Please do not reply to this email- if you want to comment on the bug, go to the URL shown below and enter your comments there.
Changed by [EMAIL PROTECTED] http://bugzilla.ximian.com/show_bug.cgi?id=82043 --- shadow/82043 2007-07-08 15:10:35.000000000 -0400 +++ shadow/82043.tmp.19474 2007-07-08 15:10:35.000000000 -0400 @@ -0,0 +1,39 @@ +Bug#: 82043 +Product: Mono: Class Libraries +Version: 1.2 +OS: +OS Details: +Status: NEW +Resolution: +Severity: +Priority: Normal +Component: Sys.Web.Services +AssignedTo: [EMAIL PROTECTED] +ReportedBy: [EMAIL PROTECTED] +QAContact: [EMAIL PROTECTED] +TargetMilestone: --- +URL: +Cc: +Summary: WebMethod and PrincipalPermission + +I am trying to secure a simple web service by leveraging the existing forms +authentication configured for an asp.net site, and was curious if the +following is expected to work at this point: + +[WebMethod] +[PrincipalPermission(SecurityAction.Demand, Authenticated=true, Role="admin")] +public bool Test(int x, int y) +{ + return User.IsInRole("admin"); +} + +If a user is not authenticated, this webservice method returns false. If +an admin user is authenticated and calls this webservice method, it returns +true. + +In the first scenario, I would have expected a security exception to be +raised, rather than executing the method and returning the value. + + +Thanks, +Mike _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
