MsTest and PrincipalPermissionAttribute Failure

Hello BJ,

From your description, you're meeting some problem to get the
"PrincipalPermission" demand to work in your vs 2005/.net 2.0 program,
correct?

I've performed some local tests through winform application, it seems that
the "PrincipalPermissionAttribute" can work correctly for custom
principal/identity or windows principal/identity associated with the
current thread. Also, according to the MSDN document, it indicate that we
should set AppDomain's PrincipalPolicy to "WindowsPrincipal" at
application's initializing time

#PrincipalPermissionAttribute Class
http://msdn2.microsoft.com/en-us/lib...ssions.princip
alpermissionattribute.aspx

My test code is as below, you can also have a test to see whether it works
for you:

=======================
private void btnSetPrincipal_Click(object sender, EventArgs e)
{
GenericIdentity identity = new
GenericIdentity("testuser", "customauth");

GenericPrincipal gp = new GenericPrincipal(identity, new
string[] { "role1", "role2" });

Thread.CurrentPrincipal = gp;

}

[PrincipalPermission( SecurityAction.Demand, Role="role1")]
private void btnDemand_Click(object sender, EventArgs e)
{
MessageBox.Show("success demand!");
}

private void Form1_Load(object sender, EventArgs e)
{

AppDomain.CurrentDomain.SetPrincipalPolicy(Princip alPolicy.WindowsPrincipal)
;
}
=========================
In addition, you can try programmatically construct a PrincipalPermission
class instance and call its "Demand" method to see whether it works. Also,
make sure your principal-demand method hasn't been called on a different
thread context(you can printout the thread's principal/identity context to
verify this).

If you have any further finding, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Steven,

This is BJ's colleague who he is helping. There is no doubt that
[PrincipalPermission] works in the context you mention, but it is not working
in the context of a MSTest Unit Test. Please read thoroughly the description
of the problem. Refactor your code sample so that you can call
"btnDemand_Click" from a unit test and you will see the issue.

-Casey

"Steven Cheng[MSFT]" wrote:

Hello BJ,

From your description, you're meeting some problem to get the
"PrincipalPermission" demand to work in your vs 2005/.net 2.0 program,
correct?

I've performed some local tests through winform application, it seems that
the "PrincipalPermissionAttribute" can work correctly for custom
principal/identity or windows principal/identity associated with the
current thread. Also, according to the MSDN document, it indicate that we
should set AppDomain's PrincipalPolicy to "WindowsPrincipal" at
application's initializing time

#PrincipalPermissionAttribute Class
http://msdn2.microsoft.com/en-us/lib...ssions.princip
alpermissionattribute.aspx

My test code is as below, you can also have a test to see whether it works
for you:

=======================
private void btnSetPrincipal_Click(object sender, EventArgs e)
{
GenericIdentity identity = new
GenericIdentity("testuser", "customauth");

GenericPrincipal gp = new GenericPrincipal(identity, new
string[] { "role1", "role2" });

Thread.CurrentPrincipal = gp;

}

[PrincipalPermission( SecurityAction.Demand, Role="role1")]
private void btnDemand_Click(object sender, EventArgs e)
{
MessageBox.Show("success demand!");
}

private void Form1_Load(object sender, EventArgs e)
{

AppDomain.CurrentDomain.SetPrincipalPolicy(Princip alPolicy.WindowsPrincipal)
;
}
=========================
In addition, you can try programmatically construct a PrincipalPermission
class instance and call its "Demand" method to see whether it works. Also,
make sure your principal-demand method hasn't been called on a different
thread context(you can printout the thread's principal/identity context to
verify this).

If you have any further finding, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for the reply, Steven.

It appears that setting the App domain's PrincipalPolicy is the key issue.
Based on your response, we found that we have to set the PrincipalPolicy as a
part of the initialization of each test for it to work in the testing
environment.

Thanks again for the prompt reply.

--BJ Safdie

"Steven Cheng[MSFT]" wrote:

Hello BJ,

From your description, you're meeting some problem to get the
"PrincipalPermission" demand to work in your vs 2005/.net 2.0 program,
correct?

I've performed some local tests through winform application, it seems that
the "PrincipalPermissionAttribute" can work correctly for custom
principal/identity or windows principal/identity associated with the
current thread. Also, according to the MSDN document, it indicate that we
should set AppDomain's PrincipalPolicy to "WindowsPrincipal" at
application's initializing time

#PrincipalPermissionAttribute Class
http://msdn2.microsoft.com/en-us/lib...ssions.princip
alpermissionattribute.aspx

My test code is as below, you can also have a test to see whether it works
for you:

=======================
private void btnSetPrincipal_Click(object sender, EventArgs e)
{
GenericIdentity identity = new
GenericIdentity("testuser", "customauth");

GenericPrincipal gp = new GenericPrincipal(identity, new
string[] { "role1", "role2" });

Thread.CurrentPrincipal = gp;

}

[PrincipalPermission( SecurityAction.Demand, Role="role1")]
private void btnDemand_Click(object sender, EventArgs e)
{
MessageBox.Show("success demand!");
}

private void Form1_Load(object sender, EventArgs e)
{

AppDomain.CurrentDomain.SetPrincipalPolicy(Princip alPolicy.WindowsPrincipal)
;
}
=========================
In addition, you can try programmatically construct a PrincipalPermission
class instance and call its "Demand" method to see whether it works. Also,
make sure your principal-demand method hasn't been called on a different
thread context(you can printout the thread's principal/identity context to
verify this).

If you have any further finding, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for your reply BJ,

I just came back and see your followup. I also found your colleague Casey's
reply indicate that the problem may also be specfiic to the [TestMethod]
(test project) scenario, have you also got it working for that case also?
As Casey mentioned, I did only peform the test code in a normal console and
winform application and haven't do the exact test in the test project. So
if you still have the problem in that case, please feel free to let me
know, I'll help you continue work on it.

Anyway, glad that my suggestion has helped you.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.