static AuthorizationSection ()
{
- rulesProp = new ConfigurationProperty ("", typeof (AuthorizationRuleCollection), null,
+ rulesProp = new ConfigurationProperty (String.Empty, typeof (AuthorizationRuleCollection), null,
null, PropertyHelper.DefaultValidator,
ConfigurationPropertyOptions.IsDefaultCollection);
properties = new ConfigurationPropertyCollection ();
properties.Add (rulesProp);
}
- [MonoTODO]
protected override void PostDeserialize()
{
base.PostDeserialize ();
internal bool IsValidUser (IPrincipal user, string verb)
{
- if (user == null)
- return false;
-
+ string username = (user == null) ? String.Empty : user.Identity.Name;
foreach (AuthorizationRule rule in Rules) {
- if (!rule.CheckVerb (verb))
+ if (rule.Verbs.Count != 0 && !rule.CheckVerb (verb))
continue;
- if (rule.CheckUser (user.Identity.Name) || rule.CheckRole(user))
+ if (rule.CheckUser (username) || (user != null && rule.CheckRole(user)))
return (rule.Action == AuthorizationRuleAction.Allow);
}