I'm trying to implement my custom security attribute. It's very simple for now
[Serializable]
[ComVisible(true)]
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = false)]
public class SecPermissionAttribute : CodeAccessSecurityAttribute
{
public SecPermissionAttribute(SecurityAction action) : base(action) { }
public override System.Security.IPermission CreatePermission()
{
IPermission perm = new PrincipalPermission(PermissionState.Unrestricted);
return perm;
}
}
For some reason I've got an exception in the attribute c'tor
System.IO.FileLoadException occurred
Message=The given assembly name or codebase, 'C:\WINDOWS\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll', was invalid.
Source=WcfRoleProviderTestService
StackTrace:
at SecLib.SecPermissionAttribute..ctor(SecurityAction action)
at WcfRoleProviderTestService.Service1.GetData(Int32 value) in D:\TestProjects\WcfRoleProviderTestService\WcfRoleProviderTestService\Service1.svc.cs:line 19
InnerException:
The dll is signed. It seems to me like a security issue but I'm not sure. By the way I tried to use PrincipalPermissionAttribute and it works fine. Forgot to say, I'm using VS 2010, FW 4.0, the attribute is concumed in the WCF service I'll be very glad to get some help.
My service configuration is the following
<system.web>
<compilation debug="true" defaultLanguage="c#" targetFramework="4.0" />
<roleManager enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES"
defaultProvider="MyRoleProvider">
<providers>
<clear />
<add connectionStringName="Service1" applicationName="InfraTest"
writeExceptionsToEventLog="false" name="MyRoleProvider" type="SecLib.MyRoleProvider, SecLib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=798c04e15cff851a" />
</providers>
</roleManager>
</system.web>
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBindingConfiguration" closeTimeout="00:01:00"
sendTimeout="00:10:00" maxBufferSize="524288" maxReceivedMessageSize="524288">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="WcfRoleProviderTestService.Service1"
behaviorConfiguration="BasicHttpServiceBehavior" >
<endpoint name="BasicHttpEndpoint"
contract="WcfRoleProviderTestService.IService1"
address="WcfAuthenticationTest"
binding="basicHttpBinding"
bindingConfiguration="BasicHttpBindingConfiguration" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="http://localhost/WcfRoleProviderTestService/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="BasicHttpServiceBehavior">
<serviceAuthorization principalPermissionMode="UseAspNetRoles"
roleProviderName="MyRoleProvider" impersonateCallerForAllOperations="true" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I've got the error both on Windows XP, IIS v5.1 and on Windows Server 2008 R2 IISV7.5 only if the WCF service is configured to use Windows Authentication (see the configuration above). On more interesting fact is that the error occured only if the attribute is used with the System.Security.Permissions.SecurityAction.Demand security action.
[OperationBehavior(Impersonation = ImpersonationOption.Allowed)]
[SecPermission(System.Security.Permissions.SecurityAction.Demand)]
public string GetData(int value)
{
string userName = ServiceSecurityContext.Current.WindowsIdentity.Name;
return string.Format("You entered: {0}, User {1}", value, userName);
}
Other options work fine. Thanks.
With a help of one of my colleagues, the problem has been soleved. I'm not sure what the exact reason of the exception was but it seems to be a compilation issue. When I changed the project type from web application to web site wich is compiled at run time according it's pool definition (64 or 32 bit) it started to work fine.