Please do not reply to this email- if you want to comment on the bug, go to the URL shown below and enter your comments there.
Changed by [EMAIL PROTECTED] http://bugzilla.ximian.com/show_bug.cgi?id=82043 --- shadow/82043 2007-07-13 05:54:21.000000000 -0400 +++ shadow/82043.tmp.2736 2007-07-15 09:10:46.000000000 -0400 @@ -1,12 +1,12 @@ Bug#: 82043 Product: Mono: Class Libraries Version: 1.2 OS: unknown OS Details: -Status: NEEDINFO +Status: REOPENED Resolution: Severity: Unknown Priority: Normal Component: Sys.Web.Services AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] @@ -61,6 +61,66 @@ ------- Additional Comments From [EMAIL PROTECTED] 2007-07-13 05:54 ------- > There also seem some traps that disables basic authentication > stuff, which may be happening with your setup. Oops, forgot to add a link for this: http://www.dotnet247.com/247reference/msgs/29/147430.aspx + +------- Additional Comments From [EMAIL PROTECTED] 2007-07-15 09:10 ------- +Sorry for not being so clear. I am running this through xsp2, and +have split the asmx and code files. Below is a modified version of +your test case which more closely resembles my setup: + +First is the asmx file. This lives in a standard directory that can +be referenced by the browser (not in a special asp.net directory such +as app_code). + +-- ASMX FILE -- +<[EMAIL PROTECTED] Language="c#" Class="Bug82043" %> + + +The .asmx.cs file lives in App_Code. This file contains all the logic +for the class. This is working fine on my xsp2 instance: + +-- ASMX.CS FILE -- +using System; +using System.Security; +using System.Security.Permissions; +using System.Web; +using System.Web.Services; +using System.Web.Services.Protocols; + +public class Bug82043 : WebService +{ + [WebMethod] + [PrincipalPermission(SecurityAction.Demand, +Authenticated=true, Role="admin")] + public bool Test(int x, int y) + { + return User.IsInRole("admin"); + } +} + +As part of the website, I have enabled forms authentication, and am +using a custom Membership and Role provider to provide authentication +and authorization services. That has been working fine for some time, +and properly allows a user to log into my site and allow/deny access +to various areas based on who they are. + +Given that the code above tries to apply a role level principal +permission on the method, as I would expect the runtime to raise an +exception here, as the user is not in the role at first. However, it +does get into the method, and then returns false as the user did not +login. + +After logging in as an admin, the method is invoked and returns true. + +I might not be correctly understanding what you are getting at with +the reference to the article. I am running this on linux, and using +forms based authentication (not integrated windows or basic auth). +Also, I am not authorizing based on username, and am not in an active +directory domain, so I dont believe the comments concerned with the +Name attribute apply here. Is there something I am missing? + + +Thanks, +Mike _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
