代码是否忽略了PrincipalPermission属性? [英] Code is ignoring PrincipalPermission attribute?

问题描述

我在所有具有PrincipalPermission属性的业务对象上都有一个Delete方法.

I have a Delete method on all my business objects that has the PrincipalPermission attribute on it.

示例:

[PrincipalPermission(SecurityAction.Demand, Role = "Vendor Manager")]
        public static bool Delete(Vendor myVendor)
        {

            //do work here
        }

问题在于它似乎完全忽略了我的PrincipalPermission.无论任何角色，它都可以让任何人通过.

The problem is that it appears to be completely ignoring my PrincipalPermission. It lets anyone through, no matter what role they may be part of.

还有其他我忘记做的事情吗?我在应用程序启动"部分的应用程序的global.asax中添加了以下内容:

Is there something else I've forgotten to do? I have added the following to my Application's global.asax in the Application Startup section:

AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);

但这也没有任何区别.

我也尝试了以下方法:

public static bool Delete(Vendor myVendor)
        {
            PrincipalPermission iPerm = new PrincipalPermission(null, "Vendor Manager");
            iPerm.Demand();

            //do work here
        }

而且您不会知道，这很好用！....关于为什么以一种方式起作用但没有另一种方式的任何想法吗?

and wouldn't ya know, this works just fine!.... any ideas on why it works one way but not the other?

推荐答案

您得到了答案吗?我只是在自己的应用程序中对此进行了测试，并且效果很好.我不是要添加

Did you get an answer for this? I just tested this in my own application and it works pretty well. I'm specifically NOT adding

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);

而且，我正在使用表单身份验证(ASP.NET成员身份)，MVC 2，.NET 3.5.

And, I'm using Forms Authentication (ASP.NET Membership), MVC 2, .NET 3.5.

但是我确实发现我是否使用以下方法装饰类，我的方法装饰不起作用.

I did however discover if I decorate my class with the following my method decorations do not work.

[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]

这篇关于代码是否忽略了PrincipalPermission属性?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！