Sunday, February 19, 2012

Custom assembly security

Hi
I have a function that checks if a user is in a Windows domain group. (John
is in Administrator group?). What kind of security permissions is required
to execute my function?
<'')> _
Public Shared Function UserIsInGroup(ByVal Group As String) As String
Dim currentIdentity As WindowsIdentity = WindowsIdentity.GetCurrent()
......
End Function
Thanks
AndresAs outlined on MSDN, the GetCurrent() call requires security permissions
with the ControlPrincipal flag. See also:
*
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassGetCurrentTopic.asp
*
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemSecurityPermissionsSecurityPermissionFlagClassTopic.asp
Embedded code in a report has ExecutionOnly permission (open
rssrvpolicy.config and search for the CodeGroup with the
name="Report_Expressions_Default_Permissions").
You might consider one of these:
* move the code into a custom assembly, give the custom assembly the
required permissions and assert(!) the permission in the custom assembly
methods prior to invoking .GetCurrent().
* or give the CodeGroup for report expressions more default permissions
(which is not recommended).
However, before modifying any configuration files and security permissions I
recommend to backup your current config files and read the MSDN article
about code security in RS:
http://msdn.microsoft.com/library/?url=/library/en-us/dnsql2k/html/dngrfCodeAccessSecurityInSQLServer2000ReportingServices.asp
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"afontan" <andres.fontan@.alcuadrado.com> wrote in message
news:eiAsm6PeEHA.2812@.tk2msftngp13.phx.gbl...
> Hi
> I have a function that checks if a user is in a Windows domain group.
(John
> is in Administrator group?). What kind of security permissions is required
> to execute my function?
> <'')> _
> Public Shared Function UserIsInGroup(ByVal Group As String) As String
> Dim currentIdentity As WindowsIdentity = WindowsIdentity.GetCurrent()
> ......
> End Function
> Thanks
> Andres
>

No comments:

Post a Comment