// Gonzalo Paniagua Javier (gonzalo@ximian.com)
//
// (C) 2002 Ximian, Inc (http://www.ximian.com)
-//
-
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
-using System.Web;
+using System.ComponentModel;
+using System.Security.Permissions;
using System.Security.Principal;
+using System.Threading;
+// more info on the workings of this class can be found in Shackow, p. 55
+//
namespace System.Web.Security
{
+ // CAS - no InheritanceDemand here as the class is sealed
+ [AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
public sealed class DefaultAuthenticationModule : IHttpModule
{
+ static readonly object authenticateEvent = new object ();
static GenericIdentity defaultIdentity = new GenericIdentity ("", "");
- public event DefaultAuthenticationEventHandler Authenticate;
+ EventHandlerList events = new EventHandlerList ();
+
+ public event DefaultAuthenticationEventHandler Authenticate {
+ add { events.AddHandler (authenticateEvent, value); }
+ remove { events.RemoveHandler (authenticateEvent, value); }
+ }
+
+ [SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
+ public DefaultAuthenticationModule ()
+ {
+ }
public void Dispose ()
{
HttpApplication app = (HttpApplication) sender;
HttpContext context = app.Context;
- if (context.User == null && Authenticate != null)
- Authenticate (this, new DefaultAuthenticationEventArgs (context));
+ DefaultAuthenticationEventHandler eh = events [authenticateEvent] as DefaultAuthenticationEventHandler;
+ if (context.User == null && eh != null)
+ eh (this, new DefaultAuthenticationEventArgs (context));
if (context.User == null)
context.User = new GenericPrincipal (defaultIdentity, new string [0]);
+
+ Thread.CurrentPrincipal = context.User;
}
}
}