代码忽略了PrincipalPermission 属性?
我的所有业务对象都有一个删除方法,该方法上有PrincipalPermission 属性。
示例:
[PrincipalPermission(SecurityAction.Demand, Role = "Vendor Manager")]
public static bool Delete(Vendor myVendor)
{
//do work here
}
问题是它似乎完全忽略了我的PrincipalPermission。它让任何人都能通过,无论他们扮演什么角色。
还有什么我忘记做的事情吗?我已将以下内容添加到应用程序启动部分的应用程序的 global.asax 中:
AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
但这也没有任何区别。
我也刚刚尝试了以下操作:
public static bool Delete(Vendor myVendor)
{
PrincipalPermission iPerm = new PrincipalPermission(null, "Vendor Manager");
iPerm.Demand();
//do work here
}
你不知道吗,这很好用!...关于为什么它以一种方式工作而不是另一种方式工作的任何想法?
I have a Delete method on all my business objects that has the PrincipalPermission attribute on it.
Example:
[PrincipalPermission(SecurityAction.Demand, Role = "Vendor Manager")]
public static bool Delete(Vendor myVendor)
{
//do work here
}
The problem is that it appears to be completely ignoring my PrincipalPermission. It lets anyone through, no matter what role they may be part of.
Is there something else I've forgotten to do? I have added the following to my Application's global.asax in the Application Startup section:
AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
But that doesn't make any difference either.
I also just tried the following:
public static bool Delete(Vendor myVendor)
{
PrincipalPermission iPerm = new PrincipalPermission(null, "Vendor Manager");
iPerm.Demand();
//do work here
}
and wouldn't ya know, this works just fine!.... any ideas on why it works one way but not the other?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您得到答案了吗?我刚刚在自己的应用程序中对此进行了测试,效果非常好。我特别不添加
而且,我正在使用表单身份验证(ASP.NET 成员资格)、MVC 2、.NET 3.5。
然而,我确实发现如果我用以下方法装饰我的类,我的方法装饰不起作用。
Did you get an answer for this? I just tested this in my own application and it works pretty well. I'm specifically NOT adding
And, I'm using Forms Authentication (ASP.NET Membership), MVC 2, .NET 3.5.
I did however discover if I decorate my class with the following my method decorations do not work.
对于任何人来说,只有一个观察结果表明该样本不起作用。根据您当地的文化检查角色的名称。例如,如果您居住在墨西哥,则必须使用:
@"BUILTIN\Administradores"而不是@"BUILTIN\Administrators"。Only one observation for any people that says that sample does not work. Check the name for the role according with your local culture. For example, if you resides in Mexico, you must to use:
@"BUILTIN\Administradores"instead of@"BUILTIN\Administrators".您是否已验证 Windows 主体不具备您所需的权限?像这样的东西(修改自此处) - - 我认为 - 应该模仿这种行为并允许你逐步通过。它应该表明是否授予许可。
如果这通过了,那么我希望该属性也能通过。如果失败,但属性通过了,那么我和你一样被难住了。
Have you validated that the Windows principal doesn't happen to have the permission you're requiring? Something like this (modified from here) -- I would think -- should mimic that behavior and allow you to step through. It should indicate whether or not the permission is granted.
If this passes, then I would expect the attribute to pass on through as well. If this fails, but the attribute passes through, then I'm as stumped as you are.