Wanted: .NET equivalent of PermissionChecker component?

[Jens Weiermann]

Hi!

Anyone knows the ASP.NET equivalent of the PermissionChecker component that
shipped with IIS 5?
Basically, what it does is checking if the current user (using
impersonation!) has access to a specified file.
I've starting playing around with the FileIOPermission class, but this
doesn't seem to do what I need (or I don't understand it).

Any help would be appreciated!

Jens

 

[Sherif ElMetainy]

Hello

http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetauthorization.asp

Best regards,
Sherif

 

[Jens Weiermann]

Hi Sherif,

http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetauthorization.asp

thanks for the info! However, I don't know how this should help in my case.
I *do* know that the WorkerProcess will check if the requested resource is
accessible when the page is requested. But I'd like to be able to
*programmatically* check permissions to a specific resource.

I'm using the Infragistics WebMenu component to have a nice menu. However,
some users don't have access to certain pages linked to by the menu. So,
I'd like to enumerate the menu items and see if the user does have access,
and if not disable the linked menu item.

In ASP, I would have used the permission checker component to check this;
I'm in need of a .NET way to do this...

Thanks!
Jens

 

[Sherif ElMetainy]

Hello

If you are using impersonation, simply attempting to access the file by
openning it and catching the SecurityException can determine if the current
user has access or not.
This is a simple way, but not the most efficient. But you can cache the
results. For example, cache an array of files that the user can access, for
use in your menu.

bool HasFileAccess(string filename)
{
try
{
FileStream fs = new FileStream(filename, FileMode.Open,
FileAccess.Read, FileShare.ReadWrite);
fs.Close();
return true;
}
catch(SecurityException)
{
return false;
}
}

Otherwise I don't know of another way, except using Interop and calling
windows security API. Note that the above bethod will not work if you are
not using impersonation (i.e. the code is executing with the ASPNET
account).

Best regards,
Sherif

 

[Jens Weiermann]

Hi Sherif,

If you are using impersonation, simply attempting to access the file by
openning it and catching the SecurityException can determine if the current
user has access or not.

this is what I tried first - but doesn't behave like expected: If the user
doesn't have access to the file, the browser will open the "logon" window
again asking for another authentication; only if this is cancelled three
times, the exception is thrown. This is sure not what I want!

Otherwise I don't know of another way, except using Interop and calling
windows security API. Note that the above bethod will not work if you are
not using impersonation (i.e. the code is executing with the ASPNET
account).

Ok, I guess that's the way to go. Do you have more details on how this
could be done using API calls?

Thanks!
Jens