This post and comments can now be found on my new blog here
UPDATE: ok, so it's tomorrow, and I haven't done the post... however I have uploaded the files. You can get the source here. Tomorrow, I promise, I'll put up a post describing how I built the code, what issues there were, and how to use it.
Tomorrow I’ll be posting some code I’ve been working on that allow the use of declarative attributes to secure blocks of code, and uses Enterprise Library’s authorization model to do so. An example line in VB.NET would be:
< AuthorizationPermission(SecurityAction.Demand, Context:="OrderBooks" > _
Public Sub OrderBooks()
End Sub
This is somewhat equivalent to the PrincipalPermission attribute, but uses (in this case the default) IAuthorizationProvider instance obtained through the enterprise library provider model.
The code will show a few things:
1) How to use the authorization API of enterprise library
2) How to build custom security attributes
3) How to get around the problem of security attributes having to be strong named, but the default install of enterprise library does not use strong naming. (Remember that a strongly named assembly may only reference other strongly named assemblies).
This can be used as part of a defence in depth strategy, typically to secure business methods. One of the great advantages to using security attributes is the ability to use permview to dump which methods in which assemblies require which authorities. This allows a high degree of security visibility and checking.