V
Viorel Ghilas
Hi all,
I have a library that have methods protected with PrincipalPermission, for
ex.
[PrincipalPermission(SecurityAction.LinkDemand, Role="DBAdmin")]
public Guid GetAdminId() {
return new Guid("{BCA26163-E488-4ce8-BF6B-597EB0BE388F}");
}
and I have a web app that create an user with a role on login. The problem
is that after one user with "DBAdmin" role call GetAdminId then after it
every user with every role that are loged in system could call this method.
How can I resolve this problem. If I put Demand otherwise LinkDemand it will
work, but I dont use because of performance reason. I suppose that .NET
cached method calls with it's securiy permissions? Sure I protect web pages
with authorization mecanism, but the library will be used with other person,
and all validation must be on business layer. One solution is to use my
customer imperative security mecanism. But I want to know what is wrong?
With best regards
Viorel
I have a library that have methods protected with PrincipalPermission, for
ex.
[PrincipalPermission(SecurityAction.LinkDemand, Role="DBAdmin")]
public Guid GetAdminId() {
return new Guid("{BCA26163-E488-4ce8-BF6B-597EB0BE388F}");
}
and I have a web app that create an user with a role on login. The problem
is that after one user with "DBAdmin" role call GetAdminId then after it
every user with every role that are loged in system could call this method.
How can I resolve this problem. If I put Demand otherwise LinkDemand it will
work, but I dont use because of performance reason. I suppose that .NET
cached method calls with it's securiy permissions? Sure I protect web pages
with authorization mecanism, but the library will be used with other person,
and all validation must be on business layer. One solution is to use my
customer imperative security mecanism. But I want to know what is wrong?
With best regards
Viorel