Wanted: .NET equivalent of PermissionChecker component?

Discussion in 'ASP .Net' started by Jens Weiermann, Nov 12, 2003.

  1. Hi!

    Anyone knows the ASP.NET equivalent of the PermissionChecker component that
    shipped with IIS 5?
    Basically, what it does is checking if the current user (using
    impersonation!) has access to a specified file.
    I've starting playing around with the FileIOPermission class, but this
    doesn't seem to do what I need (or I don't understand it).

    Any help would be appreciated!

    Jens
     
    Jens Weiermann, Nov 12, 2003
    #1
    1. Advertising

  2. Hello

    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetauthorization.asp

    Best regards,
    Sherif

    "Jens Weiermann" <> wrote in message
    news:...
    > Hi!
    >
    > Anyone knows the ASP.NET equivalent of the PermissionChecker component

    that
    > shipped with IIS 5?
    > Basically, what it does is checking if the current user (using
    > impersonation!) has access to a specified file.
    > I've starting playing around with the FileIOPermission class, but this
    > doesn't seem to do what I need (or I don't understand it).
    >
    > Any help would be appreciated!
    >
    > Jens
     
    Sherif ElMetainy, Nov 12, 2003
    #2
    1. Advertising

  3. Hi Sherif,

    On Wed, 12 Nov 2003 13:44:15 +0200, Sherif ElMetainy wrote:
    > http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetauthorization.asp


    thanks for the info! However, I don't know how this should help in my case.
    I *do* know that the WorkerProcess will check if the requested resource is
    accessible when the page is requested. But I'd like to be able to
    *programmatically* check permissions to a specific resource.

    I'm using the Infragistics WebMenu component to have a nice menu. However,
    some users don't have access to certain pages linked to by the menu. So,
    I'd like to enumerate the menu items and see if the user does have access,
    and if not disable the linked menu item.

    In ASP, I would have used the permission checker component to check this;
    I'm in need of a .NET way to do this...

    Thanks!
    Jens
     
    Jens Weiermann, Nov 12, 2003
    #3
  4. Hello

    If you are using impersonation, simply attempting to access the file by
    openning it and catching the SecurityException can determine if the current
    user has access or not.
    This is a simple way, but not the most efficient. But you can cache the
    results. For example, cache an array of files that the user can access, for
    use in your menu.

    bool HasFileAccess(string filename)
    {
    try
    {
    FileStream fs = new FileStream(filename, FileMode.Open,
    FileAccess.Read, FileShare.ReadWrite);
    fs.Close();
    return true;
    }
    catch(SecurityException)
    {
    return false;
    }
    }

    Otherwise I don't know of another way, except using Interop and calling
    windows security API. Note that the above bethod will not work if you are
    not using impersonation (i.e. the code is executing with the ASPNET
    account).

    Best regards,
    Sherif

    "Jens Weiermann" <> wrote in message
    news:1bb49l0bmvec4.teal7nypuq1$...
    > Hi Sherif,
    >
    > On Wed, 12 Nov 2003 13:44:15 +0200, Sherif ElMetainy wrote:
    > >

    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetauthorization.asp
    >
    > thanks for the info! However, I don't know how this should help in my

    case.
    > I *do* know that the WorkerProcess will check if the requested resource is
    > accessible when the page is requested. But I'd like to be able to
    > *programmatically* check permissions to a specific resource.
    >
    > I'm using the Infragistics WebMenu component to have a nice menu. However,
    > some users don't have access to certain pages linked to by the menu. So,
    > I'd like to enumerate the menu items and see if the user does have access,
    > and if not disable the linked menu item.
    >
    > In ASP, I would have used the permission checker component to check this;
    > I'm in need of a .NET way to do this...
    >
    > Thanks!
    > Jens
     
    Sherif ElMetainy, Nov 12, 2003
    #4
  5. Hi Sherif,

    On Wed, 12 Nov 2003 22:03:59 +0200, Sherif ElMetainy wrote:

    > If you are using impersonation, simply attempting to access the file by
    > openning it and catching the SecurityException can determine if the current
    > user has access or not.


    this is what I tried first - but doesn't behave like expected: If the user
    doesn't have access to the file, the browser will open the "logon" window
    again asking for another authentication; only if this is cancelled three
    times, the exception is thrown. This is sure not what I want!

    > Otherwise I don't know of another way, except using Interop and calling
    > windows security API. Note that the above bethod will not work if you are
    > not using impersonation (i.e. the code is executing with the ASPNET
    > account).


    Ok, I guess that's the way to go. Do you have more details on how this
    could be done using API calls?

    Thanks!
    Jens
     
    Jens Weiermann, Nov 13, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PCC
    Replies:
    0
    Views:
    336
  2. Harvey
    Replies:
    0
    Views:
    750
    Harvey
    Jul 16, 2004
  3. Harvey
    Replies:
    1
    Views:
    881
    Daniel
    Jul 16, 2004
  4. Jens Weiermann

    Wanted: .NET counterpart of PermissionChecker component!

    Jens Weiermann, Jan 13, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    107
    Keith
    Feb 1, 2004
  5. Andrew Allen
    Replies:
    2
    Views:
    205
    Luke Zhang [MSFT]
    Aug 9, 2006
Loading...

Share This Page