Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set a multilanguage PrincipalPermission role name?

I'm trying to secure a WCF service using windows accounts. The service should run on many systems with different languages. How can i set a PrincipalPermission that has language independent role names?

I found ugly workarounds like this one.

[PrincipalPermission(SecurityAction.Demand, Role = "Builtin\\Administrators")] // English
[PrincipalPermission(SecurityAction.Demand, Role = "Vordefiniert\\Administratoren")] // German
public string HelloWorld()
{
    return "Hello";
}

I don't think this is a good solution, is there any way to make this language independent? Is there a way to use the account SID instead of a string?

like image 307
Franz P. Avatar asked May 04 '09 14:05

Franz P.


2 Answers

You could roll your own permission attribute which handles the translation:

 [Serializable, AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = true, Inherited = false), ComVisible(true)] 
 public sealed class AdministratorPrincipalPermissionAttribute : CodeAccessSecurityAttribute 
 {  
    public AdministratorPrincipalPermissionAttribute(SecurityAction action) : base(action)
    { }

    public override IPermission CreatePermission()
    {
       var identifier = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
       var role = identifier.Translate(typeof(NTAccount)).Value;
       return new PrincipalPermission(null, role);
    }
 }

Please note that this would require some extra deployment effort (gac, caspol etc.).

like image 167
Sven Künzler Avatar answered Sep 18 '22 13:09

Sven Künzler


One more try: Have a look at http://msdn.microsoft.com/en-us/library/system.security.principal.windowsbuiltinrole.aspx .... and go to the sample . There you can use the BuiltIn enumeration members to get the correctly spelled group name (via the API)... then it should be language neutral.

HTH, Thomas

like image 37
Tomcat Avatar answered Sep 18 '22 13:09

Tomcat