Security Role Exception

[Thom Little]

I seem to (once again) be missing something pretty basic.

I am running under Windows XP Professional Service Pack 1 with all Hotfixes
installed and Visual Studio .NET 2003 in Debug mode.

The following reports "You have the >Administrator< role."

using System.Security.Principal ;
using System.Security.Permissions ;

[PrincipalPermissionAttribute(SecurityAction.Demand,Role="Administrator")]
private void Exercise15_2_Load( object sender, System.EventArgs e )
{
MessageBox.Show( "You have the >" + WindowsBuiltInRole.Administrator + "<
role." );
}

If I uncomment the single statement a security exception is thrown ...

An unhandled exception of type 'System.Security.SecurityException' occurred
in mscorlib.dll
Additional information: Request for principal permission failed.

What am I missing?

 

[Jared Parsons [MSFT]]

Try modifying your attribute to this.

[PrincipalPermissionAttribute(SecurityAction.Demand,Role="BUILTIN\Administra
tor")]



--
Jared Parsons [MSFT]
(e-mail address removed)
This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"

 

[Thom Little]

Thanks but ...

[PrincipalPermissionAttribute(SecurityAction.Demand,Role="BUILTIN\\Administr
ator")]

.... gives the same result that I documented before.

 

[Guest]

Hi Thom,

I have reviewed your post, I will spend some time on it. I will reply to
you ASAP.

Thanks for your understanding.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Thom Little]

Jeffrey:

I appreciate that.

Some background ... where it came from ...

I worked my way through every example in the Que publication: "MCAD/MCSD
Developing and Implementing Windows-based Applications with Visual C# .NET
and Visual Studio .NET". There is a rather large errata file available
online and I have documented 65 additional entries for that file. (Three of
them are killers.)

This issue happens to be from the very last example in that text and the
results I was getting made absolutely no sense to me. I assumed it might be
collisions from other parts of the Solution. I rebuilt it in a separate
solution. I assumed it might be the results of the stack walk. I compiled
it in debug and release mode and tried stand alone execution of each.

The results I am getting are baffling.

If there are any suggestions I would be happy to play with them.

 

[Guest]

Hi Thom

Sorry for letting you wait for so long time.

After doing some research, I found that you should specify to use
WindowsPrincipal.

Do like this:
private void Form1_Load(object sender, System.EventArgs e)
{

System.AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPri
ncipal);
}

Then your
[PrincipalPermissionAttribute(SecurityAction.Demand,Role="BUILTIN\\Administr
ators")]
will work well.

Note: In the PrincipalPermissionAttribute, you should Role as
"BUILTIN\\Administrators" not "BUILTIN\\Administrator"

Thank you for your patience and cooperation. If you have any questions or
concerns, please feel free to post it in the group. I am standing by to be
of assistance.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Thom Little]

Jeffrey:

Thank you very much.

For me the example turns out to be ...

[STAThread]
public static void Main( )
{
Application.Run( new Exercise15_2( ) );
}

private void Exercise15_2_Load(object sender, System.EventArgs e)
{

System.AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPri
ncipal);
local_message( );
}

[PrincipalPermissionAttribute(SecurityAction.Demand,Role="BUILTIN\\Administr
ators")]
private void local_message( )
{
MessageBox.Show( "You have the >" + WindowsBuiltInRole.Administrator + "<
role." );
}

.... and it works.

Unfortunately the text in question asserts that the [Principal ...]
statement can be placed in front of the class definition and in so doing
apply to everything in the class.

This is apparently the fourth major error in this text.

Thank you for the help.

(BTW - where did you find the answer?)

 

[Guest]

Hi Thom,

Thanks very much for your feedback.

I am glad it works

Actually, I found the answer in google , actually, google is a good
mentor for learning.

For your last 2 paragraph:
"Unfortunately the text in question asserts that the [Principal ...]
statement can be placed in front of the class definition and in so doing
apply to everything in the class.

This is apparently the fourth major error in this text."

I am not fully understand, do you still have any concern? Please feel free
to feedback. Thanks

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Thom Little]

Jeffrey:

Sorry ... I was being less than clear.

I was referring to the book. I identified 66 new errors in the book and
four of them are killers. This one is IMHO one of the four.

Thanks again.

 

[Guest]

Hi Thom,

You are welcome!

If you have any further concern, please feel free to post, I will help you.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.