Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / xsp / System / Web / Routing / PageRouteHandler.cs / 1305376 / PageRouteHandler.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//-----------------------------------------------------------------------------
namespace System.Web.Routing {
using System;
using System.Web.UI;
using System.Web.Compilation;
using System.Web.Security;
using System.Security;
using System.Security.Permissions;
using System.Security.Principal;
public class PageRouteHandler : IRouteHandler {
public PageRouteHandler(string virtualPath)
: this(virtualPath, true) {
}
public PageRouteHandler(string virtualPath, bool checkPhysicalUrlAccess) {
if (string.IsNullOrEmpty(virtualPath) || !virtualPath.StartsWith("~/", StringComparison.OrdinalIgnoreCase)) {
throw new ArgumentException(SR.GetString(SR.PageRouteHandler_InvalidVirtualPath), "virtualPath");
}
this.VirtualPath = virtualPath;
this.CheckPhysicalUrlAccess = checkPhysicalUrlAccess;
_useRouteVirtualPath = VirtualPath.Contains("{");
}
///
/// This is the full virtual path (using tilde syntax) to the WebForm page.
///
///
/// Needs to be thread safe so this is only settable via ctor.
///
public string VirtualPath { get; private set; }
///
/// Because we're not actually rewriting the URL, ASP.NET's URL Auth will apply
/// to the incoming request URL and not the URL of the physical WebForm page.
/// Setting this to true (default) will apply URL access rules against the
/// physical file.
///
/// True by default
public bool CheckPhysicalUrlAccess { get; private set; }
private bool _useRouteVirtualPath;
private Route _routeVirtualPath;
private Route RouteVirtualPath {
get {
if (_routeVirtualPath == null) {
//Trim off ~/
_routeVirtualPath = new Route(VirtualPath.Substring(2), this);
}
return _routeVirtualPath;
}
}
private bool CheckUrlAccess(string virtualPath, RequestContext requestContext) {
IPrincipal user = requestContext.HttpContext.User;
// If there's no authenticated user, use the default identity
if (user == null) {
user = new GenericPrincipal(new GenericIdentity(String.Empty, String.Empty), new string[0]);
}
return CheckUrlAccessWithAssert(virtualPath, requestContext, user);
}
[SecurityPermission(SecurityAction.Assert, Unrestricted = true)]
private bool CheckUrlAccessWithAssert(string virtualPath, RequestContext requestContext, IPrincipal user) {
return UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtualPath, user, requestContext.HttpContext.Request.HttpMethod);
}
public virtual IHttpHandler GetHttpHandler(RequestContext requestContext) {
if (requestContext == null) {
throw new ArgumentNullException("requestContext");
}
string virtualPath = GetSubstitutedVirtualPath(requestContext);
// Virtual Path ----s up with query strings, so we need to strip them off
int qmark = virtualPath.IndexOf('?');
if (qmark != -1) {
virtualPath = virtualPath.Substring(0, qmark);
}
if (this.CheckPhysicalUrlAccess && !CheckUrlAccess(virtualPath, requestContext)) {
return new UrlAuthFailureHandler();
}
Page page = BuildManager.CreateInstanceFromVirtualPath(virtualPath, typeof(Page)) as Page;
return page;
}
///
/// Gets the virtual path to the resource after applying substitutions based on route data.
///
///
///
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//-----------------------------------------------------------------------------
namespace System.Web.Routing {
using System;
using System.Web.UI;
using System.Web.Compilation;
using System.Web.Security;
using System.Security;
using System.Security.Permissions;
using System.Security.Principal;
public class PageRouteHandler : IRouteHandler {
public PageRouteHandler(string virtualPath)
: this(virtualPath, true) {
}
public PageRouteHandler(string virtualPath, bool checkPhysicalUrlAccess) {
if (string.IsNullOrEmpty(virtualPath) || !virtualPath.StartsWith("~/", StringComparison.OrdinalIgnoreCase)) {
throw new ArgumentException(SR.GetString(SR.PageRouteHandler_InvalidVirtualPath), "virtualPath");
}
this.VirtualPath = virtualPath;
this.CheckPhysicalUrlAccess = checkPhysicalUrlAccess;
_useRouteVirtualPath = VirtualPath.Contains("{");
}
///
/// This is the full virtual path (using tilde syntax) to the WebForm page.
///
///
/// Needs to be thread safe so this is only settable via ctor.
///
public string VirtualPath { get; private set; }
///
/// Because we're not actually rewriting the URL, ASP.NET's URL Auth will apply
/// to the incoming request URL and not the URL of the physical WebForm page.
/// Setting this to true (default) will apply URL access rules against the
/// physical file.
///
/// True by default
public bool CheckPhysicalUrlAccess { get; private set; }
private bool _useRouteVirtualPath;
private Route _routeVirtualPath;
private Route RouteVirtualPath {
get {
if (_routeVirtualPath == null) {
//Trim off ~/
_routeVirtualPath = new Route(VirtualPath.Substring(2), this);
}
return _routeVirtualPath;
}
}
private bool CheckUrlAccess(string virtualPath, RequestContext requestContext) {
IPrincipal user = requestContext.HttpContext.User;
// If there's no authenticated user, use the default identity
if (user == null) {
user = new GenericPrincipal(new GenericIdentity(String.Empty, String.Empty), new string[0]);
}
return CheckUrlAccessWithAssert(virtualPath, requestContext, user);
}
[SecurityPermission(SecurityAction.Assert, Unrestricted = true)]
private bool CheckUrlAccessWithAssert(string virtualPath, RequestContext requestContext, IPrincipal user) {
return UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtualPath, user, requestContext.HttpContext.Request.HttpMethod);
}
public virtual IHttpHandler GetHttpHandler(RequestContext requestContext) {
if (requestContext == null) {
throw new ArgumentNullException("requestContext");
}
string virtualPath = GetSubstitutedVirtualPath(requestContext);
// Virtual Path ----s up with query strings, so we need to strip them off
int qmark = virtualPath.IndexOf('?');
if (qmark != -1) {
virtualPath = virtualPath.Substring(0, qmark);
}
if (this.CheckPhysicalUrlAccess && !CheckUrlAccess(virtualPath, requestContext)) {
return new UrlAuthFailureHandler();
}
Page page = BuildManager.CreateInstanceFromVirtualPath(virtualPath, typeof(Page)) as Page;
return page;
}
///
/// Gets the virtual path to the resource after applying substitutions based on route data.
///
///
///
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- InstanceKeyNotReadyException.cs
- DeclarativeCatalogPartDesigner.cs
- StringDictionaryWithComparer.cs
- SelfIssuedTokenFactoryCredential.cs
- DataSourceXmlClassAttribute.cs
- DataServiceKeyAttribute.cs
- SafeMILHandle.cs
- DBNull.cs
- ObjectDataSource.cs
- CultureInfo.cs
- InfoCardRSAPKCS1KeyExchangeFormatter.cs
- PassportAuthenticationEventArgs.cs
- DiscoveryUtility.cs
- GeneralTransform2DTo3DTo2D.cs
- WebBrowserDocumentCompletedEventHandler.cs
- EditingCoordinator.cs
- OdbcHandle.cs
- ValidatorAttribute.cs
- TemplateField.cs
- ZoomingMessageFilter.cs
- ObfuscationAttribute.cs
- AppDomainEvidenceFactory.cs
- CanonicalFormWriter.cs
- InputLanguage.cs
- ObjectDataSourceEventArgs.cs
- DataGridLength.cs
- ListSortDescriptionCollection.cs
- IPPacketInformation.cs
- XPathNavigatorReader.cs
- RegisteredHiddenField.cs
- Selection.cs
- EntityDesignerBuildProvider.cs
- XComponentModel.cs
- ZoneLinkButton.cs
- XmlDataLoader.cs
- SymmetricCryptoHandle.cs
- Vector3DAnimation.cs
- SqlXml.cs
- SoapEnumAttribute.cs
- DefaultValueAttribute.cs
- ErasingStroke.cs
- SHA1CryptoServiceProvider.cs
- xml.cs
- Emitter.cs
- LinqTreeNodeEvaluator.cs
- AttachedPropertyBrowsableForTypeAttribute.cs
- ReadOnlyNameValueCollection.cs
- SessionViewState.cs
- NotCondition.cs
- PluggableProtocol.cs
- HostedHttpTransportManager.cs
- Certificate.cs
- ProxyAttribute.cs
- ImageListDesigner.cs
- ChannelAcceptor.cs
- _TLSstream.cs
- CalendarDataBindingHandler.cs
- BlurBitmapEffect.cs
- ExpressionStringBuilder.cs
- MultilineStringEditor.cs
- ActivityCompletionCallbackWrapper.cs
- XmlParser.cs
- DBNull.cs
- PointHitTestResult.cs
- AttributeProviderAttribute.cs
- DatePickerAutomationPeer.cs
- TransactedBatchingElement.cs
- Comparer.cs
- BinaryConverter.cs
- formatter.cs
- SafeEventLogReadHandle.cs
- DynamicDiscoSearcher.cs
- IdnElement.cs
- SetterBase.cs
- SmiContext.cs
- TraceUtility.cs
- UnitySerializationHolder.cs
- DoubleAnimationUsingKeyFrames.cs
- _FixedSizeReader.cs
- Utility.cs
- PropertyValueUIItem.cs
- _emptywebproxy.cs
- Triplet.cs
- SafeFileMapViewHandle.cs
- EntityType.cs
- ObjectDataSourceMethodEventArgs.cs
- ApplicationDirectoryMembershipCondition.cs
- ListViewInsertedEventArgs.cs
- VersionValidator.cs
- TypefaceMetricsCache.cs
- SecurityUniqueId.cs
- WebPartConnectionsCancelVerb.cs
- DataBinder.cs
- SecurityTokenInclusionMode.cs
- CAGDesigner.cs
- Span.cs
- ConfigurationManager.cs
- BoundField.cs
- Rect.cs
- BatchWriter.cs