views:

44

answers:

0

I have a class attributed with

[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
 public class MyProtectedClass { }

This works as expected and callers are denied access when the current principal is not authenticated. In one specific scenario, I want this logic short-circuited...that is, the caller should not need to be authenticated. One way of accomplishing this would certianly be to reset the Thread's CurrentPrincipal with a new one whose Identity's IsAuthenticated property is true...

However, I think I should be able to accomplish this by having the caller Assert:

[PrincipalPermission(SecurityAction.Assert, Authenticated = true)]
 public class MyExemptedCallerClass { }

This does not produce the desired effect, however and the method in MyExemptedCallerClass still throws an exception trying to instantiate MyProtectedClass.

Any ideas? Is there another/better way to accomplish this?

Thanks.