I’m considering writing a custom IPermission implementation but am not clear as to how it should work. I’ve already implemented IPrincipal and IIdentity. What I would like to accomplish is to be able to check permissions vis a vis the current IPrincipal‘s authorizations rather than its roles. Generally, authorizations are read/add-delete/update/none for a given type. So I would like to write something like this:
[CustomPermission(SecurityAction.Demand, Type = typeof(Foo), MinimumAuthorization = AuthorizationFlags.Read)]
public void SomeMethod(){}
Is this possible? I’ve looked over the code at http://msdn.microsoft.com/en-us/library/system.security.ipermission.aspx. This shows how to implement the interface, but I don’t understand how the above pseudo-code would be able to check against the IPrincipal‘s authorizations for the type.
Your
CustomPermissionimplementation of IPermission.Demand should be able to look at the Thread.Current.CurrentPrincipal, cast that to your custom principal and from there investigate your authorization data.