Code:
/ FXUpdate3074 / FXUpdate3074 / 1.1 / DEVDIV / depot / DevDiv / releases / whidbey / QFE / ndp / fx / src / xsp / System / Web / Configuration / AuthorizationRule.cs / 3 / AuthorizationRule.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- namespace System.Web.Configuration { using System; using System.Xml; using System.Configuration; using System.Collections.Specialized; using System.Collections; using System.Globalization; using System.IO; using System.Text; using System.Security.Principal; using System.Web.Util; using System.ComponentModel; using System.Security.Permissions; [AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)] public sealed class AuthorizationRule : ConfigurationElement { private static readonly TypeConverter s_PropConverter = new CommaDelimitedStringCollectionConverter(); private static ConfigurationPropertyCollection _properties; private static readonly ConfigurationProperty _propVerbs = new ConfigurationProperty("verbs", typeof(CommaDelimitedStringCollection), null, s_PropConverter, null, ConfigurationPropertyOptions.None); private static readonly ConfigurationProperty _propUsers = new ConfigurationProperty("users", typeof(CommaDelimitedStringCollection), null, s_PropConverter, null, ConfigurationPropertyOptions.None); private static readonly ConfigurationProperty _propRoles = new ConfigurationProperty("roles", typeof(CommaDelimitedStringCollection), null, s_PropConverter, null, ConfigurationPropertyOptions.None); private AuthorizationRuleAction _Action = AuthorizationRuleAction.Allow; internal string _ActionString = AuthorizationRuleAction.Allow.ToString(); private string _ElementName = "allow"; private CommaDelimitedStringCollection _Roles = null; private CommaDelimitedStringCollection _Verbs = null; private CommaDelimitedStringCollection _Users = null; private StringCollection _RolesExpanded; private StringCollection _UsersExpanded; private char[] _delimiters = { ',' }; private string machineName = null; private const String _strAnonUserTag = "?"; private const String _strAllUsersTag = "*"; private bool _AllUsersSpecified = false; private bool _AnonUserSpecified = false; private bool DataReady = false; private bool _Everyone = false; internal bool Everyone { get { return _Everyone; } } private bool _ActionModified = false; static AuthorizationRule() { // Property initialization _properties = new ConfigurationPropertyCollection(); // If updating, _properties.Add(_propVerbs); _properties.Add(_propUsers); _properties.Add(_propRoles); } internal AuthorizationRule() { } public AuthorizationRule(AuthorizationRuleAction action) : this() { Action = action; } protected override ConfigurationPropertyCollection Properties { get { return _properties; } } protected override void Unmerge(ConfigurationElement sourceElement, ConfigurationElement parentElement, ConfigurationSaveMode saveMode) { AuthorizationRule parentProviders = parentElement as AuthorizationRule; AuthorizationRule sourceProviders = sourceElement as AuthorizationRule; if (parentProviders != null) { parentProviders.UpdateUsersRolesVerbs(); } if (sourceProviders != null) { sourceProviders.UpdateUsersRolesVerbs(); } base.Unmerge(sourceElement, parentElement, saveMode); } protected override void Reset(ConfigurationElement parentElement) { AuthorizationRule parentProviders = parentElement as AuthorizationRule; if (parentProviders != null) { parentProviders.UpdateUsersRolesVerbs(); } base.Reset(parentElement); EvaluateData(); } internal void AddRole(string role) { if (!String.IsNullOrEmpty(role)) { role = role.ToLower(CultureInfo.InvariantCulture); } Roles.Add(role); RolesExpanded.Add(ExpandName(role)); } internal void AddUser(string user) { if (!String.IsNullOrEmpty(user)) { user = user.ToLower(CultureInfo.InvariantCulture); } Users.Add(user); UsersExpanded.Add(ExpandName(user)); } private void UpdateUsersRolesVerbs() { CommaDelimitedStringCollection roles; CommaDelimitedStringCollection users; CommaDelimitedStringCollection verbs; roles = (CommaDelimitedStringCollection)Roles; users = (CommaDelimitedStringCollection)Users; verbs = (CommaDelimitedStringCollection)Verbs; if (roles.IsModified) { _RolesExpanded = null; // throw away old collection and force a new one to be created base[_propRoles] = roles; // Update property bag } if (users.IsModified) { _UsersExpanded = null; // throw away old collection and force a new one to be created base[_propUsers] = users; // Update property bag } if (verbs.IsModified) { base[_propVerbs] = verbs; // Update property bag } } protected override bool IsModified() { UpdateUsersRolesVerbs(); return _ActionModified || base.IsModified() || (((CommaDelimitedStringCollection)Users).IsModified) || (((CommaDelimitedStringCollection)Roles).IsModified) || (((CommaDelimitedStringCollection)Verbs).IsModified); } protected override void ResetModified() { _ActionModified = false; base.ResetModified(); } public override bool Equals(object obj) { AuthorizationRule o = obj as AuthorizationRule; bool bRet = false; if (o != null) { UpdateUsersRolesVerbs(); bRet = (o.Verbs.ToString() == Verbs.ToString() && o.Roles.ToString() == Roles.ToString() && o.Users.ToString() == Users.ToString() && o.Action == Action); } return bRet; } public override int GetHashCode() { string __verbs = Verbs.ToString(); string __roles = Roles.ToString(); string __users = Users.ToString(); if (__verbs == null) { __verbs = String.Empty; } if (__roles == null) { __roles = String.Empty; } if (__users == null) { __users = String.Empty; } int hHashCode = HashCodeCombiner.CombineHashCodes(__verbs.GetHashCode(), __roles.GetHashCode(), __users.GetHashCode(), (int)Action); return hHashCode; } protected override void SetReadOnly() { ((CommaDelimitedStringCollection)Users).SetReadOnly(); ((CommaDelimitedStringCollection)Roles).SetReadOnly(); ((CommaDelimitedStringCollection)Verbs).SetReadOnly(); base.SetReadOnly(); } ////// // // No Configuration properties are set on this property because its supposed to be hidden to tools. // public AuthorizationRuleAction Action { get { return _Action; } set { _ElementName = value.ToString().ToLower(CultureInfo.InvariantCulture); _Action = value; _ActionString = _Action.ToString(); _ActionModified = true; } } ///Defines the action that needs to be taken if the rule is satisfied. /// ////// [ConfigurationProperty("verbs")] [TypeConverter(typeof(CommaDelimitedStringCollectionConverter))] public StringCollection Verbs { get { if (_Verbs == null) { CommaDelimitedStringCollection propertyBagValue; propertyBagValue = (CommaDelimitedStringCollection)base[_propVerbs]; if (propertyBagValue == null) { _Verbs = new CommaDelimitedStringCollection(); } else { // Clone it so we don't give back same mutable // object as possibly parent _Verbs = propertyBagValue.Clone(); } } return (StringCollection)_Verbs; } } ///Defines a list of verbs needed to satisfy the rule /// ////// [ConfigurationProperty("users")] [TypeConverter(typeof(CommaDelimitedStringCollectionConverter))] public StringCollection Users { get { if (_Users == null) { CommaDelimitedStringCollection propertyBagValue; propertyBagValue = (CommaDelimitedStringCollection)base[_propUsers]; if (propertyBagValue == null) { _Users = new CommaDelimitedStringCollection(); } else { // Clone it so we don't give back same mutable // object as possibly parent _Users = propertyBagValue.Clone(); } _UsersExpanded = null; // throw away old collection and force a new one to be created } return (StringCollection)_Users; } } [ConfigurationProperty("roles")] [TypeConverter(typeof(CommaDelimitedStringCollectionConverter))] public StringCollection Roles { get { if (_Roles == null) { CommaDelimitedStringCollection propertyBagValue; propertyBagValue = (CommaDelimitedStringCollection)base[_propRoles]; if (propertyBagValue == null) { _Roles = new CommaDelimitedStringCollection(); } else { // Clone it so we don't give back same mutable // object as possibly parent _Roles = propertyBagValue.Clone(); } _RolesExpanded = null; // throw away old collection and force a new one to be created } return (StringCollection)_Roles; } } internal StringCollection UsersExpanded { get { if (_UsersExpanded == null) { _UsersExpanded = CreateExpandedCollection(Users); } return _UsersExpanded; } } internal StringCollection RolesExpanded { get { if (_RolesExpanded == null) { _RolesExpanded = CreateExpandedCollection(Roles); } return _RolesExpanded; } } protected override bool SerializeElement(XmlWriter writer, bool serializeCollectionKey) { bool DataToWrite = false; UpdateUsersRolesVerbs(); // the ismodifed can be short circuited if (base.SerializeElement(null, false) == true) { if (writer != null) { writer.WriteStartElement(_ElementName); DataToWrite |= base.SerializeElement(writer, false); writer.WriteEndElement(); } else DataToWrite |= base.SerializeElement(writer, false); } return DataToWrite; } private string ExpandName(string name) { string ExpandedName = name; if (StringUtil.StringStartsWith(name, @".\")) { if (machineName == null) { machineName = HttpServerUtility.GetMachineNameInternal().ToLower(CultureInfo.InvariantCulture); } ExpandedName = machineName + name.Substring(1); } return ExpandedName; } private StringCollection CreateExpandedCollection(StringCollection collection) { StringCollection ExpandedCollection = new StringCollection(); foreach (string name in collection) { string ExpandedName = ExpandName(name); ExpandedCollection.Add(ExpandedName); } return ExpandedCollection; } private void EvaluateData() { if (DataReady == false) { if (Users.Count > 0) { foreach (string User in Users) { if (User.Length > 1) { int foundIndex = User.IndexOfAny(new char[] { '*', '?' }); if (foundIndex >= 0) { throw new ConfigurationErrorsException(SR.GetString(SR.Auth_rule_names_cant_contain_char, User[foundIndex].ToString(CultureInfo.InvariantCulture))); } } if (User.Equals(_strAllUsersTag)) { _AllUsersSpecified = true; } if (User.Equals(_strAnonUserTag)) { _AnonUserSpecified = true; } } } if (Roles.Count > 0) { foreach (string Role in Roles) { if (Role.Length > 0) { int foundIndex = Role.IndexOfAny(new char[] { '*', '?' }); if (foundIndex >= 0) { throw new ConfigurationErrorsException(SR.GetString(SR.Auth_rule_names_cant_contain_char, Role[foundIndex].ToString(CultureInfo.InvariantCulture))); } } } } _Everyone = (_AllUsersSpecified && (Verbs.Count == 0)); _RolesExpanded = CreateExpandedCollection(Roles); _UsersExpanded = CreateExpandedCollection(Users); if (Roles.Count == 0 && Users.Count == 0) { throw new ConfigurationErrorsException(SR.GetString(SR.Auth_rule_must_specify_users_andor_roles)); } DataReady = true; } } internal bool IncludesAnonymous { get { EvaluateData(); return (_AnonUserSpecified && Verbs.Count == 0); } } protected override void PreSerialize(XmlWriter writer) { EvaluateData(); } protected override void PostDeserialize() { EvaluateData(); } ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// // 0 => Don't know, 1 => Yes, -1 => No internal int IsUserAllowed(IPrincipal user, String verb) { EvaluateData(); int answer = ((Action == AuthorizationRuleAction.Allow) ? 1 : -1); // return value if this rule applies if (Everyone) { return answer; } /////////////////////////////////////////////////// // Step 1: Make sure the verbs match if (!FindVerb(verb)) { return 0; } ////////////////////////////////////////////////// // Step 2a: See if the rule applies to all users if (_AllUsersSpecified) { // All users specified return answer; } ////////////////////////////////////////////////// // Step 2b: See if the rule applies to anonymous user and this user is anonymous if (_AnonUserSpecified && !user.Identity.IsAuthenticated) { return answer; } ////////////////////////////////////////////////// // Step 3: Is user is WindowsIdentity, use the expanded // set of users and roles StringCollection users; StringCollection roles; if (user.Identity is WindowsIdentity) { users = UsersExpanded; roles = RolesExpanded; } else { users = Users; roles = Roles; } //////////////////////////////////////////////////// // Step 4: See if the user is specified if (users.Count > 0 && FindUser(users, user.Identity.Name)) { return answer; } //////////////////////////////////////////////////// // Step 5: See if the user is in any specified role if (roles.Count > 0 && IsTheUserInAnyRole(roles, user)) { return answer; } // Rule doesn't apply return 0; } ///////////////////////////////////////////////////////////////////////// private bool FindVerb(String verb) { if (Verbs.Count < 1) { return true; // No verbs specified => all verbs are allowed } foreach (string sVerb in Verbs) { if (String.Equals(sVerb, verb, StringComparison.OrdinalIgnoreCase)) { return true; } } return false; } private bool FindUser(StringCollection users, String principal) { foreach (string user in users) { if (String.Equals(user, principal, StringComparison.OrdinalIgnoreCase)) { return true; } } return false; } private bool IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) { if (HttpRuntime.NamedPermissionSet != null && HttpRuntime.ProcessRequestInApplicationTrust) { HttpRuntime.NamedPermissionSet.PermitOnly(); } foreach (string role in roles) { if (principal.IsInRole(role)) { return true; // Found it! } } // Not in any specified role return false; } } // class AuthorizationRule } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved. //------------------------------------------------------------------------------ //Defines a list of users authorized for this rule. /// ///// Copyright (c) Microsoft Corporation. All rights reserved. // //----------------------------------------------------------------------------- namespace System.Web.Configuration { using System; using System.Xml; using System.Configuration; using System.Collections.Specialized; using System.Collections; using System.Globalization; using System.IO; using System.Text; using System.Security.Principal; using System.Web.Util; using System.ComponentModel; using System.Security.Permissions; [AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)] public sealed class AuthorizationRule : ConfigurationElement { private static readonly TypeConverter s_PropConverter = new CommaDelimitedStringCollectionConverter(); private static ConfigurationPropertyCollection _properties; private static readonly ConfigurationProperty _propVerbs = new ConfigurationProperty("verbs", typeof(CommaDelimitedStringCollection), null, s_PropConverter, null, ConfigurationPropertyOptions.None); private static readonly ConfigurationProperty _propUsers = new ConfigurationProperty("users", typeof(CommaDelimitedStringCollection), null, s_PropConverter, null, ConfigurationPropertyOptions.None); private static readonly ConfigurationProperty _propRoles = new ConfigurationProperty("roles", typeof(CommaDelimitedStringCollection), null, s_PropConverter, null, ConfigurationPropertyOptions.None); private AuthorizationRuleAction _Action = AuthorizationRuleAction.Allow; internal string _ActionString = AuthorizationRuleAction.Allow.ToString(); private string _ElementName = "allow"; private CommaDelimitedStringCollection _Roles = null; private CommaDelimitedStringCollection _Verbs = null; private CommaDelimitedStringCollection _Users = null; private StringCollection _RolesExpanded; private StringCollection _UsersExpanded; private char[] _delimiters = { ',' }; private string machineName = null; private const String _strAnonUserTag = "?"; private const String _strAllUsersTag = "*"; private bool _AllUsersSpecified = false; private bool _AnonUserSpecified = false; private bool DataReady = false; private bool _Everyone = false; internal bool Everyone { get { return _Everyone; } } private bool _ActionModified = false; static AuthorizationRule() { // Property initialization _properties = new ConfigurationPropertyCollection(); // If updating, _properties.Add(_propVerbs); _properties.Add(_propUsers); _properties.Add(_propRoles); } internal AuthorizationRule() { } public AuthorizationRule(AuthorizationRuleAction action) : this() { Action = action; } protected override ConfigurationPropertyCollection Properties { get { return _properties; } } protected override void Unmerge(ConfigurationElement sourceElement, ConfigurationElement parentElement, ConfigurationSaveMode saveMode) { AuthorizationRule parentProviders = parentElement as AuthorizationRule; AuthorizationRule sourceProviders = sourceElement as AuthorizationRule; if (parentProviders != null) { parentProviders.UpdateUsersRolesVerbs(); } if (sourceProviders != null) { sourceProviders.UpdateUsersRolesVerbs(); } base.Unmerge(sourceElement, parentElement, saveMode); } protected override void Reset(ConfigurationElement parentElement) { AuthorizationRule parentProviders = parentElement as AuthorizationRule; if (parentProviders != null) { parentProviders.UpdateUsersRolesVerbs(); } base.Reset(parentElement); EvaluateData(); } internal void AddRole(string role) { if (!String.IsNullOrEmpty(role)) { role = role.ToLower(CultureInfo.InvariantCulture); } Roles.Add(role); RolesExpanded.Add(ExpandName(role)); } internal void AddUser(string user) { if (!String.IsNullOrEmpty(user)) { user = user.ToLower(CultureInfo.InvariantCulture); } Users.Add(user); UsersExpanded.Add(ExpandName(user)); } private void UpdateUsersRolesVerbs() { CommaDelimitedStringCollection roles; CommaDelimitedStringCollection users; CommaDelimitedStringCollection verbs; roles = (CommaDelimitedStringCollection)Roles; users = (CommaDelimitedStringCollection)Users; verbs = (CommaDelimitedStringCollection)Verbs; if (roles.IsModified) { _RolesExpanded = null; // throw away old collection and force a new one to be created base[_propRoles] = roles; // Update property bag } if (users.IsModified) { _UsersExpanded = null; // throw away old collection and force a new one to be created base[_propUsers] = users; // Update property bag } if (verbs.IsModified) { base[_propVerbs] = verbs; // Update property bag } } protected override bool IsModified() { UpdateUsersRolesVerbs(); return _ActionModified || base.IsModified() || (((CommaDelimitedStringCollection)Users).IsModified) || (((CommaDelimitedStringCollection)Roles).IsModified) || (((CommaDelimitedStringCollection)Verbs).IsModified); } protected override void ResetModified() { _ActionModified = false; base.ResetModified(); } public override bool Equals(object obj) { AuthorizationRule o = obj as AuthorizationRule; bool bRet = false; if (o != null) { UpdateUsersRolesVerbs(); bRet = (o.Verbs.ToString() == Verbs.ToString() && o.Roles.ToString() == Roles.ToString() && o.Users.ToString() == Users.ToString() && o.Action == Action); } return bRet; } public override int GetHashCode() { string __verbs = Verbs.ToString(); string __roles = Roles.ToString(); string __users = Users.ToString(); if (__verbs == null) { __verbs = String.Empty; } if (__roles == null) { __roles = String.Empty; } if (__users == null) { __users = String.Empty; } int hHashCode = HashCodeCombiner.CombineHashCodes(__verbs.GetHashCode(), __roles.GetHashCode(), __users.GetHashCode(), (int)Action); return hHashCode; } protected override void SetReadOnly() { ((CommaDelimitedStringCollection)Users).SetReadOnly(); ((CommaDelimitedStringCollection)Roles).SetReadOnly(); ((CommaDelimitedStringCollection)Verbs).SetReadOnly(); base.SetReadOnly(); } ////// // // No Configuration properties are set on this property because its supposed to be hidden to tools. // public AuthorizationRuleAction Action { get { return _Action; } set { _ElementName = value.ToString().ToLower(CultureInfo.InvariantCulture); _Action = value; _ActionString = _Action.ToString(); _ActionModified = true; } } ///Defines the action that needs to be taken if the rule is satisfied. /// ////// [ConfigurationProperty("verbs")] [TypeConverter(typeof(CommaDelimitedStringCollectionConverter))] public StringCollection Verbs { get { if (_Verbs == null) { CommaDelimitedStringCollection propertyBagValue; propertyBagValue = (CommaDelimitedStringCollection)base[_propVerbs]; if (propertyBagValue == null) { _Verbs = new CommaDelimitedStringCollection(); } else { // Clone it so we don't give back same mutable // object as possibly parent _Verbs = propertyBagValue.Clone(); } } return (StringCollection)_Verbs; } } ///Defines a list of verbs needed to satisfy the rule /// ////// [ConfigurationProperty("users")] [TypeConverter(typeof(CommaDelimitedStringCollectionConverter))] public StringCollection Users { get { if (_Users == null) { CommaDelimitedStringCollection propertyBagValue; propertyBagValue = (CommaDelimitedStringCollection)base[_propUsers]; if (propertyBagValue == null) { _Users = new CommaDelimitedStringCollection(); } else { // Clone it so we don't give back same mutable // object as possibly parent _Users = propertyBagValue.Clone(); } _UsersExpanded = null; // throw away old collection and force a new one to be created } return (StringCollection)_Users; } } [ConfigurationProperty("roles")] [TypeConverter(typeof(CommaDelimitedStringCollectionConverter))] public StringCollection Roles { get { if (_Roles == null) { CommaDelimitedStringCollection propertyBagValue; propertyBagValue = (CommaDelimitedStringCollection)base[_propRoles]; if (propertyBagValue == null) { _Roles = new CommaDelimitedStringCollection(); } else { // Clone it so we don't give back same mutable // object as possibly parent _Roles = propertyBagValue.Clone(); } _RolesExpanded = null; // throw away old collection and force a new one to be created } return (StringCollection)_Roles; } } internal StringCollection UsersExpanded { get { if (_UsersExpanded == null) { _UsersExpanded = CreateExpandedCollection(Users); } return _UsersExpanded; } } internal StringCollection RolesExpanded { get { if (_RolesExpanded == null) { _RolesExpanded = CreateExpandedCollection(Roles); } return _RolesExpanded; } } protected override bool SerializeElement(XmlWriter writer, bool serializeCollectionKey) { bool DataToWrite = false; UpdateUsersRolesVerbs(); // the ismodifed can be short circuited if (base.SerializeElement(null, false) == true) { if (writer != null) { writer.WriteStartElement(_ElementName); DataToWrite |= base.SerializeElement(writer, false); writer.WriteEndElement(); } else DataToWrite |= base.SerializeElement(writer, false); } return DataToWrite; } private string ExpandName(string name) { string ExpandedName = name; if (StringUtil.StringStartsWith(name, @".\")) { if (machineName == null) { machineName = HttpServerUtility.GetMachineNameInternal().ToLower(CultureInfo.InvariantCulture); } ExpandedName = machineName + name.Substring(1); } return ExpandedName; } private StringCollection CreateExpandedCollection(StringCollection collection) { StringCollection ExpandedCollection = new StringCollection(); foreach (string name in collection) { string ExpandedName = ExpandName(name); ExpandedCollection.Add(ExpandedName); } return ExpandedCollection; } private void EvaluateData() { if (DataReady == false) { if (Users.Count > 0) { foreach (string User in Users) { if (User.Length > 1) { int foundIndex = User.IndexOfAny(new char[] { '*', '?' }); if (foundIndex >= 0) { throw new ConfigurationErrorsException(SR.GetString(SR.Auth_rule_names_cant_contain_char, User[foundIndex].ToString(CultureInfo.InvariantCulture))); } } if (User.Equals(_strAllUsersTag)) { _AllUsersSpecified = true; } if (User.Equals(_strAnonUserTag)) { _AnonUserSpecified = true; } } } if (Roles.Count > 0) { foreach (string Role in Roles) { if (Role.Length > 0) { int foundIndex = Role.IndexOfAny(new char[] { '*', '?' }); if (foundIndex >= 0) { throw new ConfigurationErrorsException(SR.GetString(SR.Auth_rule_names_cant_contain_char, Role[foundIndex].ToString(CultureInfo.InvariantCulture))); } } } } _Everyone = (_AllUsersSpecified && (Verbs.Count == 0)); _RolesExpanded = CreateExpandedCollection(Roles); _UsersExpanded = CreateExpandedCollection(Users); if (Roles.Count == 0 && Users.Count == 0) { throw new ConfigurationErrorsException(SR.GetString(SR.Auth_rule_must_specify_users_andor_roles)); } DataReady = true; } } internal bool IncludesAnonymous { get { EvaluateData(); return (_AnonUserSpecified && Verbs.Count == 0); } } protected override void PreSerialize(XmlWriter writer) { EvaluateData(); } protected override void PostDeserialize() { EvaluateData(); } ///////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////// // 0 => Don't know, 1 => Yes, -1 => No internal int IsUserAllowed(IPrincipal user, String verb) { EvaluateData(); int answer = ((Action == AuthorizationRuleAction.Allow) ? 1 : -1); // return value if this rule applies if (Everyone) { return answer; } /////////////////////////////////////////////////// // Step 1: Make sure the verbs match if (!FindVerb(verb)) { return 0; } ////////////////////////////////////////////////// // Step 2a: See if the rule applies to all users if (_AllUsersSpecified) { // All users specified return answer; } ////////////////////////////////////////////////// // Step 2b: See if the rule applies to anonymous user and this user is anonymous if (_AnonUserSpecified && !user.Identity.IsAuthenticated) { return answer; } ////////////////////////////////////////////////// // Step 3: Is user is WindowsIdentity, use the expanded // set of users and roles StringCollection users; StringCollection roles; if (user.Identity is WindowsIdentity) { users = UsersExpanded; roles = RolesExpanded; } else { users = Users; roles = Roles; } //////////////////////////////////////////////////// // Step 4: See if the user is specified if (users.Count > 0 && FindUser(users, user.Identity.Name)) { return answer; } //////////////////////////////////////////////////// // Step 5: See if the user is in any specified role if (roles.Count > 0 && IsTheUserInAnyRole(roles, user)) { return answer; } // Rule doesn't apply return 0; } ///////////////////////////////////////////////////////////////////////// private bool FindVerb(String verb) { if (Verbs.Count < 1) { return true; // No verbs specified => all verbs are allowed } foreach (string sVerb in Verbs) { if (String.Equals(sVerb, verb, StringComparison.OrdinalIgnoreCase)) { return true; } } return false; } private bool FindUser(StringCollection users, String principal) { foreach (string user in users) { if (String.Equals(user, principal, StringComparison.OrdinalIgnoreCase)) { return true; } } return false; } private bool IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) { if (HttpRuntime.NamedPermissionSet != null && HttpRuntime.ProcessRequestInApplicationTrust) { HttpRuntime.NamedPermissionSet.PermitOnly(); } foreach (string role in roles) { if (principal.IsInRole(role)) { return true; // Found it! } } // Not in any specified role return false; } } // class AuthorizationRule } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.Defines a list of users authorized for this rule. /// ///
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- SessionSwitchEventArgs.cs
- WebServiceResponseDesigner.cs
- CryptoProvider.cs
- AlphabeticalEnumConverter.cs
- Decimal.cs
- dbdatarecord.cs
- RadioButtonFlatAdapter.cs
- DuplexChannel.cs
- DiagnosticTrace.cs
- AutomationTextAttribute.cs
- ComboBox.cs
- TemplatePropertyEntry.cs
- SHA256Managed.cs
- DrawingState.cs
- smtpconnection.cs
- DisplayInformation.cs
- ProxyHelper.cs
- ColorContextHelper.cs
- TreeNode.cs
- DNS.cs
- _UriSyntax.cs
- TemplateKey.cs
- XmlElementAttribute.cs
- ScrollProperties.cs
- CompositionDesigner.cs
- ImageAnimator.cs
- FileLoadException.cs
- SqlReorderer.cs
- SafeLocalMemHandle.cs
- ResXResourceReader.cs
- ToolStripDropDownClosingEventArgs.cs
- X509SubjectKeyIdentifierClause.cs
- InputBinder.cs
- FileDialogPermission.cs
- SizeAnimation.cs
- DoubleAnimationUsingKeyFrames.cs
- RedBlackList.cs
- DoubleStorage.cs
- MasterPageParser.cs
- OdbcCommandBuilder.cs
- KnownTypes.cs
- MessageQueueInstaller.cs
- NativeActivityFaultContext.cs
- LinqDataSourceDisposeEventArgs.cs
- FlowDocumentPageViewerAutomationPeer.cs
- Matrix3D.cs
- ClientConfigurationSystem.cs
- ClientSettingsSection.cs
- ArgumentException.cs
- ProjectedWrapper.cs
- EnumerableCollectionView.cs
- ItemCollection.cs
- Inflater.cs
- ArgumentValueSerializer.cs
- SiteMapNodeCollection.cs
- WeakReference.cs
- __Error.cs
- LinearGradientBrush.cs
- SoapHeaderException.cs
- HTTPNotFoundHandler.cs
- PreProcessInputEventArgs.cs
- PropertyTabChangedEvent.cs
- EmptyEnumerator.cs
- SymbolEqualComparer.cs
- HttpHeaderCollection.cs
- AdornerDecorator.cs
- CompositionTarget.cs
- SystemInfo.cs
- __TransparentProxy.cs
- HashAlgorithm.cs
- LogStore.cs
- WebDisplayNameAttribute.cs
- XmlHierarchicalEnumerable.cs
- Vector3DAnimation.cs
- ExtensionSurface.cs
- ParserContext.cs
- MetricEntry.cs
- MarkupObject.cs
- XslCompiledTransform.cs
- ViewCellSlot.cs
- Evidence.cs
- RequestResponse.cs
- PackageStore.cs
- DataGridColumnsPage.cs
- CachedRequestParams.cs
- RTTypeWrapper.cs
- ReflectionServiceProvider.cs
- ConfigXmlWhitespace.cs
- SharedUtils.cs
- ClientUtils.cs
- ServiceNameCollection.cs
- ProxyWebPartConnectionCollection.cs
- RegexReplacement.cs
- CompoundFileStorageReference.cs
- TextElementAutomationPeer.cs
- CssStyleCollection.cs
- RelatedImageListAttribute.cs
- BookmarkScopeManager.cs
- Mappings.cs
- UDPClient.cs