Hi;
I Posted this on public.dotnet.security recently and it driving me
nuts, can anyone please help me?
I have a "special" requirement that only certain methods from certain
classes can only be invoked from certain web apps (on our intranet).
Othwerwise, it should raise security exception.
I dont have any experience with code acces security so I started
reading msdn and stumbled on SiteIdentityPermission class and I think
that could be it. Maybe I was wrong becaouse it doesnt work.
So, now i have in my AssemblyInfo.cs following :
[assembly:
SiteIdentityPermissionAttribute(SecurityAction.Req uestMinimum, Site =
"http://Myserver/MyTrustedSite/")]
And, just before method body I have :
public class MyClass
{
[SiteIdentityPermissionAttribute(SecurityAction.Dem and, Site
=
"http://Myserver/MyTrustedSite/)]
static public void DoSomething()
{
.... and, it doesnt work, method DoSomething can be called from any
other web site.
What I am doing wrong? How can I make this method secure so that it
could be called only from http://Myserver/MyTrustedSite/ for example?
If I wasnt clear enough, my shared assembly and that web site are on
the same server. Assembly is local assembly for now, but when I put
it
in gac I want to make sure that only one specific aspnet web site
should be able to use these secure methods.
I should be, it certainly sounds trivilal, but it isnt. There is no
clear example in documentation or internet. Did anyone ever needed
this?