Security Attributes without Try-Finally?

Discussion in 'ASP .Net' started by localhost, Dec 24, 2003.

  1. localhost

    localhost Guest

    I have decorated several classes and methods in an
    ASP.NET appliation with declarative security attributes
    for roles. For example:

    [System.Security.Permissions.PrincipalPermission
    (System.Security.Permissions.SecurityAction.Demand ,
    Role="SomeRole")]

    I currently use a Try...Finally block in calling code to
    test a user's Role permissions. I would like to get away
    from this and use a real logical construct.

    How can I test for Role access with attributes and not
    use Try...Finally?

    Thanks.
    localhost, Dec 24, 2003
    #1
    1. Advertising

  2. Hi localhost,


    Thank you for using Microsoft Newsgroup Sevice. Based on your description,
    you are wanting to apply Role-based access checking in the some methods,
    also you don't want to use the "Try ... catch ...Finally" style to check.
    Is my understanding of'
    your problem correct?

    If so, here is some suggestions on it:

    If you do not want a thrown exception to be the default behavior for
    validation failure. In this case, you can use the static CurrentPrincipal
    property on the System.Threading.Thread class to access the Principal
    object and call its methods.

    After obtaining the principal object, you can use conditional statements to
    control access to your code based on the principal name as shown in the
    following code example:

    WindowsPrincipal MyPrincipal = (WindowsPrincipal) Thread.CurrentPrincipal;
    if (MyPrincipal.Identity.Name == "fred")
    // Permit access to some code.

    You can also programmatically check role membership by calling the IsInRole
    method on the current Principal object as shown in the following code
    example:

    WindowsPrincipal MyPrincipal = (Thread.CurrentPrincipal as
    WindowsPrincipal);
    if (MyPrincipal.IsInRole("Administrator")) {
    // Permit access to some code.
    }

    The examples are from the MSDN Library in dotnet security section, if you
    need detailed information on it, you can visit
    this topic directly via the following weblink:
    http://msdn.microsoft.com/library/en-us/cpguide/html/cpcondirectlyaccessingp
    rincipalobject.asp?frame=true


    Please try out the above suggestion. If you have any questions, please feel
    free to let me know.


    Merry Christmas!!

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    Steven Cheng[MSFT], Dec 25, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. VB Programmer

    Question: Try,Catch,Finally

    VB Programmer, Aug 7, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    367
    Kevin Spencer
    Aug 7, 2003
  2. VB Programmer

    The problem with Try Catch Finally...

    VB Programmer, Aug 12, 2003, in forum: ASP .Net
    Replies:
    23
    Views:
    773
    Chad Myers
    Aug 15, 2003
  3. =?Utf-8?B?UmVwU3RhdA==?=

    try/finally with data access code

    =?Utf-8?B?UmVwU3RhdA==?=, Apr 22, 2004, in forum: ASP .Net
    Replies:
    9
    Views:
    353
    Bruno Jouhier [MVP]
    Apr 23, 2004
  4. Ralph Krausse

    ALL 'try/catch/finally' NOT created equal?

    Ralph Krausse, Aug 20, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    420
  5. David Lozzi

    Try...Catch...Finally not firing finally?

    David Lozzi, Apr 23, 2007, in forum: ASP .Net
    Replies:
    12
    Views:
    794
    Alvin Bruney [MVP]
    May 11, 2007
Loading...

Share This Page