2

我有一堂装饰有ClaimsPrincipalPermissionsAttribute. 该类有一个方法,该方法也用ClaimsPrincipalPermissionsAttribute. 我的预期是:

首先,当我实例化类时,我接到了对我的 custom 的调用ClaimsAuthorizationManager。这按预期工作。

其次,当我调用该方法时,我的ClaimsAuthorizationManager. 一种来自类级别属性的资源和操作,另一种来自方法级别属性。这不起作用。相反,SecurityException当我调用该方法时,我会被抛出。异常消息是:

解码嵌入权限集对象失败。

为了尝试查看发生了什么,我通过从ClaimsPrincipalPermissionsAttribute. 我可以看到CreatePermission()在我的属性上调用了该方法,它成功返回了 ClaimsPrincipalPermission,但是在ClaimsAuthorizationManager调用 my 之前抛出了异常。

我的代码如下所示:

using System;
using System.IdentityModel.Services;
using System.Security.Permissions;

namespace ConsoleApplication5
{
    class Program
    {
        static void Main(string[] args)
        {
            var test = new SecuredClass();

            test.MethodLevelSecuredMethod();

            Console.ReadKey();
        }
    }

    [ClaimsPrincipalPermission(SecurityAction.Demand, Resource = "SecuredClass", Operation = "GeneralAccess")]
    class SecuredClass
    {
        [ClaimsPrincipalPermission(SecurityAction.Demand, Resource = "MethodLevelSecuredMethod", Operation = "Call")]
        public void MethodLevelSecuredMethod()
        {
            Console.WriteLine("Called MethodLevelSecuredMethod");
        }
    }
}

我究竟做错了什么?是否可以在类和方法级别声明属性?

我正在使用.Net 4.5。

4

2 回答 2

3

The problem is occurring because ClaimsPrincipalPermission does not implement a public constructor that takes a PermissionState argument. (The need for this is documented at http://msdn.microsoft.com/en-us/library/vstudio/yaah0wb2.aspx, albeit hidden in the middle of the text.)

This is essentially a bug in the framework, which should probably be reported at https://connect.microsoft.com/visualstudio/feedback. If you do so, you might want to add that an FxCop rule to check for the presence of this constructor might be a good idea as well.

Pending a bug fix, your only real option is to re-implement both ClaimsPrincipalPermission and ClaimsPrincipalPermissionAttribute if you want to use a declarative approach for claims-based authorization.

于 2013-11-01T16:50:27.827 回答
0

CheckAccess我通过在类构造函数中使用调用来解决这个问题:

class SecuredClass
{
    public SecuredClass()
    {
        ClaimsPrincipalPermission.CheckAccess("SecuredClass", "GeneralAccess");
    }

    [ClaimsPrincipalPermission(SecurityAction.Demand, Resource = "MethodLevelSecuredMethod", Operation = "Call")]
    public void MethodLevelSecuredMethod()
    {
        Console.WriteLine("Called MethodLevelSecuredMethod");
    }
}
于 2014-04-07T17:45:57.210 回答