projects / mono.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[PLinq] Move NET_4_0 define check under licence text
[mono.git] / mcs / class / System.Web / System.Web.Security / UrlAuthorizationModule.cs
diff --git a/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs b/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs
index 2c7345d8afaee08194aba330d07729ef9f97f1ce..5dbda09026eae124aa915749d4010c58cc1fb9cf 100644 (file)
--- a/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs
+++ b/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs
@@ -27,6 +27,7 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
+using System.Configuration;
 using System.Web.Configuration;
 using System.Security.Permissions;
 using System.Security.Principal;
@@ -55,27 +56,29 @@ namespace System.Web.Security
                {
                        HttpApplication app = (HttpApplication) sender;
                        HttpContext context = app.Context;
-                       if (context.SkipAuthorization)
+                       if (context == null || context.SkipAuthorization)
                                return;
 
+                       HttpRequest req = context.Request;
 #if NET_2_0
-                       AuthorizationSection config = (AuthorizationSection) WebConfigurationManager.GetSection ("system.web/authorization");
+                       AuthorizationSection config = (AuthorizationSection) WebConfigurationManager.GetSection ("system.web/authorization", req.Path, context);
 #else
                        AuthorizationConfig config = (AuthorizationConfig) context.GetConfig ("system.web/authorization");
                        if (config == null)
                                return;
 #endif
-                       if (!config.IsValidUser (context.User, context.Request.HttpMethod)) {
+                       if (!config.IsValidUser (context.User, req.HttpMethod)) {
                                HttpException e = new HttpException (401, "Unauthorized");
+                               HttpResponse response = context.Response;
                                
-                               context.Response.StatusCode = 401;
-                               context.Response.Write (e.GetHtmlErrorMessage ());
+                               response.StatusCode = 401;
+                               response.Write (e.GetHtmlErrorMessage ());
                                app.CompleteRequest ();
                        }
                }
 
 #if NET_2_0
-               [MonoTODO]
+               [MonoTODO ("Not implemented")]
                public static bool CheckUrlAccessForPrincipal (string virtualPath, IPrincipal user, string verb)
                {
                        throw new NotImplementedException ();
my mono mirror. check out Moved to http://github.com/mono/mono