c# - Attribute Useage For Checking Method Permissions -


i'm trying implement security mechanism automatically test particular plugins permissions , method security privileges , i've gotten bit stuck on how working.

i've writing custom mef metadata attribute takes constructor property like:

params pluginpermission[] permission 

this contains array of permissions plugin granted.

the pluginpermission class looks like:

pluginpermission.cs  public enum pluginpermission {     createusers,     deleteusers,     readpassword,     writepassword,     adduserstogroups,     addgroups,     deletegroups } 

i've written requiredpermissionattribute targets individual methods , takes 1 or more pluginpermission objects tell system permissions required individual method execute. these applied interface plugins like:

 ilicensingmanagement.cs   [requiredpermission(pluginpermission.createusers)]  bool adduser(string username); 

obviously if plugin doesn't have required permissions particular method method not executed.

what i'm stuck on how test method in requiredpermissionattribute class run before method executed , how gracefully exit execution if permissions requirements method not met plugin.

i looked @ xunit beforeaftertestattribute implementation seemed specific stuggled pull source code apart arrive @ solution.

i can't comment on mef specific things 1 thing keep in mind custom attributes nothing more "tags", not unless code checks them, example using reflection.

the beforeaftertestattribute of xunit works, because xunit uses reflection execute methods. when encounters attribute changes behavious accordingly.

attributes in .net framework namespace work because either clr checks them or compiler does.

i know doesn't answer question bit long put comment.

update: can access attributes using type if it's class or methodinfo if it's method, e.g.

methodinfo mi = /* method info */; attribute[] attrs = mi.getcustomattributes(typeof(requiredpermissionattribute), false); requiredpermissionattribute req = attrs.cast<requiredpermissionattribute>().firstordefault();  if ((req != null) && (/* current user not have required permission */)) throw new exception(); 

but not real security solution, developer can avoid these checks. i've briefly glanced @ postsharp maybe you.


Comments

Popular posts from this blog

Why does Ruby on Rails generate add a blank line to the end of a file? -

keyboard - Smiles and long press feature in Android -

node.js - Bad Request - node js ajax post -