@Jimmy I am setting the PrincipalPermission on each of my actions in
the controller and the PrincipalPermission is working as advertised.
I do not have a restriction to access the URL in my web.config. If I
comment out all my manual exceptions, things work. And, if I change
the role to "Foo" and since I don't have the Foo role, that is when I
get the ASP.NET error page.
My complete action is
[PrincipalPermission(SecurityAction.Demand, Role =
Roles.Administrator)]
public void Index()
{
// throw new Exception("This is a test of an Exception");
// throw new ControllerException("This is a test of a
controller exception");
throw new SecurityException("This is a test of a security
exception");
PropertyBag["feeds"] = Feed.FindAll();
}
@Patrick I am working off a nightly build 92?, so I am pretty
current. As I stated to Jimmy, I am setting my PrincipalPermission at
the action level, so the thread you referenced doesn't seem
applicable. Unless I am misunderstanding your suggestions, I believe
my problem is with how monorail catches exceptions and then figures
out which rescue view to use and when it doesn't find it in bubbles
the exception out to ASP.NET.
If I throw the ControllerException or just a plain Exception, the
rescues work, so what is stumping me is why is the SecurityException
any different since it is throw in the same place as the others.
Jason
On Sep 9, 11:14 pm, Jimmy Shimizu <[EMAIL PROTECTED]> wrote:
> I had somewhat a similar problem, lead me to the point where I set
> permissions exclusively on each action using PrincipalPermission.
>
> Bascially, You could set it on the controller and still use the
> SecurityException, but then you cannot override it on the action/
> method IIRC.
>
> However, the reason for the ASP.NET-exception is probably because you
> restrict access to the url with ASP.NET using <location> blocks in
> your web.config (and even denying access if not authenticated probably).
>
> You need to allow access to everything in your config and keep your
> security-restrictions in your controllers with for instance,
> PrincipalPermission.
>
> On 9 sep 2008, at 21.13, jsmorris wrote:
>
>
>
> > I have the following three Rescue attributes defined on my controller
>
> > [Rescue("error")]
> > [Rescue("controller", typeof(ControllerException))]
> > [Rescue("security", typeof(SecurityException))]
>
> > Inside one of my actions, I have placed one of the three types of
> > exceptions, but the SecurityException is never capture and I get an
> > ASP.NET error page instead of the view I defined in my views/rescues.
> > Exception and ControllerException work as advertised. I have tried
> > several combinations of the attributes and types, but no matter what I
> > do, a SecurityException is never handled properly.
>
> > public void Index()
> > {
> > // throw new Exception("This is a test of an Exception");
> > // throw new ControllerException("This is a test of a
> > controller exception");
> > throw new SecurityException("This is a test of a security
> > exception");
> > }
>
> > All I want to do is display different help information when I security
> > exception is thrown, i.e. where to request access, only on
> > SecurityException. The other types of exceptions should show the
> > error and possible support email address.
>
> > Thanks,
> > Jason
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Castle Project Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/castle-project-users?hl=en
-~----------~----~----~----~------~----~------~--~---
