473,480 Members | 1,940 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Security Attribute on Event?


I am using Role-based seucity Attributes on different methods in my
code-behind like this:

private void callmymethod()
{
try
{
mymethod();
}
catch{}
PrincipalPermission(SecurityAction.Demand , Role="1")]
private void mymethod()
{
}
Then any work in mymethod will fail quietly if the Principal does not
have a "1" role.

I want the same silent-fail on events that are wired to controls, but
I don't see how to do that. How do I do that on an event like this:

PrincipalPermission(SecurityAction.Demand , Role="1")]
private void button1_clic( object sender , EventArgs e )
{
}

Right now when the button is clicked, if the Principal does not have
the Role, the whole app grinds to a halt with an Exception.

Thanks.

Nov 19 '05 #1
3 1443
Hi Xenophon,

Welcome to ASPNET newsgroup.
Regarding on the program on using Declarative role based security through
..net 's PrincipalPermission attribute in asp.net app, here are some of my
understanding:

The PrincipalPermissionAttribute will have the same behavior as we
programmatically use PrincipalPermission class instance to demand the
permission. Like:

PrincipalPermission permission = new PrincipalPermission(null, "Role1",
true);
permission.Demand();
So what's the behavior on your page is you use the above programmatical
demand?

Also, I'm not quite sure on the "quietly failed" you mentioned, when and
how does it happen? Is it only happen when you apply the security demand on
a helper function rather than control's event handler function?

If convenient, would you also send me a test page so that I can perform
the same test on my side?

Looking forward to your response. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


Nov 19 '05 #2

Please close this issue, I have a workaround in effect.
Thanks.

On Wed, 18 May 2005 02:01:13 GMT, v-******@online.microsoft.com
(Steven Cheng[MSFT]) wrote:
Hi Xenophon,

Welcome to ASPNET newsgroup.
Regarding on the program on using Declarative role based security through
.net 's PrincipalPermission attribute in asp.net app, here are some of my
understanding:

The PrincipalPermissionAttribute will have the same behavior as we
programmatically use PrincipalPermission class instance to demand the
permission. Like:

PrincipalPermission permission = new PrincipalPermission(null, "Role1",
true);
permission.Demand();
So what's the behavior on your page is you use the above programmatical
demand?

Also, I'm not quite sure on the "quietly failed" you mentioned, when and
how does it happen? Is it only happen when you apply the security demand on
a helper function rather than control's event handler function?

If convenient, would you also send me a test page so that I can perform
the same test on my side?

Looking forward to your response. Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)



Nov 19 '05 #3
Thank you for your followup xenophon.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Nov 19 '05 #4
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
9
10805
Security/Distribution Group Member.Count limit of 1000
by: Terry E Dow | last post by:
Howdy, I am having trouble with the objectCategory=group member.Count attribute. I get one of three counts, a number between 1-999, no member (does not contain member property), or 0. Using...
C# / C Sharp
5
15153
NonSerialized attribute and events
by: Neil Norfolk | last post by:
I am using C# in Visual Studio 2003. I would like to serialize a class that contains, amongst other things, public delegate void DocumentsPreferencesChange(object env, Documents e); public event...
C# / C Sharp
7
3250
wiring up html attribute declared event handlers
by: Oisin Grehan | last post by:
Hi, I have a UserControl derived class: <ns:votingbutton runat="server" id="btn1" onclick="votingbuttonclick" /> My question is, what code do I need in place in the codebehind for this to...
ASP.NET
29
15471
Security- access to Event Viewer
by: Patrick | last post by:
I have the following code, which regardless which works fine and logs to the EventViewer regardless of whether <processModel/> section of machine.config is set to username="SYSTEM" or "machine" ...
ASP.NET
0
920
Code security / permissons attribute questions
by: Rich Forman | last post by:
Hey guys, VB.NET question: I want my app to overwrite files in its own directory with later-version-#'s of the same files that it finds in a designated "updates" directory. It works great when...
Visual Basic .NET
7
6389
Change onclick attribute
by: Giacomo | last post by:
I work on a page structured like: <h2> ... </h2> <div ="div1" class="show"> ... </div> <h2> ... </h2> <div id="div2" class="show"> ... </div> <h2> ... </h2> <div id="div3" class="show">...
Javascript
5
7718
Security Exception Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42
by: wenning | last post by:
Hello, I am struggling with a website on a W2K3 server which has the actual content on a NAS server (also W2K3 based). The servers doesn't run in a domain and arent intended to. I did make...
ASP.NET
0
2974
XHTML error: Attribute 'for' is not a valid attribute of element 'script'.
by: Tom Chi | last post by:
Hi, I am porting an ASP.NET Javascript/C# application from .NET framework 1.x (everything works there) to 2.0 on Windows Server 2003 SP1, and experieced problem (null reference) while trying to...
XML
1
1210
Security of postbacks / button visibility
by: dontspammenow | last post by:
If I put a asp button on a page with a runat=server attribute and then set it's visibility to FALSE, so that it doesn't display on the page, but have a click event for the button in the code...
ASP.NET
0
7041
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
6908
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7044
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7084
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
5337
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
4779
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
2995
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
2984
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
563
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us