IIdentity interface exposes AuthenticationType property which i would like to take into account because things are bit different if a user logs on with x509 or basic username/password auth, you know:
[PrincipalPermission(SecurityAction.Demand, Role = "BigBoss", AuthenticationType="basic")]
protected static void DoSomething() {}
But i can’t. Moreover, both PrincipalPermission and PrincipalPermissionAttribute are sealed (thanks guys) so i cannot add the functionality I need. Is this for some special reason or just a design flaw? Any ideas how to workaround?
Despite both being related to security, authentication and authorization are actually separate concerns, and coupling authorization directly to the authentication mechanism is generally not a particularly good idea.
If you feel that you have compelling reasons to add such a coupling, then you have a couple of approaches available:
PrincipalPermissionandPrincipalPermissionAttributeare sealed, there’s nothing stopping you from creating analogous types that do what you want.For #2, you could get away with creating a custom attribute that creates a custom permission that wraps
PrincipalPermissioninstead of re-creating all its logic from scratch.