Databases
StackOverflow2013
Postsdbo
POHow do I manage access in Windows Identify Foundation without raising exceptions?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow do I manage access in Windows Identify Foundation without raising exceptions?
    text
    copied!<p>In the Windows Identity Foundation (WIF), there is a class called <code>ClaimsPrincipalPermission</code>. The documentation on MSDN is very sparse. It states:</p> <blockquote> <p>ClaimsPrincipalPermission represents the permission required to access a resource. ClaimsPrincipalPermission takes in a string that represents the resource to be accessed, and a string that represents the action to be performed on the resource. When Demand is called, the principal must have the permission to perform the specified action on the specified resource, or Demand throws an exception.</p> </blockquote> <p>This is cool. It allows me to set an attribute on a function and make it so that only authorized users can call that function. I have no trouble getting this functionality to work.</p> <p>However, there is another issue. I'm working on a web application with many features which only certain users are allowed to access. I wish to code my page to only display links to pages with functionality the logged in user is allowed to access.</p> <p>The only way I see to do this with ClaimsPrincipalPermission is to do the following:</p> <blockquote> <pre><code> Dim foo As ClaimsPrincipalPermission foo = New ClaimsPrincipalPermission(resource:="SECRET_FUNCTION", action:="EXECUTE") Try foo.Demand() response.write(Link_To_Execute_Secret_Function) Catch ex As Exception response.write("No access to Secret Function") End Try </code></pre> </blockquote> <p>My supervisor has made it very clear to me that such "coding by exception" is unacceptable. I'm certain that I could encapsulate this sort of thing in a small library, but I'd like to know how WIF is intended to be used for this.</p> <p>By the way, I am aware that WIF allows me to automatically check for access to specific web pages, but the architect of this project wants to specify names of functions to be restricted, not web page URLs.</p> <p>What's the best thing to do?</p> <p><b>UPDATE</b></p> <p>So far, the best thing I've found is to encapsulate the programming by exception to mitigate the consequences...</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload