SYSLIB0002: PrincipalPermissionAttribute is obsolete

The PrincipalPermissionAttribute constructor is obsolete and produces compile-time error SYSLIB0002, starting in .NET 5. You cannot instantiate this attribute or apply it to a method.

Unlike other obsoletion warnings, you can't suppress the error.

Workarounds

• If you're applying the attribute to an ASP.NET MVC action method:

  Consider using ASP.NET's built-in authorization infrastructure. The following code demonstrates how to annotate a controller with an AuthorizeAttribute attribute. The ASP.NET runtime will authorize the user before performing the action.

  using Microsoft.AspNetCore.Authorization;
  
  namespace MySampleApp
  {
      [Authorize(Roles = "Administrator")]
      public class AdministrationController : Controller
      {
          public ActionResult MyAction()
          {
              // This code won't run unless the current user
              // is in the 'Administrator' role.
          }
      }
  }
  

  For more information, see Role-based authorization in ASP.NET Core and Introduction to authorization in ASP.NET Core.

• If you're applying the attribute to library code outside the context of a web app:

  Perform the checks manually at the beginning of your method by calling the IPrincipal.IsInRole(String) method.

  using System.Threading;
  
  void DoSomething()
  {
      if (Thread.CurrentPrincipal == null
          || !Thread.CurrentPrincipal.IsInRole("Administrators"))
      {
          throw new Exception("User is anonymous or isn't an admin.");
      }
  
      // Code that should run only when user is an administrator.
  }
  

See also

PrincipalPermissionAttribute is obsolete as error