Re: Design Question

From: John Lee (johnl_at_newsgroup.nospam)
Date: 12/22/04 

Date: Wed, 22 Dec 2004 14:23:57 -0800

Thanks very much for the reply.

But all role-based security information resides in AzMan store. All web
services are configured as Windows authentication in IIS. So I will have to
first get the Windows principal and then call AzRoles.dll's
AccessCheck("method name") - each method name will be defined as an
"operation" in AzMan store.

Regards,
John

"Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com> wrote in
message news:Or%230XtG6EHA.4004@tk2msftngp13.phx.gbl...
> Or (and I think this is the easiest one of all), just use a custom
> principal, and let Code Access Security take care of the rest. Basically,
> you implement IPrincipal, and set it as the principal for the thread that
> is doing the processing.
>
> Attached is a console application which demonstrates how to use the
> PrincipalPermission attribute. Basically, there is an implementation of
> IPrincipal and the current thread is set to use that principal (you will
> have to do something different to have web requests use a certain
> principal, but Im sure you can do it). Then, you just apply the right
> attribute to your method, and the runtime will take care of the rest.
>
> Try changing the IsInRole implementation to return something else, or
> the declaration of the PrincipalPermission attribute and the call to
> DoSomething will fail.
>
> Hope this helps.
>
>
> --
> - Nicholas Paldino [.NET/C# MVP]
> - mvp@spam.guard.caspershouse.com
>
>
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
> news:O5xBXYG6EHA.1260@TK2MSFTNGP12.phx.gbl...
>> Yes, but it's probably not as simple as you might have hoped. Here are
>> the
>> three main approaches:
>>
>> 1. Implement the check as a custom permission with a corresponding
>> attribute
>> (http://msdn.microsoft.com/library/en-us/cpguide/html/cpconcreatingyourowncodeaccesspermissions.asp).
>> This may be your best bet since you can presumably control whether the
>> attribute assembly is registered as a trusted assembly.
>>
>> 2. Place the actual method work in objects that inherit from
>> System.ContextBoundObject. This might interfere with your planned object
>> hierarchy, as well as introducing an otherwise unnecessary performance
>> hit.
>>
>> 3. Use a tool like XC# (http://www.resolvecorp.com/Products.aspx) to
>> generate inline code that corresponds to your custom attribute.
>>
>> If this truly is a security permission, #1 is probably the "cleanest"
>> approach. Otherwise, #3 would probably offer the best compromise between
>> design-time convenience and runtime performance.
>>
>> HTH,
>> Nicole
>>
>>
>>
>> "John Lee" <johnl@newsgroup.nospam> wrote in message
>> news:ejm4%237F6EHA.2180@TK2MSFTNGP10.phx.gbl...
>>> Hi,
>>>
>>> If I want to check permission on each public method of a web service,
>>> (assume the checking routine is ready to use and called AccessCheck) ,
>>> one
>>> way of doing it is to call this AccessCheck on top of each public
>>> method,
>>> I want to implement it in different way but seems missing something -
>>>
>>> I want to develop a custom attribute, let's say
>>> SecurityCheckEnabledAttribute with only Yes/No parameter, then create a
>>> base class for all web service classes, Is there any way to capture the
>>> public method call from base class at runtime and then check if the
>>> attribute is being applied and then check the permission?
>>>
>>> Thanks a lot!
>>>
>>> Regards,
>>> John
>>>
>>
>>
>
>
>

Relevant Pages

  • Re: Get UserGroup of Active Directory to control the security
    ... If you are using Windows authentication in ASP.NET, ... role-based security against the user's group membership using the ... Additionally, the allow and deny tags in web.config, which are used by the ... you can use the PrincipalPermission and ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Difference between System.Web.HttpContext.Current.User.Identity.Name and System.Threading.Thread
    ... But there is also the PrincipalPermission and PrincipalPermissionAttribute, ... which is more common in WinForms/Console libraries - and they rely on Thread.CurrentPrincipal. ... > The only code in the gloabal.asax is to catch runtime errors in the ... > In the Web.config I'm impersonating with Windows Authentication. ...
    (microsoft.public.dotnet.framework.aspnet.security)