1

I have created custom attribute as:

[System.AttributeUsage(System.AttributeTargets.All, AllowMultiple = true)]
public class CustomPermission : Attribute
{
    public CustomPermission (string perName)
    {
        this._name= perName;
    }
    protected String _name;
    public String Name
    {
        get
        {
            return this._name;
        }
    }       
}

I have this attribute on my method as:

[CustomPermission("Allowed")]
public void GetData()
{
   //only comes here if permisson is allowed
   //logic for db 
}

I want whenever a call is made to GetData it automatically checks for the CustomPermission attribute over the method and accordingly grants/deny access.

How can I do that?

Thanks

Improve this question
4
  • 5
    This isn't how code access security works. Commented Mar 17, 2015 at 13:23
  • sounds like Permission should be a Property of the Type so it can vary by instance rather than applying to all objects instanced from that Type Commented Mar 17, 2015 at 13:23
  • You need to implement custom CodeAccessSecurityAttribute More here Commented Mar 17, 2015 at 13:24
  • @Daniel That's not what OP is asking. He's asking about Code access security. Commented Mar 17, 2015 at 13:26

2 Answers 2

Reset to default
1

You are probably going about this the wrong way altogether, but to access the metadata in your method, you'd have to do something like this:

[CustomPermission("Allowed")]
public void GetData()
{
   var mi = MethodInfo.GetCurrentMethod();
   var attr = mi.GetCustomAttribute<CustomPermission>();
   // now attr contains your CustomPermission
   if (attr.Name == "Allowed") 
   {
       //only comes here if permisson is allowed
       //logic for db 
   }
}

This is obviously a bit ugly and can be optimized some by storing the attribute somewhere so you don't have to find it every time. But either way, as others have commented, I don't think this is going to ultimately achieve what you want to do.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

You can simplify this a lot - MethodInfo.GetCurrentMethod() is a lot less fragile and a lot nicer. And you'd probably have a validation helper method, so the full code might look like if (!ValidatePermissions(MethodInfo.GetCurentMethod())) throw new NotAuthorizedException(); or something like that. Not all that painful. Combine with aspect-style coding (modify the resulting binary to add the checks automatically), and you're quite fine.
@Luaan: Good call on the static MethodInfo.GetCurrentMethod. To be honest, I didn't know about it because I don't usually find the need to get method info inside of a method.
Yeah, it's not useful all that often. It is quite handy for smart logging and similar applications, though.
Thanks for the inputs. So just to give a little more background. The above method would be a method in wcf service. This method would be called via JS/angular. So as soon a call is made to my method it automatically checks for the custom attribute to check for permission and accordingly proceeds further. In the code given by matt the code is fine but this i have to write in all my methods. I was looking for a way for code to automatically look for attribute, not sure if its possible in the way I am looking
0

To my understanding, what you would like to achieve is impossible to do with attributes. The best security that is possible with your approach would be to use reflection to look for the attribute before a client calls the method; however, this way the client decides whether it actually respects the restricted access rights or not, which is not access control.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.