X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=blobdiff_plain;f=mcs%2Fclass%2FSystem.Web%2FSystem.Web.Security%2FUrlAuthorizationModule.cs;h=5dbda09026eae124aa915749d4010c58cc1fb9cf;hb=d3048467dbffff6678649eb1cc357a6eadd0c1fa;hp=2e6bca2747c8ad8473a43df2b95953e5def9519e;hpb=21d1fdc48703514b1164ea2a76fc3bbf3d40871f;p=mono.git diff --git a/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs b/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs index 2e6bca2747c..5dbda09026e 100644 --- a/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs +++ b/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs @@ -27,13 +27,18 @@ // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // +using System.Configuration; using System.Web.Configuration; +using System.Security.Permissions; using System.Security.Principal; namespace System.Web.Security { + // CAS - no InheritanceDemand here as the class is sealed + [AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)] public sealed class UrlAuthorizationModule : IHttpModule { + [SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)] public UrlAuthorizationModule () { } @@ -51,24 +56,29 @@ namespace System.Web.Security { HttpApplication app = (HttpApplication) sender; HttpContext context = app.Context; - if (context.SkipAuthorization) + if (context == null || context.SkipAuthorization) return; + HttpRequest req = context.Request; +#if NET_2_0 + AuthorizationSection config = (AuthorizationSection) WebConfigurationManager.GetSection ("system.web/authorization", req.Path, context); +#else AuthorizationConfig config = (AuthorizationConfig) context.GetConfig ("system.web/authorization"); if (config == null) return; - - if (!config.IsValidUser (context.User, context.Request.HttpMethod)) { - HttpException e = new HttpException (401, "Unauthorized"); +#endif + if (!config.IsValidUser (context.User, req.HttpMethod)) { + HttpException e = new HttpException (401, "Unauthorized"); + HttpResponse response = context.Response; - context.Response.StatusCode = 401; - context.Response.Write (e.GetHtmlErrorMessage ()); + response.StatusCode = 401; + response.Write (e.GetHtmlErrorMessage ()); app.CompleteRequest (); } } #if NET_2_0 - [MonoTODO] + [MonoTODO ("Not implemented")] public static bool CheckUrlAccessForPrincipal (string virtualPath, IPrincipal user, string verb) { throw new NotImplementedException ();