R:71Y+E!E<FUI<W-I
M;VYS.PT*=7-I;F<@4WES=&5M+E-E8W5R:71Y+E!R:6YC:7!A;#L-"G5S:6YG
M(%-Y<W1E;2Y4:')E861I;F<[#0H-"FYA;65S<&%C92!#;VYS;VQE07!P;&EC
M871I;VXR, T*>PT*(" @(&-L87-S($UY261E;G1I='D@($E)9&5N=&ET>0T*
M(" @('L-"@T*(" @(" @(" C<F5G:6]N($E)9&5N=&ET>2!-96UB97)S#0H@
M(" @(" @('-T<FEN9R!)261E;G1I='DN075T:&5N=&EC871I;VY4>7!E#0H@
M(" @(" @('L-"B @(" @(" @(" @(&=E="![(')E='5R;B!S;VUE=&AI;F<[
M('T-"B @(" @(" @?0T*#0H@(" @(" @(&)O;VP@24ED96YT:71Y+DES075T
M:&5N=&EC871E9 T*(" @(" @("![#0H@(" @(" @(" @("!G970@>R!R971U
M<FX@=')U93L@?0T*(" @(" @("!]#0H-"B @(" @(" @<W1R:6YG($E)9&5N
M=&ET>2Y.86UE#0H@(" @(" @('L-"B @(" @(" @(" @(&=E="![(')E='5R
M;B!.:6-K.R!]#0H@(" @(" @('T-"@T*#0H@(" @(" @("-E;F1R96=I;VX-
M"B @("!]#0H-"B @("!C;&%S<R!->5!R:6YC:7!A;" @25!R:6YC:7!A; T*
M(" @('L-"@T*(" @(" @(" C<F5G:6]N($E0<FEN8VEP86P@365M8F5R<PT*
M(" @(" @("!)261E;G1I='D@25!R:6YC:7!A;"Y)9&5N=&ET>0T*(" @(" @
M("![#0H@(" @(" @(" @("!G970@>R!R971U<FX@;F5W($UY261E;G1I='DH
M*3L@?0T*(" @(" @("!]#0H-"@T*(" @(" @("!B;V]L($E0<FEN8VEP86PN
M27-);E)O;&4H<W1R:6YG(')O;&4I#0H@(" @(" @('L-"B @(" @(" @(" @
M(')E='5R;B H<F]L92 ]/2!->5)O;&4I.PT*(" @(" @("!]#0H-"B @(" @
M(" @(V5N9')E9VEO;@T*(" @('T-"@T*(" @(&-L87-S(%!R;V=R86T-"B @
M("![#0H@(" @(" @('-T871I8R!V;VED($UA:6XH<W1R:6YG6UT@87)G<RD-
M"B @(" @(" @>PT*(" @(" @(" @(" @(%-E="!T:&4@<')I;F-I<&%L(&9O
M<B!T:&4@=&AR96%D+@T*(" @(" @(" @(" @07!P1&]M86EN+D-U<G)E;G1$
M;VUA:6XN4V5T5&AR96%D4')I;F-I<&%L*&YE=R!->5!R:6YC:7!A;"@I*3L-
M"@T*(" @(" @(" @(" @($1O('-O;65T:&EN9RX-"B @(" @(" @(" @($1O
M4V]M971H:6YG*"D[#0H-"B @(" @(" @(" @("!4:&%T)W,@86QL(&9O;&MS
M+@T*(" @(" @(" @(" @<F5T=7)N.PT*(" @(" @("!]#0H-"B @(" @(" @
M6U!R:6YC:7!A;%!E<FUI<W-I;VXH4V5C=7)I='E!8W1I;VXN1&5M86YD+"!2
M;VQE(#T@37E2;VQE*5T-"B @(" @(" @<W1A=&EC('9O:60@1&]3;VUE=&AI
M;F<H*0T*(" @(" @("![#0H@(" @(" @(" @(" @1V5T(&]U="X-"B @(" @
E(" @(" @(')E='5R;CL-"B @(" @(" @?0T*(" @('T-"GT-"@``
`
end
- Next message: mike: "Re: Typed DataSets"
- Previous message: DanGo: "Re: exception handling with events"
- In reply to: Nicole Calinoiu: "Re: Design Question"
- Next in thread: Anders Borum [.NET/C# MCP]: "Re: Design Question"
- Reply: Anders Borum [.NET/C# MCP]: "Re: Design Question"
- Reply: John Lee: "Re: Design Question"
- Reply: Nicole Calinoiu: "Re: Design Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
