|
web
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Question about declaritive Role Based security...Imports System.Security Imports System.Security.Permissions Imports System.Security.Principal <PrincipalPermission(SecurityAction.Demand, Role:="RUS\GEM_Admin")> _ Public Class GccAdmin Public Sub New() End Sub End Class The intent here is to make sure that the class cannot be instanced unless the caller has the correct DomainName\GroupName privileges. All here is fair and well until I start to think about what this implies. To me at least, this implies that the domain name is made part of the assembly at build time. What happens if I want to run this on a different domain? Seems like I am missing something here... Anyone care to clear this question up? -- Raymond R Cassick CEO / CSA Enterprocity Inc. www.enterprocity.com 3380 Sheridan Drive, #143 Amherst, NY 14227 V: 716-316-7537 Blog: http://spaces.msn.com/members/rcassick/ Hi,
Here is how I do it. If you throw an exception in the new procedure the class isnt instanced. Public Class test Public Sub New() Dim id As WindowsIdentity = WindowsIdentity.GetCurrent() Dim wp As New WindowsPrincipal(id) If Not wp.IsInRole("RUS\GEM_Admin") Then Throw New Security.SecurityException("Unauthorized User") Return End If End Sub Public Sub Hello() MessageBox.Show("Hello World") End Sub End Class Ken -------------------------- "Ray Cassick (Home)" <rcassickNOSPAM@enterprocity.com> wrote in message I have some code that looks like this for one of my classes:news:u5ZOyGBOFHA.3076@TK2MSFTNGP14.phx.gbl... Imports System.Security Imports System.Security.Permissions Imports System.Security.Principal <PrincipalPermission(SecurityAction.Demand, Role:="RUS\GEM_Admin")> _ Public Class GccAdmin Public Sub New() End Sub End Class The intent here is to make sure that the class cannot be instanced unless the caller has the correct DomainName\GroupName privileges. All here is fair and well until I start to think about what this implies. To me at least, this implies that the domain name is made part of the assembly at build time. What happens if I want to run this on a different domain? Seems like I am missing something here... Anyone care to clear this question up? -- Raymond R Cassick CEO / CSA Enterprocity Inc. www.enterprocity.com 3380 Sheridan Drive, #143 Amherst, NY 14227 V: 716-316-7537 Blog: http://spaces.msn.com/members/rcassick/ But this still requires me to hard code the domain name in the assembly. I
don't know the domain name that my assembly is going to run under but I do know the group name I need to require. Is there any way that I can do this without having to hard code the domain name as part of the group name string? Show quoteHide quote "Ken Tucker [MVP]" <vb***@bellsouth.net> wrote in message news:uBRqHhLOFHA.2680@TK2MSFTNGP09.phx.gbl... > Hi, > > > Here is how I do it. If you throw an exception in the new > procedure the class isnt instanced. > > Public Class test > > > > Public Sub New() > > Dim id As WindowsIdentity = WindowsIdentity.GetCurrent() > > Dim wp As New WindowsPrincipal(id) > > If Not wp.IsInRole("RUS\GEM_Admin") Then > > Throw New Security.SecurityException("Unauthorized User") > > Return > > End If > > End Sub > > Public Sub Hello() > > MessageBox.Show("Hello World") > > End Sub > > End Class > > > > Ken > > -------------------------- > > "Ray Cassick (Home)" <rcassickNOSPAM@enterprocity.com> wrote in message > news:u5ZOyGBOFHA.3076@TK2MSFTNGP14.phx.gbl... > I have some code that looks like this for one of my classes: > > Imports System.Security > Imports System.Security.Permissions > Imports System.Security.Principal > > <PrincipalPermission(SecurityAction.Demand, Role:="RUS\GEM_Admin")> _ > Public Class GccAdmin > Public Sub New() > End Sub > End Class > > The intent here is to make sure that the class cannot be instanced unless > the caller has the correct DomainName\GroupName privileges. > > All here is fair and well until I start to think about what this implies. > To > me at least, this implies that the domain name is made part of the > assembly > at build time. What happens if I want to run this on a different domain? > > Seems like I am missing something here... > > Anyone care to clear this question up? > > > -- > Raymond R Cassick > CEO / CSA > Enterprocity Inc. > www.enterprocity.com > 3380 Sheridan Drive, #143 > Amherst, NY 14227 > V: 716-316-7537 > Blog: http://spaces.msn.com/members/rcassick/ > > > Don't hardcode the domain name. Allow it to be set in your application, or
read it from a .config file where it can be set after installation. Then when you create the Security Principals, construct the Domain and Group and handle the exception if it doesn't exist. Alternatively, In a single domain environment, you could find the domain the currently logged in user is a member of, and then construct your DOMAIN\GEM_Admin as a member of that domain. Show quoteHide quote "Ray Cassick (Home)" <rcassickNOSPAM@enterprocity.com> wrote in message news:epSnnZNOFHA.3668@TK2MSFTNGP14.phx.gbl... > But this still requires me to hard code the domain name in the assembly. I > don't know the domain name that my assembly is going to run under but I do > know the group name I need to require. > > Is there any way that I can do this without having to hard code the domain > name as part of the group name string? > > "Ken Tucker [MVP]" <vb***@bellsouth.net> wrote in message > news:uBRqHhLOFHA.2680@TK2MSFTNGP09.phx.gbl... > > Hi, > > > > > > Here is how I do it. If you throw an exception in the new > > procedure the class isnt instanced. > > > > Public Class test > > > > > > > > Public Sub New() > > > > Dim id As WindowsIdentity = WindowsIdentity.GetCurrent() > > > > Dim wp As New WindowsPrincipal(id) > > > > If Not wp.IsInRole("RUS\GEM_Admin") Then > > > > Throw New Security.SecurityException("Unauthorized User") > > > > Return > > > > End If > > > > End Sub > > > > Public Sub Hello() > > > > MessageBox.Show("Hello World") > > > > End Sub > > > > End Class > > > > > > > > Ken > > > > -------------------------- > > > > "Ray Cassick (Home)" <rcassickNOSPAM@enterprocity.com> wrote in message > > news:u5ZOyGBOFHA.3076@TK2MSFTNGP14.phx.gbl... > > I have some code that looks like this for one of my classes: > > > > Imports System.Security > > Imports System.Security.Permissions > > Imports System.Security.Principal > > > > <PrincipalPermission(SecurityAction.Demand, Role:="RUS\GEM_Admin")> _ > > Public Class GccAdmin > > Public Sub New() > > End Sub > > End Class > > > > The intent here is to make sure that the class cannot be instanced unless > > the caller has the correct DomainName\GroupName privileges. > > > > All here is fair and well until I start to think about what this implies. > > To > > me at least, this implies that the domain name is made part of the > > assembly > > at build time. What happens if I want to run this on a different domain? > > > > Seems like I am missing something here... > > > > Anyone care to clear this question up? > > > > > > -- > > Raymond R Cassick > > CEO / CSA > > Enterprocity Inc. > > www.enterprocity.com > > 3380 Sheridan Drive, #143 > > Amherst, NY 14227 > > V: 716-316-7537 > > Blog: http://spaces.msn.com/members/rcassick/ > > > > > > > > 
Other interesting topics
Serialization questions
clear backstyle for lable control? Code Execution Just Stops Cannot compile program written by another user on my PC Opening a file over the internet Hyperlinks Does anyone help me convert vb.net to c# Database filepath got overrided by OpenFiledialog??? formatting Dates? ListView with background image. |
|||||||||||||||||||||||
