I was playing with Attributes to understand when they were created and found they were only created when someone looked for them.
So I'd guess you'd need to ensure something does "reevaluate" the attribute. I'd guess you might have to mark the attribute, or its usage, in some way as not "permanent" for code access purposes. On 4 March 2013 13:47, Stephen Price <step...@perthprojects.com> wrote: > Hey all, > > I've written a custom attribute that duplicates the behaviour of > PrincipalPermissionAttribute (It checks the user roles against my own > Authentication service instead of looking at the Thread.CurrentPrincipal) > > I've noticed that it works but only seems to check the first time you access > the method its decorating. Its like it assumes it has permission first time > so will have access from then on. Problem being if the user logs out and > logs back in as someone who isn't in the correct role, it doesn't check and > lets them in when if it were to check, it would fail. > > Is there some kind of message or something to signal that the > CodeAccessSecurityAttribute (the one i'm inheriting as > PrincipalPermissionAttribute is sealed) should reevaluate it? Not even sure > what to search for on Google... I've found a couple of similar > implementations but nothing mentions this issue that I've found. > > cheers, > Stephen -- Regards, Mark Hurd, B.Sc.(Ma.)(Hons.)
