projects / mono.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #2716 from BrzVlad/fix-tramp-jinfo
[mono.git] / mcs / class / System.Web / System.Web.Security / UrlAuthorizationModule.cs
diff --git a/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs b/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs
index 2c7345d8afaee08194aba330d07729ef9f97f1ce..eb6b890700b6674116926ca2b99c492a42665e0f 100644 (file)
--- a/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs
+++ b/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs
@@ -27,6 +27,7 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
+using System.Configuration;
 using System.Web.Configuration;
 using System.Security.Permissions;
 using System.Security.Principal;
@@ -55,32 +56,42 @@ namespace System.Web.Security
                {
                        HttpApplication app = (HttpApplication) sender;
                        HttpContext context = app.Context;
-                       if (context.SkipAuthorization)
+                       if (context == null || context.SkipAuthorization)
                                return;
 
-#if NET_2_0
-                       AuthorizationSection config = (AuthorizationSection) WebConfigurationManager.GetSection ("system.web/authorization");
-#else
-                       AuthorizationConfig config = (AuthorizationConfig) context.GetConfig ("system.web/authorization");
-                       if (config == null)
-                               return;
-#endif
-                       if (!config.IsValidUser (context.User, context.Request.HttpMethod)) {
+                       HttpRequest req = context.Request;
+                       AuthorizationSection config = (AuthorizationSection) WebConfigurationManager.GetSection ("system.web/authorization", req.Path, context);
+                       if (!config.IsValidUser (context.User, req.HttpMethod)) {
                                HttpException e = new HttpException (401, "Unauthorized");
+                               HttpResponse response = context.Response;
                                
-                               context.Response.StatusCode = 401;
-                               context.Response.Write (e.GetHtmlErrorMessage ());
+                               response.StatusCode = 401;
+                               response.Write (e.GetHtmlErrorMessage ());
                                app.CompleteRequest ();
                        }
                }
 
-#if NET_2_0
-               [MonoTODO]
                public static bool CheckUrlAccessForPrincipal (string virtualPath, IPrincipal user, string verb)
                {
-                       throw new NotImplementedException ();
+                       AuthorizationSection config = (AuthorizationSection) WebConfigurationManager.GetSection ("system.web/authorization", virtualPath);
+
+                       return config == null ? true : config.IsValidUser (user, verb);
                }
+
+               internal static void ReportUrlAuthorizationFailure(HttpContext context, object webEventSource) {
+                       // Deny access
+                       context.Response.StatusCode = 401;
+                       context.Response.Write (new HttpException(401, "Unauthorized").GetHtmlErrorMessage ());
+
+#if false // Sys.Web.Mng not implemented on mono.
+                       if (context.User != null && context.User.Identity.IsAuthenticated) {
+                               // We don't raise failure audit event for anonymous user
+                               WebBaseEvent.RaiseSystemEvent(webEventSource, WebEventCodes.AuditUrlAuthorizationFailure);
+                       }
 #endif
+                       context.ApplicationInstance.CompleteRequest();
+               }
+
        }
 }
 
my mono mirror. check out Moved to http://github.com/mono/mono