MsTest and PrincipalPermissionAttribute Failure

G

Guest

I am reposting this for a colleague because he has had some problems setting
up his subscriber Nospam alias:

I am having problems unit testing a method which is decorated with the
[PrincipalPermission] attribute.
I always get a security exception. I have set the Thread.CurrentPrincipal
to my custom IPrincipal.IsInRole method never gets called

I have even tried
AppDomain.CurrentDomain.SetThreadPrincipal(myIPrincipal)...with no luck.

Here is a basic example

[PrincipalPermission(SecurityAction.Demand, Role="MyRole")]
public void DoWork()
{
}
[TestMethod]
public void TestDoWork()
{
GenericPrincipal principal = new GenericPrincipal(
Thread.CurrentPrincipal.Identity, new string[] { "MyRole" });
Thread.CurrentPrincipal = principal;
DoWork();
Assert(....)
}


Environment: (all current with MicrosoftUpdate SPs and patches)
* VS2005 Team Suite
* .NET 2.0 and 3.0 redist and SDK
* Team Foundation Server
 
S

Steven Cheng[MSFT]

Hello BJ,

From your description, you're meeting some problem to get the
"PrincipalPermission" demand to work in your vs 2005/.net 2.0 program,
correct?

I've performed some local tests through winform application, it seems that
the "PrincipalPermissionAttribute" can work correctly for custom
principal/identity or windows principal/identity associated with the
current thread. Also, according to the MSDN document, it indicate that we
should set AppDomain's PrincipalPolicy to "WindowsPrincipal" at
application's initializing time

#PrincipalPermissionAttribute Class
http://msdn2.microsoft.com/en-us/library/system.security.permissions.princip
alpermissionattribute.aspx

My test code is as below, you can also have a test to see whether it works
for you:

=======================
private void btnSetPrincipal_Click(object sender, EventArgs e)
{
GenericIdentity identity = new
GenericIdentity("testuser", "customauth");

GenericPrincipal gp = new GenericPrincipal(identity, new
string[] { "role1", "role2" });

Thread.CurrentPrincipal = gp;

}

[PrincipalPermission( SecurityAction.Demand, Role="role1")]
private void btnDemand_Click(object sender, EventArgs e)
{
MessageBox.Show("success demand!");
}

private void Form1_Load(object sender, EventArgs e)
{

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
;
}
=========================


In addition, you can try programmatically construct a PrincipalPermission
class instance and call its "Demand" method to see whether it works. Also,
make sure your principal-demand method hasn't been called on a different
thread context(you can printout the thread's principal/identity context to
verify this).

If you have any further finding, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Steven,

This is BJ's colleague who he is helping. There is no doubt that
[PrincipalPermission] works in the context you mention, but it is not working
in the context of a MSTest Unit Test. Please read thoroughly the description
of the problem. Refactor your code sample so that you can call
"btnDemand_Click" from a unit test and you will see the issue.

-Casey

Steven Cheng said:
Hello BJ,

From your description, you're meeting some problem to get the
"PrincipalPermission" demand to work in your vs 2005/.net 2.0 program,
correct?

I've performed some local tests through winform application, it seems that
the "PrincipalPermissionAttribute" can work correctly for custom
principal/identity or windows principal/identity associated with the
current thread. Also, according to the MSDN document, it indicate that we
should set AppDomain's PrincipalPolicy to "WindowsPrincipal" at
application's initializing time

#PrincipalPermissionAttribute Class
http://msdn2.microsoft.com/en-us/library/system.security.permissions.princip
alpermissionattribute.aspx

My test code is as below, you can also have a test to see whether it works
for you:

=======================
private void btnSetPrincipal_Click(object sender, EventArgs e)
{
GenericIdentity identity = new
GenericIdentity("testuser", "customauth");

GenericPrincipal gp = new GenericPrincipal(identity, new
string[] { "role1", "role2" });

Thread.CurrentPrincipal = gp;

}

[PrincipalPermission( SecurityAction.Demand, Role="role1")]
private void btnDemand_Click(object sender, EventArgs e)
{
MessageBox.Show("success demand!");
}

private void Form1_Load(object sender, EventArgs e)
{

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
;
}
=========================


In addition, you can try programmatically construct a PrincipalPermission
class instance and call its "Demand" method to see whether it works. Also,
make sure your principal-demand method hasn't been called on a different
thread context(you can printout the thread's principal/identity context to
verify this).

If you have any further finding, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
G

Guest

Thanks for the reply, Steven.

It appears that setting the App domain's PrincipalPolicy is the key issue.
Based on your response, we found that we have to set the PrincipalPolicy as a
part of the initialization of each test for it to work in the testing
environment.

Thanks again for the prompt reply.

--BJ Safdie

Steven Cheng said:
Hello BJ,

From your description, you're meeting some problem to get the
"PrincipalPermission" demand to work in your vs 2005/.net 2.0 program,
correct?

I've performed some local tests through winform application, it seems that
the "PrincipalPermissionAttribute" can work correctly for custom
principal/identity or windows principal/identity associated with the
current thread. Also, according to the MSDN document, it indicate that we
should set AppDomain's PrincipalPolicy to "WindowsPrincipal" at
application's initializing time

#PrincipalPermissionAttribute Class
http://msdn2.microsoft.com/en-us/library/system.security.permissions.princip
alpermissionattribute.aspx

My test code is as below, you can also have a test to see whether it works
for you:

=======================
private void btnSetPrincipal_Click(object sender, EventArgs e)
{
GenericIdentity identity = new
GenericIdentity("testuser", "customauth");

GenericPrincipal gp = new GenericPrincipal(identity, new
string[] { "role1", "role2" });

Thread.CurrentPrincipal = gp;

}

[PrincipalPermission( SecurityAction.Demand, Role="role1")]
private void btnDemand_Click(object sender, EventArgs e)
{
MessageBox.Show("success demand!");
}

private void Form1_Load(object sender, EventArgs e)
{

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
;
}
=========================


In addition, you can try programmatically construct a PrincipalPermission
class instance and call its "Demand" method to see whether it works. Also,
make sure your principal-demand method hasn't been called on a different
thread context(you can printout the thread's principal/identity context to
verify this).

If you have any further finding, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
S

Steven Cheng[MSFT]

Thanks for your reply BJ,

I just came back and see your followup. I also found your colleague Casey's
reply indicate that the problem may also be specfiic to the [TestMethod]
(test project) scenario, have you also got it working for that case also?
As Casey mentioned, I did only peform the test code in a normal console and
winform application and haven't do the exact test in the test project. So
if you still have the problem in that case, please feel free to let me
know, I'll help you continue work on it.

Anyway, glad that my suggestion has helped you.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MsTest and Principal Permission Attribute 0
Unexpected behavior PrincipalPermissionAttribute 2

Top