securityaction

Understanding .NET's "SecurityAction" parameter for permissions

Can anyone explain the meaning of and purposes of the values for the SecurityAction enum? The MSDN page is not terribly clear. It says LinkDemand occurs at just-in-time compilation whereas Demand occurs at runtime. Why the distinction and in what situations would I use LinkDemand as opposed to Demand? Likewise, what are the use cases ...

SecurityAction.RequestOptional: How to know what permissions to request

Trying to use SecurityAction.RequestOptional (recommended as a best practice in a study guide for exam 70-536), and running into problems. My understanding of RequestOptional is that if you use it, you must explicitly declare all other permissions your app will use. From the MSDN: The RequestOptional flag enables you to request a se...

Catching ASP.Net MVC Principle Permission attribute exceptions

Hi, I would like to secure my MVC controller actions using... [PrincipalPermission(SecurityAction.Demand, Role="Administrator")] However, if the user is not in this role then a SecurityException "Request for principal permission failed." is thrown by the code. There seems to be no way to handle this error, even [Handle] error wont ca...

Role Based Authorization in .NET with PrincipalPermission and SecurityAction.Assert

I have a class attributed with [PrincipalPermission(SecurityAction.Demand, Authenticated = true)] public class MyProtectedClass { } This works as expected and callers are denied access when the current principal is not authenticated. In one specific scenario, I want this logic short-circuited...that is, the caller should not need to...