I have a class attributed with
[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
public class MyProtectedClass { }
This works as expected and callers are denied access when the current principal is not authenticated. In one specific scenario, I want this logic short-circuited...that is, the caller should not need to be authenticated. One way of accomplishing this would certianly be to reset the Thread's CurrentPrincipal with a new one whose Identity's IsAuthenticated property is true...
However, I think I should be able to accomplish this by having the caller Assert
:
[PrincipalPermission(SecurityAction.Assert, Authenticated = true)]
public class MyExemptedCallerClass { }
This does not produce the desired effect, however and the method in MyExemptedCallerClass
still throws an exception trying to instantiate MyProtectedClass
.
Any ideas? Is there another/better way to accomplish this?
Thanks.