* AuthorizationSection.cs (IsValidUser): instead of a blanket
false for a null user, just set the username to "" and short
circuit out the check for roles.
svn path=/trunk/mcs/; revision=56055
internal bool IsValidUser (IPrincipal user, string verb)
{
- if (user == null)
- return false;
+ string username = (user == null) ? "" : user.Identity.Name;
foreach (AuthorizationRule rule in Rules) {
if (!rule.CheckVerb (verb))
continue;
- if (rule.CheckUser (user.Identity.Name) || rule.CheckRole(user))
+ if (rule.CheckUser (username) || (user != null && rule.CheckRole(user)))
return (rule.Action == AuthorizationRuleAction.Allow);
}
+2006-01-25 Chris Toshok <toshok@ximian.com>
+
+ * AuthorizationSection.cs (IsValidUser): instead of a blanket
+ false for a null user, just set the username to "" and short
+ circuit out the check for roles.
+
2006-01-25 Chris Toshok <toshok@ximian.com>
* AuthorizationRule.cs (CheckUser): handle * and ?, and use