PrincipalPermssion.Demand() always failing RRS feed

  • Question

  • I'm on Windows 7.
    My app works fine on Windows XP, Windows Server 2003, windows Server 2008 and Vista.
    However, on Windows 7, the following code (role == 'BUILTIN\Administrators'):

                string role = ConfigurationManager.AppSettings["PermittedRole"];
                var perm = new PrincipalPermission(null, role);

    always fails with a permission denied exception.

    The following always returns false, regardless of the role.

                bool permitted = Thread.CurrentPrincipal.IsInRole(role);

    Any ideas as to why this would happen on Windows 7?



    good night and good luck
    • Moved by Dustin Metzgar Thursday, October 15, 2009 4:22 PM Looks like a CAS issue since this repros without WCF. (From:Windows Communication Foundation)
    Friday, September 25, 2009 10:20 PM


All replies

  • Oh, and by the way, this happens regardless of what role I use.
    And I am a local administrator on the machine in question.

    good night and good luck
    Friday, September 25, 2009 10:24 PM
  • Have you explicitly set Thread.CurrentPrincipal somewhere earlier? 


    Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());


    Dominick Baier | thinktecture |
    Saturday, September 26, 2009 9:57 AM
  • Definitely now.
    This is the first thing I call in my WCF service method.


    good night and good luck
    Saturday, September 26, 2009 4:00 PM
  • Well - this is not correct. Because this will set the service identity on Thread.CurrentPrincipal - i assume you want the client identity.

    Is the principalPermissionMode set to Windows in the service authorization behavior?

    Another thing you could try is to create the WindowsPrincipal from ServiceSecurityContext.Current.WindowsIdentity.

    Dominick Baier | thinktecture |
    Saturday, September 26, 2009 4:03 PM
  • Sorry.

    I meant definitely not.
    I don't set the service identity anywhere.
    The first thing I call is the call to PrincipalPermission.Demand().
    Really strange.
    It won't work at all.
    Anyone from MSFT know what might be going on?
    This is really bad.



    good night and good luck
    Monday, September 28, 2009 11:56 PM
  • I tried this on Win7 in both the ASP.Net web server and IIS 7 and cannot repro the problem.  What happens if you use the PrincipalPermission attribute instead?  Would you be able to provide some repro code with the config file?

    Wednesday, September 30, 2009 8:30 PM
  • I am running the server as a windows service with the network service identity.
    I can provide the code for you if you want to check it out.
    Can you give me your email address?
    If you don't want to post it here, you can send me and email at EMAIL REMOVED



    good night and good luck
    Saturday, October 3, 2009 3:01 AM
  • Hi Kevin, you can send your code to dmetzgar at microsoft.

    Monday, October 5, 2009 8:02 PM
  • Moved this over to the CLR forum since this occurs without WCF.
    Thursday, October 15, 2009 4:24 PM
  • Reproduced by this reply:
    Best regards,
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Monday, January 25, 2010 7:38 AM