All geek questions in one place

Winforms Role Based Security Limitations

I am implementing role-based security through the Microsoft membership provider and role.

The theoretical problem that I am experiencing is that you have a role in the method, for example:

[PrincipalPermissionAttribute(SecurityAction.Demand, Role="Supervisor")]
private void someMethod() {}

What if at some point along the way I don’t want supervisors to access someMethod () anymore?

Do I need to change the source code to make this change? Did I miss something?

There seems to be some way to abstract the connection between the supervisor role and the method so that I can create a method in the application to change this correspondence of the role permission to the method.

Any insight or direction will be appreciated. Thank.

+3
source share
2 answers

If you are using a declarative approach, then yes - if you suddenly do not want members to Supervisorbe able to call your method, you need to change the source code for this.

You can also programmatically do all this in code:

private void someMethod() 
{
    WindowsPrincipal currentUser = (Thread.CurrentPrincipal as WindowsPrincipal);
    if (currentUser != null)
    {
        if (currentUser.IsInRole("Supervisor"))
        {
            // do something here
        }
    }

}

You can always get the current version of Windows in which your Winforms application is running, and you can call the method IsInRoleto check if this user is in this role. Of course, you can also make it all customizable, for example. read the required role from the configuration file, and if you want to allow everyone, just simply change the role as Usersor something

+5
source

PrincipalPermissionAttribute , , , ; , .

PrincipalPermission. . :

PrincipalPermission permission = new PrincipalPermission(null, "Supervisor");
permission.Demand(); // Throws SecurityException if user is not in the role.

, , . , , :

private void someMethod()
{
    IEnumerable<string> roles = GetRolesForMethod("someMethod");

    PrincipalPermission permission = null;

    foreach(string role in roles)
    {
        if(permission == null)
        {
            permission = new PrincipalPermission(null, role);
        }
        else
        {
            permission = permission.Union(
                new PrincipalPermission(null, role);
                );
        }
    }

    if(permission != null)
    {
        permission.Demand();
    }
}
+5

Source: https://habr.com/ru/post/1740635/

More articles:


All Articles