Home > Others

Considerations for using principalpermissionattribute of WCF Security

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

When using principalpermissionattribute for permission control, pay attention to the usage of principalpermissionattribute.

1. principalpermissionattribute can only act on classes or their methods.

Principalpermissionattribute does not apply to interfaces and interface methods. For example, when defining a service contract for WCF, principalpermissionattribute cannot be placed on the service interface or its method.

2. Class-level permission control takes precedence over method-level permission control.

Class-level permission control is implemented during class instantiation, while method-level permission control is implemented before method execution. For example, for a common class, you can control permissions at both the class level and the method level. The class-level control is executed first. Therefore, basic or common permissions can be placed on the class, while some methods can have different special permissions.

3. Permission control should be placed on the base class instead of any derived class.

You cannot add permission control on the level of the derived class. You can only add permission control on the override method in the derived class. The permission control on the override method also replaces the permission control of the method in the base class. For the new method, you need to add permission control like the basic method. The basis for whether the permission control takes effect is to check which method is executed.

4. principalpermissionattribute should be used for public methods rather than private methods.

Private methods are not indispensable, but they are prone to overlap for permission control and are not conducive to permission control at the framework level. The most ideal permission control, for an execution path (within a main thread), if there is no need for Branch and its permission control, only one permission control is the best, to avoid performance problems caused by permission control. The idea of COC can be used for reference on this issue.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More