UrlAuthorizationModule.cs source code in C# .NET

                        
Code:
                         / DotNET / DotNET / 8.0 / untmp / whidbey / REDBITS / ndp / fx / src / xsp / System / Web / Security / UrlAuthorizationModule.cs / 4 / UrlAuthorizationModule.cs
                        

                        
                            //------------------------------------------------------------------------------ 
// 
//     Copyright (c) Microsoft Corporation.  All rights reserved.
// 
//----------------------------------------------------------------------------- 

/* 
 * UrlAuthorizationModule class 
 *
 * Copyright (c) 1999 Microsoft Corporation 
 */

namespace System.Web.Security {
    using System.Runtime.Serialization; 
    using System.Web;
    using System.Web.Util; 
    using System.Collections; 
    using System.Web.Configuration;
    using System.IO; 
    using System.Security.Principal;
    using System.Security.Permissions;
    using System.Web.Management;
    using System.Web.Hosting; 
    using System.Collections.Generic;
 
 

    ///  
    ///    This module provides URL based
    ///    authorization services for allowing or denying access to specified resources
    /// 
    [AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)] 
    public sealed class UrlAuthorizationModule : IHttpModule {
 
 
        /// 
        ///     
        ///       Initializes a new instance of the 
        ///       class.
        ///     
        ///  
        [SecurityPermission(SecurityAction.Demand, Unrestricted=true)]
        public UrlAuthorizationModule() { 
        } 

 
        /// 
        ///    [To be supplied.]
        /// 
        public void Init(HttpApplication app) { 
            app.AuthorizeRequest += new EventHandler(this.OnEnter);
        } 
 

        ///  
        ///    [To be supplied.]
        /// 
        public void Dispose() {
        } 

        private static bool s_EnabledDetermined; 
        private static bool s_Enabled; 

        [SecurityPermission(SecurityAction.Demand, Unrestricted=true)] 
        public static bool CheckUrlAccessForPrincipal(String virtualPath, IPrincipal user, string verb) {
            if (virtualPath == null)
                throw new ArgumentNullException("virtualPath");
            if (user == null) 
                throw new ArgumentNullException("user");
            if (verb == null) 
                throw new ArgumentNullException("verb"); 
            verb = verb.Trim();
 
            VirtualPath vPath = VirtualPath.Create(virtualPath);

            if (!vPath.IsWithinAppRoot)
                throw new ArgumentException(SR.GetString(SR.Virtual_path_outside_application_not_supported), "virtualPath"); 

            if (!s_EnabledDetermined) { 
                if( !HttpRuntime.UseIntegratedPipeline) { 
                    HttpModulesSection modulesSection = RuntimeConfig.GetConfig().HttpModules;
                    int len = modulesSection.Modules.Count; 
                    for (int iter = 0; iter < len; iter++) {
                        HttpModuleAction module = modulesSection.Modules[iter];
                        if (Type.GetType(module.Type, false) == typeof(UrlAuthorizationModule)) {
                            s_Enabled = true; 
                            break;
                        } 
                    } 
                }
                else { 
                    List modules = HttpApplication.IntegratedModuleList;
                    foreach (ModuleConfigurationInfo mod in modules) {
                        if (Type.GetType(mod.Type, false) == typeof(UrlAuthorizationModule)) {
                            s_Enabled = true; 
                            break;
                        } 
                    } 
                }
                s_EnabledDetermined = true; 
            }
            if (!s_Enabled)
                return true;
            AuthorizationSection settings = RuntimeConfig.GetConfig(vPath).Authorization; 

            // Check if the user is allowed, or the request is for the login page 
            return settings.EveryoneAllowed || settings.IsUserAllowed(user, verb); 
        }
 
        ////////////////////////////////////////////////////////////
        ////////////////////////////////////////////////////////////
        ////////////////////////////////////////////////////////////
        // Module Enter: Get the authorization configuration section 
        //    and see if this user is allowed or not
        void OnEnter(Object source, EventArgs eventArgs) { 
            HttpApplication    app; 
            HttpContext        context;
 
            app = (HttpApplication)source;
            context = app.Context;
            if (context.SkipAuthorization)
            { 
                if (context.User == null || !context.User.Identity.IsAuthenticated)
                    PerfCounters.IncrementCounter(AppPerfCounter.ANONYMOUS_REQUESTS); 
                return; 
            }
 
            // Get the authorization config object
            AuthorizationSection settings = RuntimeConfig.GetConfig(context).Authorization;

            // Check if the user is allowed, or the request is for the login page 
            if (!settings.EveryoneAllowed && !settings.IsUserAllowed(context.User, context.Request.RequestType))
            { 
                // Deny access 
                context.Response.StatusCode = 401;
                WriteErrorMessage(context); 

                if (context.User != null && context.User.Identity.IsAuthenticated) {
                    // We don't raise failure audit event for anonymous user
                    WebBaseEvent.RaiseSystemEvent(this, WebEventCodes.AuditUrlAuthorizationFailure); 
                }
                app.CompleteRequest(); 
            } 
            else
            { 
                if (context.User == null || !context.User.Identity.IsAuthenticated)
                    PerfCounters.IncrementCounter(AppPerfCounter.ANONYMOUS_REQUESTS);

                WebBaseEvent.RaiseSystemEvent(this, WebEventCodes.AuditUrlAuthorizationSuccess); 
            }
        } 
 
        /////////////////////////////////////////////////////////////////////////////
        void WriteErrorMessage(HttpContext context) { 
            context.Response.Write(UrlAuthFailedErrorFormatter.GetErrorText());
            // In Integrated pipeline, ask for handler headers to be generated.  This would be unnecessary
            // if we just threw an access denied exception, and used the standard error mechanism
            context.Response.GenerateResponseHeadersForHandler(); 
        }
 
        static internal bool RequestRequiresAuthorization(HttpContext context) { 
            if (context.SkipAuthorization)
                return false; 

            AuthorizationSection settings = RuntimeConfig.GetConfig(context).Authorization;

            // Check if the anonymous user is allowed 
            if (_AnonUser == null)
                _AnonUser = new GenericPrincipal(new GenericIdentity(String.Empty, String.Empty), new String[0]); 
 
            return !settings.IsUserAllowed(_AnonUser, context.Request.RequestType);
        } 

        internal static bool IsUserAllowedToPath(HttpContext context, VirtualPath virtualPath)
        {
            AuthorizationSection settings = RuntimeConfig.GetConfig(context, virtualPath).Authorization; 

            return settings.EveryoneAllowed || settings.IsUserAllowed(context.User, context.Request.RequestType); 
        } 

        static GenericPrincipal _AnonUser; 
    }
}

 

 


                        

                        

                        
                        

Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK

• PassportAuthenticationEventArgs.cs
• FileSecurity.cs
• InputLanguage.cs
• DbProviderFactories.cs
• MetafileHeaderWmf.cs
• WorkflowMarkupElementEventArgs.cs
• EventWaitHandle.cs
• RangeBase.cs
• DiscreteKeyFrames.cs
• NativeMethods.cs
• ElementsClipboardData.cs
• ImmutableObjectAttribute.cs
• LambdaCompiler.Address.cs
• WinFormsComponentEditor.cs
• TwoPhaseCommitProxy.cs
• ListBox.cs
• Span.cs
• ObjectCacheSettings.cs
• HostedHttpContext.cs
• WebPartEditorApplyVerb.cs
• CachedRequestParams.cs
• Token.cs
• NavigationFailedEventArgs.cs
• Vector3DKeyFrameCollection.cs
• Validator.cs
• ASCIIEncoding.cs
• TableCell.cs
• DataGridCellsPanel.cs
• HttpCapabilitiesBase.cs
• DockPanel.cs
• NumericExpr.cs
• ProfessionalColorTable.cs
• X509InitiatorCertificateClientElement.cs
• XmlSchemaComplexContentExtension.cs
• InvalidDataException.cs
• FixedElement.cs
• StylusTip.cs
• NetworkAddressChange.cs
• DataSvcMapFile.cs
• WebPartEditorApplyVerb.cs
• WebException.cs
• HtmlLabelAdapter.cs
• XPathNode.cs
• ExclusiveHandleList.cs
• XmlIlGenerator.cs
• RelationshipEndCollection.cs
• XmlText.cs
• Tracking.cs
• DocumentScope.cs
• PanningMessageFilter.cs
• ErrorWebPart.cs
• HttpHandlersSection.cs
• QueryOptionExpression.cs
• BackgroundWorker.cs
• FieldToken.cs
• EntityDataSourceDataSelectionPanel.cs
• ConstantCheck.cs
• AddInToken.cs
• WebServiceTypeData.cs
• RowToParametersTransformer.cs
• StatusStrip.cs
• SecurityStandardsManager.cs
• WebConfigurationHostFileChange.cs
• ConnectionManagementSection.cs
• HtmlElement.cs
• WebConfigManager.cs
• WebPartMenu.cs
• SystemException.cs
• PriorityQueue.cs
• MailHeaderInfo.cs
• OleDbError.cs
• DebugControllerThread.cs
• _FixedSizeReader.cs
• DoubleAnimationClockResource.cs
• Synchronization.cs
• HostedImpersonationContext.cs
• TdsParserSessionPool.cs
• ParallelTimeline.cs
• DependencyPropertyHelper.cs
• StickyNoteAnnotations.cs
• DefaultDiscoveryService.cs
• SelectedDatesCollection.cs
• MenuCommands.cs
• EntityCollection.cs
• ValueTypeIndexerReference.cs
• DataListItem.cs
• SqlDataSourceCache.cs
• ProcessModelSection.cs
• FloatUtil.cs
• ExpressionsCollectionConverter.cs
• Pen.cs
• XmlUtil.cs
• IDReferencePropertyAttribute.cs
• HtmlControlPersistable.cs
• XXXOnTypeBuilderInstantiation.cs
• RankException.cs
• _AutoWebProxyScriptEngine.cs
• TextRangeEdit.cs
• AppSettingsExpressionBuilder.cs
• SingleObjectCollection.cs