CAS and multiple permissions

[Xia Wei]

Hi group,

I'm trying to use CAS in my project these days. And I find a problem, for
example:

[PrincipalPermission(SecurityAction.Demand,Role="Xxx")]
static void Exec()
{}

Then the caller of this method should be a member of role "Xxx". If I define
the method like this:

[PrincipalPermission(SecurityAction.Demand,Role="Xxx")]
[PrincipalPermission(SecurityAction.Demand,Role="Yyy")]
static void Exec()
{}

Then the caller should be a member of role "Xxx", or "Yyy". My question is,
how to define the PrincipalPermissionAttribute, and it needs both "Xxx" role
and "Yyy" role.

I've tried to define like this:
[PrincipalPermission(SecurityAction.Demand,Role="Xxx,Yyy")]

but failed.
Is it possible in CAS?

Thanks,
Sunmast

 

[Mohammad]

[PrincipalPermission(SecurityAction.Demand,Role="Xxx")]
[PrincipalPermission(SecurityAction.Demand,Role="Yyy")]
static void Exec()
{}

Then the caller should be a member of role "Xxx", or "Yyy". My question is,
how to define the PrincipalPermissionAttribute, and it needs both "Xxx" role
and "Yyy" role.

Are you sure? The above code looks like it should require the user to
have both roles.

 

[Nicole Calinoiu]

The PrincipalPermissionAttribute has no mechanism for specifying membership
in one of several roles. This can, however, be done using an imperative
demand as shown in the example at
http://msdn.microsoft.com/library/e...yPermissionsPrincipalPermissionClassTopic.asp.

If you want to use declarative security to specify the principal permission,
you could use a PermissionSetAttribute with an XML representation of your
unioned PrincipalPermission. e.g. (watch out for wrapping):

[PermissionSet(SecurityAction.Demand, XML = "<PermissionSet><Permission
class=\"System.Security.Permissions.PrincipalPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"
version=\"1\"><Identity Authenticated=\"true\" Role=\"Xxx\"/><Identity
Authenticated=\"true\" Role=\"Yyy\"/></Permission></PermissionSet>")]
static void Exec()
{}

HTH,
Nicole

 

[Xia Wei]

Hi, thanks for your advice!

But it seems a bit complicated...
Now I think the FCL's developers didn't had a think about this requirement?
Or they didn't recommand to do this...

Thanks,
Sunmast

 

[Nicole Calinoiu]

Hi, thanks for your advice!

But it seems a bit complicated...
Now I think the FCL's developers didn't had a think about this
requirement?

It is a very common requirement, and I have no idea why the designers chose
not to support it directly via PrincipalPermissionAttribute. You could, if
you wish, author your own attribute that does support multiple roles.
However, custom permissions attributes are ignored completely unless their
assemblies are properly registered on the machine on which the code is
executing, so this may not be a useful approach in your case.

Or they didn't recommand to do this...

No idea. If the scenario is seen as common enough to merit coverage in the
code example for PrincipalPermission, it seems reasonable to expect
documentation of a declarative approach. If you feel strongly about it, you
may wish to submit a suggestion at
http://lab.msdn.microsoft.com/productfeedback/default.aspx for version 2.0
of the .NET Framework.

Thanks,
Sunmast

The PrincipalPermissionAttribute has no mechanism for specifying
membership in one of several roles. This can, however, be done using an
imperative demand as shown in the example at
http://msdn.microsoft.com/library/e...yPermissionsPrincipalPermissionClassTopic.asp.

If you want to use declarative security to specify the principal
permission, you could use a PermissionSetAttribute with an XML
representation of your unioned PrincipalPermission. e.g. (watch out for
wrapping):

[PermissionSet(SecurityAction.Demand, XML = "<PermissionSet><Permission
class=\"System.Security.Permissions.PrincipalPermission, mscorlib,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"
version=\"1\"><Identity Authenticated=\"true\" Role=\"Xxx\"/><Identity
Authenticated=\"true\" Role=\"Yyy\"/></Permission></PermissionSet>")]
static void Exec()
{}

HTH,
Nicole