Principal attribute negotiation vis authorize?

Question

Principal attribute negotiation vis authorize?

Can someone explain to me the differences and use cases for these two attributes? I am completely confused, as they behave in a similar way.

I know that [Authorize] captures the life cycle of an ASP.NET application and starts before the request reaches Controller / Action. How about a principal?

[PrincipalPermission(SecurityAction.Demand, Role="Admin")]

and

[Authorize(Roles="Admin")]

+4

c # attributes

Benjamin nguyen Aug 24 '16 at 8:50

source share

1 answer

emre nevayeshirazi · Accepted Answer · 2016-08-24T08:57:45+0000

Attribute

Authorizeused to indicate restrictions on access to the controller or method of action. In other words, you can grant or deny users / roles access to certain pages or URLs on the site.

ASP.NET, .

- PrincipalPermission. PrincipalPermission . , -.

.

using System;
using System.Security.Permissions;

[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
public class EmployeeManager
{
    [PrincipalPermission(SecurityAction.Demand, Role = "Manager")]
    public Employee LookupEmployee(int employeeID)
    {
       // todo
    }

    [PrincipalPermission(SecurityAction.Demand, Role = "HR")]
    public void AddEmployee(Employee e)
    {
       // todo
    }
}

, PrincipalPermission,

EmployeeManager .
LookupEmployee Manager.

ASP.NET 2.0

Principal attribute negotiation vis authorize?

More articles: