1. David Roberts
  2. Loremipsum.Security.Permissions



A declarative way to require role authorization stored in your config file.

Inspired by a request during Miguel Castro's "WCF Security Demystified" session at DevConnections Fall 2011, for a way to use the System.Security.PrincipalPermissionAttribute without having to hard code the Role.

Available on NuGet

Install-Package Loremipsum.Security.Permissions

or from the nuget.exe command line.

> nuget.exe install Loremipsum.Security.Permissions

Using the ConfiguredPrincipalPermissionAttribute

Just apply the attribute to your method or class that you want to require authorization on just like you would do with the PrincipalPermissionAttribute.

[ConfiguredPrincipalPermission(SecurityAction.Assert, RoleKey = "HumanResources")]

In the above example "HumanResources" is the key to a value in your config file appSettings section.

    <add key="HumanResources" value="HR-MANAGERS,HR-PAYROLLERS"/>

The value of the specified appSetting can be a single role name or multiple comma separated role names. Each role will have it's own principal permission check. If the setting specified by the RoleKey does not exist in your appSettings or it is blank then the permission applied will throw a SecurityException.

Yes I only provided a role in the permission. (and future thoughts)

I agree with Miguel Castro in that specifing a single user in a permission is a very bad idea and hard to manage. So I have decided to not allow for that ability at this time. If there is enough feedback wanting it then it might be added in the future. I am considering adding a custom configuration section and would appreciate any feedback or code contributions.

Why Loremipsum?

Just as Lorem ipsum is used in content to direct focus to the layout and not the meaning, I wanted to direct focus to the project and not the namespace 'organization'. That and I couldn't think of anything else that I liked, it's also somewhat generic so as not to tie to me individually.