[Mono-bugs] [Bug 59683][Min] Changed - Setting Context.User does not update Thread.CurrentPrincipal

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Tue, 8 Jun 2004 02:26:39 -0400 (EDT)

Previous message: [Mono-bugs] [Bug 59688][Blo] Changed - Critical Bug causing large HTTP POSTs to fail in Internet Explorer
Next message: [Mono-bugs] [Bug 59683][Min] Changed - Setting Context.User does not update Thread.CurrentPrincipal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by rainer.burgstaller@web.de.

http://bugzilla.ximian.com/show_bug.cgi?id=59683

--- shadow/59683	2004-06-07 15:13:58.000000000 -0400
+++ shadow/59683.tmp.31861	2004-06-08 02:26:39.000000000 -0400
@@ -89,6 +89,47 @@
 	}
 }
 
 
 Please close the bug if this fix the problem (or re-open with more
 details). Thanks.
+
+------- Additional Comments From rainer.burgstaller@web.de  2004-06-08 02:26 -------
+I'm sorry, I thought that bugzilla would keep the original filename. 
+It is a tar.bz2 file containing a small web application which uses 
+authentication with the described feature.
+
+Furthermore I think that the SecurityException for the 
+PrincipalPermission is fine since it verifies the Thread.
+CurrentPrincipal (which was not updated) for being in the requested 
+role. Since Thread.CurrentPrincipal is not in this role, it throws an 
+exception.
+
+Here is the exception I get
+
+System.Security.SecurityException: invalid Principal
+in <0x0033e> System.Security.Permissions.PrincipalPermission:Demand ()
+in <0x00035> test.Menu:Secure_Click (object,System.EventArgs)
+in <0x0005a> (wrapper delegate-invoke) System.MulticastDelegate:
+invoke_void_object_EventArgs (object,System.EventArgs)
+in <0x000a0> System.Web.UI.WebControls.Button:OnClick (System.
+EventArgs)
+in <0x00058> System.Web.UI.WebControls.Button:System.Web.UI.
+IPostBackEventHandler.RaisePostBackEvent (string)
+in <0x00016> System.Web.UI.Page:RaisePostBackEvent (System.Web.UI.
+IPostBackEventHandler,string)
+in <0x0003e> System.Web.UI.Page:RaisePostBackEvents ()
+in <0x002b6> System.Web.UI.Page:InternalProcessRequest ()
+in <0x0008d> System.Web.UI.Page:ProcessRequest (System.Web.
+HttpContext)
+in <0x00327> ExecuteHandlerState:Execute ()
+in <0x00084> StateMachine:ExecuteState (System.Web.
+HttpApplication/IStateHandler,bool&)
+
+
+Coming back to the sample:
+Simply extract it somewhere you want type "make" to build and then run 
+xsp. Try to access http://localhost:8080/menu.aspx and you should get 
+a FromsLogin. Type in anything you want and then you get to the menu.
+aspx there you can try to hit the "dosomethingsecure" button and check 
+the result. If there is the exception (stated above) then the bug is 
+still there, if it works fine then its fixed.

Previous message: [Mono-bugs] [Bug 59688][Blo] Changed - Critical Bug causing large HTTP POSTs to fail in Internet Explorer
Next message: [Mono-bugs] [Bug 59683][Min] Changed - Setting Context.User does not update Thread.CurrentPrincipal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]