The PrincipalPermissionAttribute can be used on any class
within an application. So in addition to using it within your business
and data layers, you can also use it within ASP.NET pages or user-controls you
author in your site as well. For example, to enforce that your
"MyPage" page can only be used by those within the
"Manager" role, you could add a PrincipalPermission attribute to the
code-behind of it (below done in VB):
Listing 2
Imports System.Security.Permissions
<PrincipalPermission(SecurityAction.Demand, Authenticated:=True, Role:="Manager")> _
Partial Class MyPage
Inherits System.Web.UI.Page
End Class