I wonder if anyone could help. I'm trying to use a custom Principal (with custom Identity) for security. This all works fine for logging in, out etc. I am now trying to limit access to unauthorised users within my code as follows:
[PrincipalPermission(SecurityAction.Demand, Role = "Buyer")]
Again, all is fine there. Except I need some more complicated rules, something along the lines of "Allow Admins. Allow Buyers, provided they have the correct department ID and are allowed to see this customer's credentials". All of that information exists within a database.
How can I go about doing this?
Any help appreciated.
View Complete Post