Security Attribute on Event?

Discussion in 'ASP .Net' started by xenophon, May 17, 2005.

  1. xenophon

    xenophon Guest

    I am using Role-based seucity Attributes on different methods in my
    code-behind like this:

    private void callmymethod()
    {
    try
    {
    mymethod();
    }
    catch{}


    PrincipalPermission(SecurityAction.Demand , Role="1")]
    private void mymethod()
    {
    }


    Then any work in mymethod will fail quietly if the Principal does not
    have a "1" role.

    I want the same silent-fail on events that are wired to controls, but
    I don't see how to do that. How do I do that on an event like this:

    PrincipalPermission(SecurityAction.Demand , Role="1")]
    private void button1_clic( object sender , EventArgs e )
    {
    }

    Right now when the button is clicked, if the Principal does not have
    the Role, the whole app grinds to a halt with an Exception.

    Thanks.
     
    xenophon, May 17, 2005
    #1
    1. Advertising

  2. Hi Xenophon,

    Welcome to ASPNET newsgroup.
    Regarding on the program on using Declarative role based security through
    ..net 's PrincipalPermission attribute in asp.net app, here are some of my
    understanding:

    The PrincipalPermissionAttribute will have the same behavior as we
    programmatically use PrincipalPermission class instance to demand the
    permission. Like:

    PrincipalPermission permission = new PrincipalPermission(null, "Role1",
    true);
    permission.Demand();
    So what's the behavior on your page is you use the above programmatical
    demand?

    Also, I'm not quite sure on the "quietly failed" you mentioned, when and
    how does it happen? Is it only happen when you apply the security demand on
    a helper function rather than control's event handler function?

    If convenient, would you also send me a test page so that I can perform
    the same test on my side?

    Looking forward to your response. Thanks,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Steven Cheng[MSFT], May 18, 2005
    #2
    1. Advertising

  3. xenophon

    xenophon Guest

    Please close this issue, I have a workaround in effect.
    Thanks.



    On Wed, 18 May 2005 02:01:13 GMT,
    (Steven Cheng[MSFT]) wrote:

    >Hi Xenophon,
    >
    >Welcome to ASPNET newsgroup.
    >Regarding on the program on using Declarative role based security through
    >.net 's PrincipalPermission attribute in asp.net app, here are some of my
    >understanding:
    >
    >The PrincipalPermissionAttribute will have the same behavior as we
    >programmatically use PrincipalPermission class instance to demand the
    >permission. Like:
    >
    > PrincipalPermission permission = new PrincipalPermission(null, "Role1",
    >true);
    > permission.Demand();
    >So what's the behavior on your page is you use the above programmatical
    >demand?
    >
    >Also, I'm not quite sure on the "quietly failed" you mentioned, when and
    >how does it happen? Is it only happen when you apply the security demand on
    >a helper function rather than control's event handler function?
    >
    >If convenient, would you also send me a test page so that I can perform
    >the same test on my side?
    >
    >Looking forward to your response. Thanks,
    >
    >Steven Cheng
    >Microsoft Online Support
    >
    >Get Secure! www.microsoft.com/security
    >(This posting is provided "AS IS", with no warranties, and confers no
    >rights.)
    >
    >
    >
    >
    >
     
    xenophon, May 18, 2005
    #3
  4. Thank you for your followup xenophon.

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Steven Cheng[MSFT], May 19, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bostonasian
    Replies:
    1
    Views:
    826
    Joris Gillis
    Sep 18, 2005
  2. Replies:
    2
    Views:
    1,085
    Henry S. Thompson
    Mar 6, 2006
  3. Donnal Walter

    class attribute to instance attribute

    Donnal Walter, Jun 30, 2005, in forum: Python
    Replies:
    4
    Views:
    482
    Greg Ewing
    Jul 6, 2005
  4. Russell Warren
    Replies:
    5
    Views:
    486
    Russell Warren
    Jan 17, 2006
  5. anonymous
    Replies:
    1
    Views:
    5,997
Loading...

Share This Page