By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,579 Members | 1,669 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,579 IT Pros & Developers. It's quick & easy.

Question about declaritive Role Based security...

P: n/a
I have some code that looks like this for one of my classes:

Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Principal

<PrincipalPermission(SecurityAction.Demand, Role:="RUS\GEM_Admin")> _
Public Class GccAdmin
Public Sub New()
End Sub
End Class

The intent here is to make sure that the class cannot be instanced unless
the caller has the correct DomainName\GroupName privileges.

All here is fair and well until I start to think about what this implies. To
me at least, this implies that the domain name is made part of the assembly
at build time. What happens if I want to run this on a different domain?

Seems like I am missing something here...

Anyone care to clear this question up?
--
Raymond R Cassick
CEO / CSA
Enterprocity Inc.
www.enterprocity.com
3380 Sheridan Drive, #143
Amherst, NY 14227
V: 716-316-7537
Blog: http://spaces.msn.com/members/rcassick/
Nov 21 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Hi,
Here is how I do it. If you throw an exception in the new
procedure the class isnt instanced.

Public Class test

Public Sub New()

Dim id As WindowsIdentity = WindowsIdentity.GetCurrent()

Dim wp As New WindowsPrincipal(id)

If Not wp.IsInRole("RUS\GEM_Admin") Then

Throw New Security.SecurityException("Unauthorized User")

Return

End If

End Sub

Public Sub Hello()

MessageBox.Show("Hello World")

End Sub

End Class

Ken

--------------------------

"Ray Cassick (Home)" <rc************@enterprocity.com> wrote in message
news:u5**************@TK2MSFTNGP14.phx.gbl...
I have some code that looks like this for one of my classes:

Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Principal

<PrincipalPermission(SecurityAction.Demand, Role:="RUS\GEM_Admin")> _
Public Class GccAdmin
Public Sub New()
End Sub
End Class

The intent here is to make sure that the class cannot be instanced unless
the caller has the correct DomainName\GroupName privileges.

All here is fair and well until I start to think about what this implies. To
me at least, this implies that the domain name is made part of the assembly
at build time. What happens if I want to run this on a different domain?

Seems like I am missing something here...

Anyone care to clear this question up?
--
Raymond R Cassick
CEO / CSA
Enterprocity Inc.
www.enterprocity.com
3380 Sheridan Drive, #143
Amherst, NY 14227
V: 716-316-7537
Blog: http://spaces.msn.com/members/rcassick/

Nov 21 '05 #2

P: n/a
But this still requires me to hard code the domain name in the assembly. I
don't know the domain name that my assembly is going to run under but I do
know the group name I need to require.

Is there any way that I can do this without having to hard code the domain
name as part of the group name string?

"Ken Tucker [MVP]" <vb***@bellsouth.net> wrote in message
news:uB**************@TK2MSFTNGP09.phx.gbl...
Hi,
Here is how I do it. If you throw an exception in the new
procedure the class isnt instanced.

Public Class test

Public Sub New()

Dim id As WindowsIdentity = WindowsIdentity.GetCurrent()

Dim wp As New WindowsPrincipal(id)

If Not wp.IsInRole("RUS\GEM_Admin") Then

Throw New Security.SecurityException("Unauthorized User")

Return

End If

End Sub

Public Sub Hello()

MessageBox.Show("Hello World")

End Sub

End Class

Ken

--------------------------

"Ray Cassick (Home)" <rc************@enterprocity.com> wrote in message
news:u5**************@TK2MSFTNGP14.phx.gbl...
I have some code that looks like this for one of my classes:

Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Principal

<PrincipalPermission(SecurityAction.Demand, Role:="RUS\GEM_Admin")> _
Public Class GccAdmin
Public Sub New()
End Sub
End Class

The intent here is to make sure that the class cannot be instanced unless
the caller has the correct DomainName\GroupName privileges.

All here is fair and well until I start to think about what this implies.
To
me at least, this implies that the domain name is made part of the
assembly
at build time. What happens if I want to run this on a different domain?

Seems like I am missing something here...

Anyone care to clear this question up?
--
Raymond R Cassick
CEO / CSA
Enterprocity Inc.
www.enterprocity.com
3380 Sheridan Drive, #143
Amherst, NY 14227
V: 716-316-7537
Blog: http://spaces.msn.com/members/rcassick/

Nov 21 '05 #3

P: n/a
Don't hardcode the domain name. Allow it to be set in your application, or
read it from a .config file where it can be set after installation. Then
when you create the Security Principals, construct the Domain and Group and
handle the exception if it doesn't exist.

Alternatively, In a single domain environment, you could find the domain the
currently logged in user is a member of, and then construct your
DOMAIN\GEM_Admin as a member of that domain.

"Ray Cassick (Home)" <rc************@enterprocity.com> wrote in message
news:ep**************@TK2MSFTNGP14.phx.gbl...
But this still requires me to hard code the domain name in the assembly. I
don't know the domain name that my assembly is going to run under but I do
know the group name I need to require.

Is there any way that I can do this without having to hard code the domain
name as part of the group name string?

"Ken Tucker [MVP]" <vb***@bellsouth.net> wrote in message
news:uB**************@TK2MSFTNGP09.phx.gbl...
Hi,
Here is how I do it. If you throw an exception in the new
procedure the class isnt instanced.

Public Class test

Public Sub New()

Dim id As WindowsIdentity = WindowsIdentity.GetCurrent()

Dim wp As New WindowsPrincipal(id)

If Not wp.IsInRole("RUS\GEM_Admin") Then

Throw New Security.SecurityException("Unauthorized User")

Return

End If

End Sub

Public Sub Hello()

MessageBox.Show("Hello World")

End Sub

End Class

Ken

--------------------------

"Ray Cassick (Home)" <rc************@enterprocity.com> wrote in message
news:u5**************@TK2MSFTNGP14.phx.gbl...
I have some code that looks like this for one of my classes:

Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Principal

<PrincipalPermission(SecurityAction.Demand, Role:="RUS\GEM_Admin")> _
Public Class GccAdmin
Public Sub New()
End Sub
End Class

The intent here is to make sure that the class cannot be instanced unless the caller has the correct DomainName\GroupName privileges.

All here is fair and well until I start to think about what this implies. To
me at least, this implies that the domain name is made part of the
assembly
at build time. What happens if I want to run this on a different domain?

Seems like I am missing something here...

Anyone care to clear this question up?
--
Raymond R Cassick
CEO / CSA
Enterprocity Inc.
www.enterprocity.com
3380 Sheridan Drive, #143
Amherst, NY 14227
V: 716-316-7537
Blog: http://spaces.msn.com/members/rcassick/


Nov 21 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.