[Mono-bugs] [Bug 82043][Nor] New - WebMethod and PrincipalPermission
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Sun Jul 8 15:10:35 EDT 2007
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by mmorano at mikeandwan.us.
http://bugzilla.ximian.com/show_bug.cgi?id=82043
--- shadow/82043 2007-07-08 15:10:35.000000000 -0400
+++ shadow/82043.tmp.19474 2007-07-08 15:10:35.000000000 -0400
@@ -0,0 +1,39 @@
+Bug#: 82043
+Product: Mono: Class Libraries
+Version: 1.2
+OS:
+OS Details:
+Status: NEW
+Resolution:
+Severity:
+Priority: Normal
+Component: Sys.Web.Services
+AssignedTo: atsushi at ximian.com
+ReportedBy: mmorano at mikeandwan.us
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL:
+Cc:
+Summary: WebMethod and PrincipalPermission
+
+I am trying to secure a simple web service by leveraging the existing forms
+authentication configured for an asp.net site, and was curious if the
+following is expected to work at this point:
+
+[WebMethod]
+[PrincipalPermission(SecurityAction.Demand, Authenticated=true, Role="admin")]
+public bool Test(int x, int y)
+{
+ return User.IsInRole("admin");
+}
+
+If a user is not authenticated, this webservice method returns false. If
+an admin user is authenticated and calls this webservice method, it returns
+true.
+
+In the first scenario, I would have expected a security exception to be
+raised, rather than executing the method and returning the value.
+
+
+Thanks,
+Mike
More information about the mono-bugs
mailing list