Straight to a question for you.
Consider the following code, where you accept a caller key and a token request from a caller, to issue a security key for further requests? Note that we also have a minimal exclusion check, where we prevent certain callers from getting the admin permission. Now, the question. What is wrong with the code below? public enum SecurityToken
{
Admin,
Registered,
Anon
} public class SecurityGateway
{
public string GetSecurityKey(string callerKey,SecurityToken token)
{ //Prevent caller2 from getting the admin token
if (callerKey.Equals("secretcallerkey2")
&& token == SecurityToken.Admin)
return "Error: You can't request an admin token"; //Issue the token
switch (token)
{
case SecurityToken.Anon:
return "PermissionKeyForAnonymous";
case SecurityToken.Registered:
return "PermissionKeyForRegistered";
default:
return "PermissionKeyForAdmin";
}
}
}If you already found the issue, you may stop reading here. Otherwise, let us examine this in a bit detail. Assume that a caller, let us sayCaller1, is requesting a security key for leveraging admin permissions. SecurityGateway gateway = new SecurityGateway();
//Caller 1
var key = gateway.GetSecurityKey("secretcallerkey1", SecurityToken.Admin);
//key's value is PermissionKeyForAdmin for secretcallerkey1Read more: amazedsaint's .net journal
Consider the following code, where you accept a caller key and a token request from a caller, to issue a security key for further requests? Note that we also have a minimal exclusion check, where we prevent certain callers from getting the admin permission. Now, the question. What is wrong with the code below? public enum SecurityToken
{
Admin,
Registered,
Anon
} public class SecurityGateway
{
public string GetSecurityKey(string callerKey,SecurityToken token)
{ //Prevent caller2 from getting the admin token
if (callerKey.Equals("secretcallerkey2")
&& token == SecurityToken.Admin)
return "Error: You can't request an admin token"; //Issue the token
switch (token)
{
case SecurityToken.Anon:
return "PermissionKeyForAnonymous";
case SecurityToken.Registered:
return "PermissionKeyForRegistered";
default:
return "PermissionKeyForAdmin";
}
}
}If you already found the issue, you may stop reading here. Otherwise, let us examine this in a bit detail. Assume that a caller, let us sayCaller1, is requesting a security key for leveraging admin permissions. SecurityGateway gateway = new SecurityGateway();
//Caller 1
var key = gateway.GetSecurityKey("secretcallerkey1", SecurityToken.Admin);
//key's value is PermissionKeyForAdmin for secretcallerkey1Read more: amazedsaint's .net journal
Posts
0 comments:
Post a Comment