Steve Ghattas-Smith [mailto:[EMAIL PROTECTED]] wrote:
> What I find is that I have to include the machine or NT
> domain name with the group name, e.g. "IS1\APUsers", or it
> doesn't work. This makes it very inconvenient (if not
> impossible without dynamically recompiling) to deploy my app.
> Does anyone know of a way around this annoyance? I tried to
> implement my own custom attribute so I could insert a machine
> name dynamically, but I don't know how the
> PrincipalPermissionAttribute is implemented and it's not
> possible to inherit from it since it is sealed. Thanks.
Yes, but you'll need to step away from simple declaritive programming in
this case. What you need to do is maintain your permissions in some sort of
configuration section (perhaps a simple NameValueSectionaHandler section?)
in your .config file. Then in your methods you use the PrincipalPermission
class programatically to check for permissions. Here's some code off the top
of my head:
<codeSnippet language="C#">
public class MyClass
{
public void MyMethod()
{
// Demand permission for role
MyClass.DemandPrincipalPermissionForRole("Role1");
... permission granted, do whatever here ...
}
private static void DemandPrincipalPermissionForRole(string roleKey)
{
// Load the actual role via a mapping in configuration
string actualRoleName = LoadActualRoleNameFromConfig(roleKey);
// Programatically build the role permission
PrincipalPermission permission = new PrincipalPermission(null,
actualRoleName, true);
// Demand permission!
permission.Demand();
}
private static string LoadActualRoleNameFromConfig(string roleKey)
{
// Excersise left up to reader ;)
}
}
</codeSnippet>
Now, you can get fancier if you needed to combine roles with roles or users
or users and roles, etc. However this should get you going in the right
direction.
HTH,
Drew
.NET MVP
You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced
DOTNET, or
subscribe to other DevelopMentor lists at http://discuss.develop.com.
