代码是否忽略了PrincipalPermission属性? [英] Code is ignoring PrincipalPermission attribute?
问题描述
我在所有具有PrincipalPermission属性的业务对象上都有一个Delete方法.
I have a Delete method on all my business objects that has the PrincipalPermission attribute on it.
示例:
[PrincipalPermission(SecurityAction.Demand, Role = "Vendor Manager")]
public static bool Delete(Vendor myVendor)
{
//do work here
}
问题在于它似乎完全忽略了我的PrincipalPermission.无论任何角色,它都可以让任何人通过.
The problem is that it appears to be completely ignoring my PrincipalPermission. It lets anyone through, no matter what role they may be part of.
还有其他我忘记做的事情吗?我在应用程序启动"部分的应用程序的global.asax中添加了以下内容:
Is there something else I've forgotten to do? I have added the following to my Application's global.asax in the Application Startup section:
AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
但这也没有任何区别.
我也尝试了以下方法:
public static bool Delete(Vendor myVendor)
{
PrincipalPermission iPerm = new PrincipalPermission(null, "Vendor Manager");
iPerm.Demand();
//do work here
}
而且您不会知道,这很好用!....关于为什么以一种方式起作用但没有另一种方式的任何想法吗?
and wouldn't ya know, this works just fine!.... any ideas on why it works one way but not the other?
推荐答案
您得到了答案吗?我只是在自己的应用程序中对此进行了测试,并且效果很好.我不是要添加
Did you get an answer for this? I just tested this in my own application and it works pretty well. I'm specifically NOT adding
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
而且,我正在使用表单身份验证(ASP.NET成员身份),MVC 2,.NET 3.5.
And, I'm using Forms Authentication (ASP.NET Membership), MVC 2, .NET 3.5.
但是我确实发现我是否使用以下方法装饰类,我的方法装饰不起作用.
I did however discover if I decorate my class with the following my method decorations do not work.
[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
这篇关于代码是否忽略了PrincipalPermission属性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!