New Posts New Posts RSS Feed: RequiresRoles problem
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

RequiresRoles problem
 Post Reply Post Reply
Author
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
ands View Drop Down
Newbie
Newbie


Joined: 15-Apr-2011
Posts: 3 		Post Options Post Options   Quote ands Quote  Post ReplyReply Direct Link To This Post Topic: RequiresRoles problem
    Posted: 15-Apr-2011 at 2:51am
Hi

I've just started with DevForce, so maybe my lack of experience is the cause of misunderstanding.
I am trying to use declarative [RequiresRoles] in my class: 

[RequiresRoles("admin")]
public class EntityServerQueryManager : EntityServerQueryInterceptor {
}

My web.config configuration:
 <objectServer>
      <serverSettings useAspNetSecurityServices="true" allowAnonymousLogin="true" loginManagerRequired="true" />
 </objectServer>
...
 <system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
 </system.serviceModel>

Next I try fetch data (without login) and fill my datagrid.
I expect some exception (PersistenceSecurityException) but my datagrid show all records - Why ?
Principal is not authenticated and roles are empty.

When I change my class to identical (page 382 DeveloperGuide) :
public class EntityServerQueryManager : EntityServerQueryInterceptor {
protected override bool AuthorizeQuery() {
return Principal.IsInRole("admin");
}
}

I receive correct message about cancel operation.

I've tried with RequiresAuthentication also but I can still get data.

My DF version is 6.0.9 

Kind regards
Andrzej
Back to Top
robertg View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 15-Mar-2011
Location: California
Posts: 87 		Post Options Post Options   Quote robertg Quote  Post ReplyReply Direct Link To This Post Posted: 15-Apr-2011 at 12:09pm
Andrej,

There are several things this could be.

First, do you have roles required in your config? There should be a statement like:

<system.web>
  <roleManager enabled="true" />
</system.web>

The other possibility that comes to mind is that you don't have the rights of the roles specified properly. You can require particular roles for either CanQuery or CanSave on either the entity level, or in the query interceptor. I believe that in your case, you want to have entity-level authorization set. You can find information on this in the DRC at:

http://drc.ideablade.com/xwiki/bin/view/Documentation/authorize#HEntity-levelauthorization

-- Robert
Back to Top
ands View Drop Down
Newbie
Newbie


Joined: 15-Apr-2011
Posts: 3 		Post Options Post Options   Quote ands Quote  Post ReplyReply Direct Link To This Post Posted: 16-Apr-2011 at 1:36am

Hi

I agree with you that my example does not make much sense, and that certainly the better solution is to use entity-level Authorization, but I wanted in this way to discover and learn how it works
At the beginning I checked [RequiresAuthentication], but without positive result, then I tried [RequiresRoles ("admin ")].

For simplicity, I used your sample project from  \ 080_Security \ Silverlight \ Codecs \ ASPNET Membership with Registration
, where I changed:

1. Page.xaml.cs - line 136 //btnFetch.IsEnabled = false;
2. web.config
<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="ideablade.configuration" type="IdeaBlade.Core.Configuration.IdeaBladeSection, IdeaBlade.Core" />
  </configSections>
  <connectionStrings>
    <add name="NorthwindIBEntities" connectionString="metadata=res://*/Code.NorthwindIB.csdl|res://*/Code.NorthwindIB.ssdl|res://*/Code.NorthwindIB.msl;provider=System.Data.SqlClient;provider connection string=&quot;Data Source=.;Initial Catalog=NorthwindIB;Integrated Security=True;MultipleActiveResultSets=True&quot;" providerName="System.Data.EntityClient" />  
  </connectionStrings> 

  <ideablade.configuration version="6.00" xmlns="http://schemas.ideablade.com/2010/IdeaBladeConfig" >
    <logging logFile="log\DebugLog.xml"/>
    <objectServer>
      <serverSettings useAspNetSecurityServices="true"  allowAnonymousLogin="true" loginManagerRequired="true" />
    </objectServer>
  </ideablade.configuration>
  <system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
  </system.serviceModel>
  <system.web>
    <authentication mode="Forms"/>
    <roleManager enabled="true" />     
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
      </assemblies>
    </compilation>
  </system.web>
</configuration>

Based on the assumption, that the class EntityServerQueryManager has [RequiresAuthentication] option, recovery of data should not be possible.

... but the DataGrid shows records.

In addition I apply  [RequiresRoles ("admin")] effect is the same.

   [RequiresAuthentication]
   [RequiresRoles ("admin ")]
   public class EntityServerQueryManager: EntityServerQueryInterceptor {
   }

I’ve checked Can Query and Can Save properties on Customer entity, These are Default value


Why is this happening. Is there something I forgot?

Kind regards

Andrzej
Back to Top
ands View Drop Down
Newbie
Newbie


Joined: 15-Apr-2011
Posts: 3 		Post Options Post Options   Quote ands Quote  Post ReplyReply Direct Link To This Post Posted: 26-Apr-2011 at 12:09am
Hi,
Is this the tradition of this forum to wait for a reply half months ?????????
 
Kind regards
Andrzej
Back to Top
kimj View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 09-May-2007
Posts: 1391 		Post Options Post Options   Quote kimj Quote  Post ReplyReply Direct Link To This Post Posted: 26-Apr-2011 at 7:07am
Hi Andrzej,
 
The RequiresRoles attribute doesn't actually work when placed on the interceptor.  Our previous documentation was incorrect.  The DevForce Resource Center has the corrected information on where/when you can use this attribute.
 
In your case you may instead want to add some simple code to the interceptor's AuthorizeQuery, but there are other options too.  Here's more information - http://drc.ideablade.com/xwiki/bin/view/Documentation/authorize
 
 
Kim Johnson
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down