Custom principles and DnsPermission.Demand()

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: andrew lowe (andrew.lowe###a-t###geac.com)
Date: 03/24/05 

Date: Thu, 24 Mar 2005 16:08:45 +1100

Hi

We have windows application and have created our own custom principle &
identity objects that implement IPrinciple and IIdentity. When a user logs
into our system we set the threads principle to our custom principle object
by calling Thread.CurrentPrinciple = blah. This all works great for role
based security. BUT lets say i want to run one line of code which causes an
imperative security demand:

Dns.GetHostName();

CAS will now throw security exceptions when we try to run code that demands
permissions. I thought the following code might be a work around

IPrincipal currentPrinciple = Thread.CurrentPrincipal;
try
{
    Thread.CurrentPrincipal = new
WindowsPrincipal(WindowsIdentity.GetCurrent());
    Dns.GetHostName();
}
finally
{
    Thread.CurrentPrincipal = currentPrinciple;
}

But alas the DnsPermission.Demand() still throws a security exception. I
think the following article and quote might explain why
http://support.microsoft.com/default.aspx?scid=kb;en-us;318169

"Imperative security uses code that is executed at run time to enforce
security. At run time, when a Demand method is called from an Identity
Permission class, the call stack is evaluated to verify the code. If there
is a point in the call stack where assemblies that were previously called do
not have the same identity as the code, exceptions are thrown."

So, I wish to use alot of classes that have security demands in them but if
i use my own principle objects i can no longer use them. It seems to be a
wee bit of a conundrum. Anyone have any thoughts besides

tia
andrew

Relevant Pages

  • Custom principles and DnsPermission.Demand()
    ... We have windows application and have created our own custom principle & ... identity objects that implement IPrinciple and IIdentity. ... imperative security demand: ... CAS will now throw security exceptions when we try to run code that demands ...
    (microsoft.public.dotnet.security)
  • Re: Custom principles and DnsPermission.Demand()
    ... I think there is some confusion here regarding how CAS works. ... security decisions based on the permissions granted to the actual code. ... > We have windows application and have created our own custom principle & ...
    (microsoft.public.dotnet.security)
  • Re: role, domain, and user based security...
    ... IPrinciple, I am leaning this way but I want to understand ... I don't think AzMan supports direct mapping of users to ... were using Windows security auth with AD, ... >> what Microsoft's security model is setup to handle. ...
    (microsoft.public.dotnet.security)
  • Re: Custom IPrincipal and declarative security checking
    ... > PrinciplePermissionAttribute) to work with my custom IPrincipal ... > I created a custom principal class, ... > MyMethod) fail with a security exception (Exception Details: ... > would work with every implementation of IPrinciple, ...
    (microsoft.public.dotnet.security)
  • Re: Security Exception thrown from non-executed code? WHY WHY WHY???
    ... What i think may be happening is that the security check is being ... scanned for security exceptions before the JIT compilation begins for ... > This is very strange. ...
    (microsoft.public.dotnet.framework.windowsforms)