Home/ Questions/Q 3661580
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T01:19:16+00:00

I have a Delete method on all my business objects that has the PrincipalPermission

  • 0

I have a Delete method on all my business objects that has the PrincipalPermission attribute on it.

Example:

[PrincipalPermission(SecurityAction.Demand, Role = "Vendor Manager")]
        public static bool Delete(Vendor myVendor)
        {

            //do work here
        }

The problem is that it appears to be completely ignoring my PrincipalPermission. It lets anyone through, no matter what role they may be part of.

Is there something else I’ve forgotten to do? I have added the following to my Application’s global.asax in the Application Startup section:

AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);

But that doesn’t make any difference either.

I also just tried the following:

public static bool Delete(Vendor myVendor)
        {
            PrincipalPermission iPerm = new PrincipalPermission(null, "Vendor Manager");
            iPerm.Demand();

            //do work here
        }

and wouldn’t ya know, this works just fine!…. any ideas on why it works one way but not the other?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Did you get an answer for this? I just tested this in my own application and it works pretty well. I’m specifically NOT adding

    AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);

    And, I’m using Forms Authentication (ASP.NET Membership), MVC 2, .NET 3.5.

    I did however discover if I decorate my class with the following my method decorations do not work.

    [PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
    • 0