Request for principal permission failed

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have an issue that is making no sense. I have code that sets up code
access security. In my Windows Form application, I am able to do to create
an instance of the user control "Requisition" with no exceptions if the user
has the proper role:

<Security.Permissions.PrincipalPermissionAttribute(Security.Permissions.SecurityAction.Demand, Role:="Application Administrator")> _
Public Class Requisition
Inherits System.Windows.Forms.UserControl



Using this exact same code in the exact same way fails when I try to create
the user control in a WPF Application. I get a "Request for principal
permission failed" exception message.


I am performing the following code:

System.AppDomain.CurrentDomain.SetPrincipalPolicy(Security.Principal.PrincipalPolicy.WindowsPrincipal)

mPrincipal = System.Threading.Thread.CurrentPrincipal
mUserPrincipalIdentity = mPrincipal.Identity

principalIdentityName = mUserPrincipalIdentity.Name.Split("\")

If principalIdentityName.Length >= 1 Then
principalIdentityUserName = principalIdentityName
(principalIdentityName.Length - 1)
End If

Dim roles As New Roles()
Dim roleCollection As RoleCollection
Dim rolesArray As String()
Dim applicationIdentity As Security.Principal.GenericIdentity

roleCollection = roles.FindByEmployeeId(employeeId)

ReDim rolesArray(roleCollection.Count - 1)

Dim x As Integer
x = 0
For Each role As Role In roleCollection
rolesArray(x) = role.Name
x += 1
Next

' Create generic identity.
applicationIdentity = New
Security.Principal.GenericIdentity(principalIdentityUserName )

' Create generic principal.
mApplicationPrincipal = New
Security.Principal.GenericPrincipal(applicationIdentity, rolesArray)

'set the thread to run under this new identity
System.Threading.Thread.CurrentPrincipal = mApplicationPrincipal
 
Hi,

This is a quick note to let you know that I am performing research on this
issue and will get back to you ASAP.

I appreciate your patience!

Sincerely,
Linda Liu
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hi,

I performed a test on this issue, but didn't reproduce the problem on my
part.

I create a WinForm application and add a UserControl into it. I add a
public method in the UserControl and adorn the PrincipalPermissionAttribute
on the UserControl. The code of the user control is like below:

using System.Security.Permissions;
[PrincipalPermission(SecurityAction.Demand, Name =
"linda",Role="Administrators")]
class UserControl1:UserControl
{
public void Method()
{
MessageBox.Show("Method in UserControl");
}
}

In the static Main method, I add the following code before Application.Run
method is called:
AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.Princip
alPolicy.WindowsPrincipal);

I add a Button on the form and handle the button's Click event handler as
follows:

private void button1_Click(object sender, EventArgs e)
{
UserControl1 uc = new UserControl1();
uc.Method();
}
Build and run the application. When I run the application on Windows XP
(on which I log as linda and the user 'linda' is in the Administrators
group on the machine) and click the button on the form, a messagebox pops
up without any question.

Then I run the application on Windows Vista( on which Iog as linda and the
user 'linda' is in the Administrator group on the machine) and click the
button on the form. At this time, I get an exception 'Request for principal
permission failed'. If I run the application as Administrators, all works
without problems.

Then I add the following code in the button's Click event handler:

private void button1_Click(object sender, EventArgs e)
{
GenericIdentity gi = new GenericIdentity("linda");
GenericPrincipal gp = new GenericPrincipal(gi, new string[] {
"Administrators" });

Thread.CurrentPrincipal = gp;
UserControl1 uc = new UserControl1();
uc.Method();
}

In this case, the application runs on behalf of the user 'linda' with the
role 'Adminstrators'. Now I can run this application on Windows Vista
without running it as Administrators.

I perform a test in a WPF Windows application on almost the same code and
see the same result. In my WPF test project, I add the code
'AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.Princi
palPolicy.WindowsPrincipal);' in the static Main method within the App.g.cs
file.

FYI, to open the App.g.cs file, double-click the App.xaml.cs under the
App.xaml node in the Solution Explorer. In the code editor, select Main
from the top right combobox and then you will navigate to the App.g.cs file.

Is there any difference between your projects and mine?

Sincerely,
Linda Liu
Microsoft Online Community Support
 
Thanks for the reply,

The difference between my application and yours is I set up the generic
principal in the WPF form that is specified in the StartupUri in App.xaml. I
have a Canvas layout section on the WPF form. This gets filled with a WPF
control initially. When a user selects a menu item, I remove the WPF control
and attempt to create the user control. Let me try moving my generic
principal to static main and see if this makes a difference. I will let you
know the results.

Linda Liu said:
Hi,

I performed a test on this issue, but didn't reproduce the problem on my
part.

I create a WinForm application and add a UserControl into it. I add a
public method in the UserControl and adorn the PrincipalPermissionAttribute
on the UserControl. The code of the user control is like below:

using System.Security.Permissions;
[PrincipalPermission(SecurityAction.Demand, Name =
"linda",Role="Administrators")]
class UserControl1:UserControl
{
public void Method()
{
MessageBox.Show("Method in UserControl");
}
}

In the static Main method, I add the following code before Application.Run
method is called:
AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.Princip
alPolicy.WindowsPrincipal);

I add a Button on the form and handle the button's Click event handler as
follows:

private void button1_Click(object sender, EventArgs e)
{
UserControl1 uc = new UserControl1();
uc.Method();
}
Build and run the application. When I run the application on Windows XP
(on which I log as linda and the user 'linda' is in the Administrators
group on the machine) and click the button on the form, a messagebox pops
up without any question.

Then I run the application on Windows Vista( on which Iog as linda and the
user 'linda' is in the Administrator group on the machine) and click the
button on the form. At this time, I get an exception 'Request for principal
permission failed'. If I run the application as Administrators, all works
without problems.

Then I add the following code in the button's Click event handler:

private void button1_Click(object sender, EventArgs e)
{
GenericIdentity gi = new GenericIdentity("linda");
GenericPrincipal gp = new GenericPrincipal(gi, new string[] {
"Administrators" });

Thread.CurrentPrincipal = gp;
UserControl1 uc = new UserControl1();
uc.Method();
}

In this case, the application runs on behalf of the user 'linda' with the
role 'Adminstrators'. Now I can run this application on Windows Vista
without running it as Administrators.

I perform a test in a WPF Windows application on almost the same code and
see the same result. In my WPF test project, I add the code
'AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.Princi
palPolicy.WindowsPrincipal);' in the static Main method within the App.g.cs
file.

FYI, to open the App.g.cs file, double-click the App.xaml.cs under the
App.xaml node in the Solution Explorer. In the code editor, select Main
from the top right combobox and then you will navigate to the App.g.cs file.

Is there any difference between your projects and mine?

Sincerely,
Linda Liu
Microsoft Online Community Support
Click to expand...
 
Hi,

Thank you for your reply.

Have you tried moving the generic principal to the static Main method in
your WPF Windows application? How about the problem now?

If you need our further assistance, please feel free to let me know.

Thank you for using our MSDN Managed Newsgroup Support Service!

Sincerely,
Linda Liu
Microsoft Online Community Support
 
Back
Top