Thread.CurrentPrincipal

  • Thread starter Thread starter Peter Larsen [CPH]
  • Start date Start date
P

Peter Larsen [CPH]

Hi,

I have a question about Thread.CurrentPrincipal and whether it is necessary
to set CurrentPricipal in code or not.
See the following sample:

public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
string s = GetTime();
}

[PrincipalPermission(SecurityAction.Demand,Role=@"DOMAIN\USERS")]
private string GetTime()
{
return DateTime.Now.ToString();
}
}

Running this code, will produce an exception, since CurrentPricipal return
an "empty" IPrincipal.
Setting CurrentPricipal myself (like the following samplecode) will do the
trick and GetTime() will be executed if i have the USERS role.

public Form1()
{
InitializeComponent();
Thread.CurrentPrincipal = new
WindowsPrincipal(WindowsIdentity.GetCurrent());
}

My question is - Is it really necessary to this, like the above sample, or
is there a better way (e.g. best practice) to handle a situation like this.

Thank you in advance.

BR
Peter
 
Hi Peter,

If you want to use Windows role-based authentication in your application,
then yes, you have to set the CurrentPrincipal to a WindowsPrincipal. The
Thread itself will not do it automatically for you because it doesn't know
what kind of authentication you want to use in your application.

Visual Basic.NET provides an Application Framework that does the same thing
based on the project setting. Then in its WindowsFormsApplicationBase
class's .ctor, it does something like this:

public WindowsFormsApplicationBase(AuthenticationMode authenticationMode)
{
this.m_MinimumSplashExposure = 0x7d0;
this.m_SplashLock = new object();
this.m_NetworkAvailChangeLock = new object();
this.m_Ok2CloseSplashScreen = true;
this.ValidateAuthenticationModeEnumValue(authenticationMode,
"authenticationMode");
if (authenticationMode == AuthenticationMode.Windows)
{
try
{
Thread.CurrentPrincipal = new
WindowsPrincipal(WindowsIdentity.GetCurrent());
}
catch (SecurityException)
{
}
}
this.m_AppContext = new WinFormsAppContext(this);
new UIPermission(UIPermissionWindow.AllWindows).Assert();
this.m_AppSyncronizationContext =
AsyncOperationManager.SynchronizationContext;
AsyncOperationManager.SynchronizationContext = new
WindowsFormsSynchronizationContext();
PermissionSet.RevertAssert();
}

C# doesn't provide such a framework directly (of course you can inherit
from the VB one and make your own); so you need to do it yourself.

Hope this makes it clear.

If you have any futher questions, please kindly let me know.

Thanks,
Jie Wang

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hi Jie,

Thank you for the reply.

Is this really working by desing ??
It seems strange since using
PrincipalPermissionAttribute(SecurityAction.....), is supposed to be best
practice, but it won't work if CurrentPricipal isn't set, right !!

/Peter
 
Hi Peter,

Yes, it won't work unless you set the value.

CurrentPrincipal property gets and sets an IPrincipal, that means it
doesn't necessarily require a WindowsPrincipal. It could be MyPrincipal,
YourPrincipal or ETPrincipal whatever implements the interface. So how
would .NET know what Principal to use by default? It just doesn't. So
someone must set it before it can be used.

VB.NET's application framework does the job for developers; ASP.NET has a
setting in config file and it sets the principal accordingly; and you have
to do it yourself in your C# WinForm application by default.

If you have any futher questions, please kindly let me know.

Best regards,
Jie Wang

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top