X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=blobdiff_plain;f=mcs%2Fclass%2FSystem.Web%2FSystem.Web.Security%2FUrlAuthorizationModule.cs;h=5dbda09026eae124aa915749d4010c58cc1fb9cf;hb=d3048467dbffff6678649eb1cc357a6eadd0c1fa;hp=2c7345d8afaee08194aba330d07729ef9f97f1ce;hpb=496dfbf9ec0fd3143e5dd560a863d916e56a52b8;p=mono.git diff --git a/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs b/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs index 2c7345d8afa..5dbda09026e 100644 --- a/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs +++ b/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs @@ -27,6 +27,7 @@ // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // +using System.Configuration; using System.Web.Configuration; using System.Security.Permissions; using System.Security.Principal; @@ -55,27 +56,29 @@ namespace System.Web.Security { HttpApplication app = (HttpApplication) sender; HttpContext context = app.Context; - if (context.SkipAuthorization) + if (context == null || context.SkipAuthorization) return; + HttpRequest req = context.Request; #if NET_2_0 - AuthorizationSection config = (AuthorizationSection) WebConfigurationManager.GetSection ("system.web/authorization"); + AuthorizationSection config = (AuthorizationSection) WebConfigurationManager.GetSection ("system.web/authorization", req.Path, context); #else AuthorizationConfig config = (AuthorizationConfig) context.GetConfig ("system.web/authorization"); if (config == null) return; #endif - if (!config.IsValidUser (context.User, context.Request.HttpMethod)) { + if (!config.IsValidUser (context.User, req.HttpMethod)) { HttpException e = new HttpException (401, "Unauthorized"); + HttpResponse response = context.Response; - context.Response.StatusCode = 401; - context.Response.Write (e.GetHtmlErrorMessage ()); + response.StatusCode = 401; + response.Write (e.GetHtmlErrorMessage ()); app.CompleteRequest (); } } #if NET_2_0 - [MonoTODO] + [MonoTODO ("Not implemented")] public static bool CheckUrlAccessForPrincipal (string virtualPath, IPrincipal user, string verb) { throw new NotImplementedException ();