[Mono-bugs] [Bug 82043][Nor] New - WebMethod and PrincipalPermission

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Sun Jul 8 15:10:35 EDT 2007


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by mmorano at mikeandwan.us.

http://bugzilla.ximian.com/show_bug.cgi?id=82043

--- shadow/82043	2007-07-08 15:10:35.000000000 -0400
+++ shadow/82043.tmp.19474	2007-07-08 15:10:35.000000000 -0400
@@ -0,0 +1,39 @@
+Bug#: 82043
+Product: Mono: Class Libraries
+Version: 1.2
+OS: 
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: Sys.Web.Services
+AssignedTo: atsushi at ximian.com                            
+ReportedBy: mmorano at mikeandwan.us               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: WebMethod and PrincipalPermission
+
+I am trying to secure a simple web service by leveraging the existing forms
+authentication configured for an asp.net site, and was curious if the
+following is expected to work at this point:
+
+[WebMethod]
+[PrincipalPermission(SecurityAction.Demand, Authenticated=true,  Role="admin")]
+public bool Test(int x, int y)
+{
+    return User.IsInRole("admin");
+}
+
+If a user is not authenticated, this webservice method returns false.  If
+an admin user is authenticated and calls this webservice method, it returns
+true.
+
+In the first scenario, I would have expected a security exception to be
+raised, rather than executing the method and returning the value.
+
+
+Thanks,
+Mike


More information about the mono-bugs mailing list