Hi
We have windows application and have created our own custom principle &
identity objects that implement IPrinciple and IIdentity. When a user logs
into our system we set the threads principle to our custom principle object
by calling Thread.CurrentPrinciple = blah. This all works great for role
based security. BUT lets say i want to run one line of code which causes an
imperative security demand:
Dns.GetHostName();
CAS will now throw security exceptions when we try to run code that demands
permissions. I thought the following code might be a work around
IPrincipal currentPrinciple = Thread.CurrentPrincipal;
try
{
Thread.CurrentPrincipal = new
WindowsPrincipal(WindowsIdentity.GetCurrent());
Dns.GetHostName();
}
finally
{
Thread.CurrentPrincipal = currentPrinciple;
}
But alas the DnsPermission.Demand() still throws a security exception. I
think the following article and quote might explain why
http://support.microsoft.com/default...b;en-us;318169
"Imperative security uses code that is executed at run time to enforce
security. At run time, when a Demand method is called from an Identity
Permission class, the call stack is evaluated to verify the code. If there
is a point in the call stack where assemblies that were previously called do
not have the same identity as the code, exceptions are thrown."
So, I wish to use alot of classes that have security demands in them but if
i use my own principle objects i can no longer use them. It seems to be a
wee bit of a conundrum. Anyone have any thoughts besides
tia
andrew