-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Non-support of PrincipalPermissionAttribute #31279
Comments
The methods for creating partial trust context throw or do not exist at all in .NET Core. For example, If your ported program depends on partial trust permissions, you will get an error much earlier, long before these permission attributes would come into play. |
This isn't about partial trust. The following is perfectly valid permission enforcement in a .NET Framework business class. It compiles just fine in .NET Core but fails the essential task of controlling access:
|
@jkotas This makes me think we should obsolete some types (like |
Quite possibly all of the CAS-related attributes, now that I think more on it. If you manually new up a permission object and call |
I fully support marking all CAS-related APIs as obsolete, once we get the more fine grained controls for obsolete warnings in place. |
Related: #1698 (comment), which ponders the consequences of a "fail open" policy where developers don't expect it. |
As best I can determine from my own test code (against 3.0.0) and as mentioned in #17693, PrincipalPermissionAttribute exists as a type but has no effect. MSDN also states "This attribute has no effect in .NET Core."
This seems dangerous, as a user porting existing code might expect that, if the attribute compiles, that it also functions. Since the purpose of this attribute is security, the consequences of a false assumption could be significant.
Is it a well-considered opinion that the attribute should exist yet be non-functional (not even a compiler warning...) or is this a decision warranting review?
The text was updated successfully, but these errors were encountered: