Quering PrincipalSecurityAttributes on class

P

Pasi Häkkinen

Hello,

I am applying PrincipalSecurityAttributes on class definition to force
role-based security on my ASP.NET pages. Is it somehow possible to query the
needed security roles for a certain page without maybe creating an instance
of that page class and check possible security exception? I'm providing
hyperlinks to these secured pages (and amongs them) and I would like to check
the permission to decide whether the hyperlink should be visible or not (..is
the logged-in user in correct roles or not)...

Or maybe there is a better approach to this problem altogether?

Thanks in advance,
Pasi
 
M

[MSFT]

Hello,

Did you mean "PrincipalPermissionAttribute"? All Attribute only work a
class instance was raise. We cannot detect the security exception without
create such a class.

I suggest you may consider some staff about exception handling about this
issue. For example, if a security exception was thrown, you can redirect to
a web form to let user know he doesn't has enough permission.

Luke
 
P

Pasi Häkkinen

Hello and thanks for your answer,

I sure meant "PrincipalPermissionAttribute", my mistake.. Our site is highly
customized by user roles, even for different signed-in users, and we want to
keep it as simple as possible for all the users. This is why we don't want to
confuse them with unnessary links that will end up on an error page. We do
have security exception handling function on these pages in case the user
will get through to such a page.

Surely we can check the security requirements separately for each hyperlink
using for example Page.User.IsInRole(...), but this adds the risk of coding
errors by possibly leading to unsyncronized security (link showing even
though no rights to see the page). It would be safe to check against
PrincipalPermissionAttribute and links would never go out of sync. Does this
make sense? Any other thoughts?

Regards,
Pasi
 
M

[MSFT]

Hi Pasi,

Did you need to check PrincipalPermissionAttribute from client side or
server side? From Client side, you have to submit a request to the page and
the web form class will be created. PrincipalPermissionAttribute is a
Attribute for class, we cannot detect its value without a class' instance.

Luke
 
P

Pasi Häkkinen

Hi Luke and thanks for your answer,

It is server side that I need... when building the page and it's links to be
sent to a client. So it seems we cannot read those attributes without
creating an instance... ok! I think I will go with a specific page
configuration file in xml-format that will have entry for each page and cache
that file for efficient use. Then I'll create a little PageConfiguration
class that can be initiated for a desired page. This class will then have
properties that reflect the page configuration file. That way I can extend
page properties any way I want and just ask PageConfiguration class a desired
property. Surely this will solve my problem of keeping the access rights in
one place and they will never go out of sync. And I can also use this config
file for other page specific configurations.

Thanks again for your effort,
Pasi
 
M

[MSFT]

Hi Pasi,

Thank you for the confirmation. I think your solution is a proper way to
get around the problem.

Luke
 
Z

Zdenek Drlik

Pasi said:
Hello,

I am applying PrincipalSecurityAttributes on class definition to force
role-based security on my ASP.NET pages. Is it somehow possible to query the
needed security roles for a certain page without maybe creating an instance
of that page class and check possible security exception? I'm providing
hyperlinks to these secured pages (and amongs them) and I would like to check
the permission to decide whether the hyperlink should be visible or not (..is
the logged-in user in correct roles or not)...

Or maybe there is a better approach to this problem altogether?

Thanks in advance,
Pasi
Click to expand...
Hello,
I think you could get the attributes for page class with
TypeDescriptor.GetAttributes() method:

AttributeCollection attributes = TypeDescriptor.GetAttributes(type);

where type is page class type (page instance not required) and next
enumerate attributes:

IEnumerator enumerator = attributes.GetEnumerator();
while (enumerator.MoveNext())
{
Attribute currentAttribute = (Attribute) enumerator.Current;
if (currentAttribute is PrincipalPermissionAttribute)
{
PrincipalPermissionAttribute permissionAttribute = currentAttribute as
PrincipalPermissionAttribute;
// check for required, name apod.
string role = permissionAttribute.Role;
// ...
}
}

Zdenek D.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Final chapter of "Learn PHP, MySQL and JavaScript" 3
[HELP] Add-on - Twitch chat input 0
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 3
How Do I Set text on an Image and use the image as a border? 7
Implementing a Q-Learning Algorithm with Logistic Regression Normalization in C++ 0
Search Results with Pagination 1
Mini Web Server in C++ (Part One) 4

Members online

No members online now.
Total: 171 (members: 1, guests: 170)
Robots: 323

Forum statistics

Threads
474,432
Messages
2,571,680
Members
48,796
Latest member
Greg L.

Latest Threads

Top