- AuthorizationSection config = (AuthorizationSection) WebConfigurationManager.GetSection (
- "system.web/authorization",
- node.Url);
- if (config != null)
- return config.IsValidUser (context.User, context.Request.HttpMethod);
+ /* 3. */
+ string url = node.Url;
+ if(!String.IsNullOrEmpty(url)) {
+ // TODO check url is located within the current application
+
+ if (VirtualPathUtility.IsAppRelative (url) || !VirtualPathUtility.IsAbsolute (url))
+ url = VirtualPathUtility.Combine (VirtualPathUtility.AppendTrailingSlash (HttpRuntime.AppDomainAppVirtualPath), url);
+
+ AuthorizationSection config = (AuthorizationSection) WebConfigurationManager.GetSection (
+ "system.web/authorization",
+ url);
+ if (config != null)
+ return config.IsValidUser (context.User, context.Request.HttpMethod);
+ }