I'm trying to use PrincipalPermissionAttribute at the web method level to declaratively limit access to users belonging to an NT group called "APUsers" as shown below:
[PrincipalPermission(SecurityAction.Demand, Role="APUsers")] What I find is that I have to include the machine or NT domain name with the group name, e.g. "IS1\APUsers", or it doesn't work. This makes it very inconvenient (if not impossible without dynamically recompiling) to deploy my app. Does anyone know of a way around this annoyance? I tried to implement my own custom attribute so I could insert a machine name dynamically, but I don't know how the PrincipalPermissionAttribute is implemented and it's not possible to inherit from it since it is sealed. Thanks. You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
