none
PrincipalPermssion.Demand() always failing RRS feed

  • Question

  • I'm on Windows 7.
    My app works fine on Windows XP, Windows Server 2003, windows Server 2008 and Vista.
    However, on Windows 7, the following code (role == 'BUILTIN\Administrators'):

                string role = ConfigurationManager.AppSettings["PermittedRole"];
                var perm = new PrincipalPermission(null, role);
                perm.Demand();

    always fails with a permission denied exception.

    The following always returns false, regardless of the role.

                bool permitted = Thread.CurrentPrincipal.IsInRole(role);

    Any ideas as to why this would happen on Windows 7?

    Thanks,

    Kevin


    good night and good luck
    • Moved by Dustin Metzgar Thursday, October 15, 2009 4:22 PM Looks like a CAS issue since this repros without WCF. (From:Windows Communication Foundation)
    Friday, September 25, 2009 10:20 PM

Answers

All replies

  • Oh, and by the way, this happens regardless of what role I use.
    And I am a local administrator on the machine in question.

    good night and good luck
    Friday, September 25, 2009 10:24 PM
  • Have you explicitly set Thread.CurrentPrincipal somewhere earlier? 

    like

    Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());

    HTH

    Dominick Baier | thinktecture | http://www.leastprivilege.com
    Saturday, September 26, 2009 9:57 AM
  • Definitely now.
    This is the first thing I call in my WCF service method.

    kevin

    good night and good luck
    Saturday, September 26, 2009 4:00 PM
  • Well - this is not correct. Because this will set the service identity on Thread.CurrentPrincipal - i assume you want the client identity.

    Is the principalPermissionMode set to Windows in the service authorization behavior?

    Another thing you could try is to create the WindowsPrincipal from ServiceSecurityContext.Current.WindowsIdentity.


    Dominick Baier | thinktecture | http://www.leastprivilege.com
    Saturday, September 26, 2009 4:03 PM
  • Sorry.

    I meant definitely not.
    I don't set the service identity anywhere.
    The first thing I call is the call to PrincipalPermission.Demand().
    Really strange.
    It won't work at all.
    Anyone from MSFT know what might be going on?
    This is really bad.

    Thanks,

    Kevin

    good night and good luck
    Monday, September 28, 2009 11:56 PM
  • I tried this on Win7 in both the ASP.Net web server and IIS 7 and cannot repro the problem.  What happens if you use the PrincipalPermission attribute instead?  Would you be able to provide some repro code with the config file?

    Wednesday, September 30, 2009 8:30 PM
  • I am running the server as a windows service with the network service identity.
    I can provide the code for you if you want to check it out.
    Can you give me your email address?
    If you don't want to post it here, you can send me and email at EMAIL REMOVED

    Thanks,

    Kevin

    good night and good luck
    Saturday, October 3, 2009 3:01 AM
  • Hi Kevin, you can send your code to dmetzgar at microsoft.

    Monday, October 5, 2009 8:02 PM
  • Moved this over to the CLR forum since this occurs without WCF.
    Thursday, October 15, 2009 4:24 PM
  • Reproduced by this reply:
    http://social.msdn.microsoft.com/Forums/en-US/clr/thread/74ecab10-7efb-4c35-a9da-62d8240bb1cb
    Best regards,
    Riquel
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Monday, January 25, 2010 7:38 AM
    Moderator