Custom attribute and execute method

Question

I have created custom attribute as:

[System.AttributeUsage(System.AttributeTargets.All, AllowMultiple = true)]
public class CustomPermission : Attribute
{
    public CustomPermission (string perName)
    {
        this._name= perName;
    }
    protected String _name;
    public String Name
    {
        get
        {
            return this._name;
        }
    }       
}

I have this attribute on my method as:

[CustomPermission("Allowed")]
public void GetData()
{
   //only comes here if permisson is allowed
   //logic for db 
}

I want whenever a call is made to GetData it automatically checks for the CustomPermission attribute over the method and accordingly grants/deny access.

How can I do that?

Thanks

sounds like Permission should be a Property of the Type so it can vary by instance rather than applying to all objects instanced from that Type — Ňɏssa Pøngjǣrdenlarp, Mar 17 '15 at 13:23
You need to implement custom `CodeAccessSecurityAttribute` More [here](https://msdn.microsoft.com/en-us/library/yctbsyf4%28v=vs.90%29.aspx) — Sriram Sakthivel, Mar 17 '15 at 13:24
@Daniel That's not what OP is asking. He's asking about Code access security. — Sriram Sakthivel, Mar 17 '15 at 13:26

Matt Burland · Answer 1 · 2015-03-17T13:50:21.117

1

You are probably going about this the wrong way altogether, but to access the metadata in your method, you'd have to do something like this:

[CustomPermission("Allowed")]
public void GetData()
{
   var mi = MethodInfo.GetCurrentMethod();
   var attr = mi.GetCustomAttribute<CustomPermission>();
   // now attr contains your CustomPermission
   if (attr.Name == "Allowed") 
   {
       //only comes here if permisson is allowed
       //logic for db 
   }
}

This is obviously a bit ugly and can be optimized some by storing the attribute somewhere so you don't have to find it every time. But either way, as others have commented, I don't think this is going to ultimately achieve what you want to do.

edited Mar 17 '15 at 13:50

answered Mar 17 '15 at 13:31

Matt Burland

44,552
18
99
171

1

You can simplify this a lot - `MethodInfo.GetCurrentMethod()` is a lot less fragile and a lot nicer. And you'd probably have a validation helper method, so the full code might look like `if (!ValidatePermissions(MethodInfo.GetCurentMethod())) throw new NotAuthorizedException();` or something like that. Not all that painful. Combine with aspect-style coding (modify the resulting binary to add the checks automatically), and you're quite fine. – Luaan Mar 17 '15 at 13:41
@Luaan: Good call on the static `MethodInfo.GetCurrentMethod`. To be honest, I didn't know about it because I don't usually find the need to get method info inside of a method. – Matt Burland Mar 17 '15 at 13:51
Yeah, it's not useful all that often. It is quite handy for smart logging and similar applications, though. – Luaan Mar 17 '15 at 13:58
Thanks for the inputs. So just to give a little more background. The above method would be a method in wcf service. This method would be called via JS/angular. So as soon a call is made to my method it automatically checks for the custom attribute to check for permission and accordingly proceeds further. In the code given by matt the code is fine but this i have to write in all my methods. I was looking for a way for code to automatically look for attribute, not sure if its possible in the way I am looking – user1563677 Mar 17 '15 at 16:29

score 0 · Answer 2 · answered Mar 17 '15 at 13:30

To my understanding, what you would like to achieve is impossible to do with attributes. The best security that is possible with your approach would be to use reflection to look for the attribute before a client calls the method; however, this way the client decides whether it actually respects the restricted access rights or not, which is not access control.

Custom attribute and execute method

2 Answers2