When you create a principalpermission, the user named must
be in the the role named.
dim myPerm as new PrincipalPermission("myUser", "myGroup")
myPerm.Demand
'' Demand will fail if the user is "myUser" but is not in
the group "myGroup"
I don not believe you can extend permissions through code,
you can only further restrict the existing permissions.
Assert vs Demand
With assert, the immediate caller must have permission to
access the resources.
With Demand, every caller on the stack must have access to
the resources.
I think if assert fails, demand will always fail.
Does this sound right to the rest of the group? If it's
not right, please correct me.
>-----Original Message-----
>hi,
>i have two questions about permissions , hope someone can
>help:
>
>1- generic principal vs impersonate
>2- linkDemand vs Assert
>
>1- if I impersonate an administrator on a computer, or i
>created a generic principal with the role of
>administrator, wouldn't that be the same ?
>
>2-
>Assert method: Declares that the calling code can access
>the resource protected by a permission demand through the
>code that calls this method, even if callers higher in
>the stack have not been granted permission to access the
>resource.
>
>LinkDemand method:
>The immediate caller is required to have been granted the
>specified permission.
>
>in the assert method, the immediate caller can or can't
>access resources even if the immediate caller doesn't
>have the permission ?
>.
>
|
Similar Threads
