Hello,
I reported the following scenario as a bug on Microsoft Product Feedback, but thought maybe someone here has also noticed this and has an explanation for it. I don't believe the PrincipalPermission attribute is working correctly when it is applied to a class and one of its methods. Here is the scenario:
1) Create a class library project (I used VB)
2) Add the following class to the project
Imports System.Security.Permissions
<PrincipalPermissionAttribute(SecurityAction.Demand, Authenticated:=True)> _
Public Class Class1
<PrincipalPermission(SecurityAction.Demand, role:="myDomain\myRole")> _
Public Shared Function GetOne() As Integer
Return 1
End Function
End Class
3) Create an application that uses the class library (I created both a Windows Forms application and an ASP.NET website). Create a form and a webpage that calls Class1.GetOne().
4) Run the application and access it with a user who doesn't belong to the group specified in the Class1.GetOne PrincipalPermissionAttribute.
The user that doesn't belong to the role specified in the PrincipalPermissionAttribute can successfully call the method. If the PrincipalPermissionAttbribute is removed from Class1, but left on Class1.GetOne(), the attribute on Class1.GetOne() is properly enforced.
It is properly enforced in .NET 1.1. Here is a link to the issue if you would like to vote for it if it is important to you.
http://lab.msdn.microsoft.com/productfeedback/viewfeedback.aspx feedbackid=96f69bea-e26e-4656-872d-3bff84576df0
Thanks,
Rob
PrincipalPermission bug?
Pat 34847
Rob
Umberto Gatti
In my opinion this is NOT a change for the better. Look at the incident reported on Microsoft Product feedback for more information. The link is in a prior post in this thread.
Rob
Olivier Robin
It would be great if you could reactivate the bug with that information -- it will be routed to the appropriate people to look at the problem.
Thanks,
-Shawn
orac123456789
Hi Rob,
Check out Arun's comments in your bug -- he's addressed the issue there.
Thanks,
-Shawn
Amit Tzafrir
Thanks for the reply.
There is still another bug that isn't addressed. If the class level PrincipalPermissionAttribute is changed to be a role check instead of IsAuthenticated, the method call is allowed in .NET 2.0 if EITHER the class or method PrincipalPermissionAttribute is satisifed. The document clearly states that a method level PrincipalPermission attribute replaces or overrides the class level one. This is also consistent with the .NET 1.1 behavior. This change in behavior in .NET 2.0 breaks the security in our existing application and is a serious bug.
Thanks again for your reply Shawn,
Rob