Custom CodeAccessSecurityAttribute

放肆的年华 提交于 2019-12-10 02:58:06

问题


I've created the following attribute:

[Serializable]
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
public class OperationPermissionAttribute : CodeAccessSecurityAttribute
{
    private static PrincipalPermission _revoke = new PrincipalPermission(PermissionState.None);
    private static PrincipalPermission _allow = new PrincipalPermission(PermissionState.Unrestricted);
    private string _role;
    private string _task;
    private string _operation;

    public OperationPermissionAttribute(SecurityAction action, string role, string task, string operation) : base(action)
    {
        _role = role;
        _task = task;
        _operation = operation;
    }

    public OperationPermissionAttribute(string role, string task, string operation)
        : base(SecurityAction.Demand)
    {
        _role = role;
        _task = task;
        _operation = operation;
    }

    public override System.Security.IPermission CreatePermission()
    {
        var principal = System.Threading.Thread.CurrentPrincipal as AzManPrincipal;
        if (principal == null)
            return _revoke;

        bool result = principal.IsOperationAllowed(_role, _task, _operation);
        return result ? _allow : _revoke;
    }
}

which I use like this:

    [OperationPermission(SecurityAction.Demand, Roles.Administrator, "UserService", "Remove")]
    public void Add(User user)
    {
        user.ValidateOrThrow();
        _repository.Add(user);
    }

Running the code gives me the following error:

Missing a required constructor. (Exception from HRESULT: 0x8013143B), its a COMException.

why on earth do I get it and what does it really mean?


回答1:


The problem lies in your constructor definitions. You need to replace your two existing constructors by a single constructor that takes only a SecurityAction argument. (See the "Notes to Inheritors" section at http://msdn.microsoft.com/en-us/library/system.security.permissions.codeaccesssecurityattribute.aspx.) The reason for this lies in the deserialization mechanism used for permission attributes.




回答2:


I would either change the constructor parameter type for role from String to Roles (in which case you would need to change a few other things as well)

public OperationPermissionAttribute(SecurityAction action, Roles role, ...

or do ToString() on the constructor call:

[OperationPermission(SecurityAction.Demand, Roles.Administrator.ToString(), "UserService", "Remove")]

I'd personally prefer the first option.



来源:https://stackoverflow.com/questions/3585081/custom-codeaccesssecurityattribute

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!