Imported Upstream version 4.6.0.125

Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4
2016-08-03 10:59:49 +00:00
parent a569aebcfd
commit e79aa3c0ed
17047 changed files with 3137615 additions and 392334 deletions
--- a/mcs/class/System.Web/System.Web.Security/ChangeLog
+++ b/mcs/class/System.Web/System.Web.Security/ChangeLog
--- a/mcs/class/System.Web/System.Web.Security/FormsAuthenticationModule.cs
+++ b/mcs/class/System.Web/System.Web.Security/FormsAuthenticationModule.cs
@@ -42,11 +42,21 @@ namespace System.Web.Security
 	public sealed class FormsAuthenticationModule : IHttpModule
 	{
 		static readonly object authenticateEvent = new object ();
-		
+
+		// Config values
+		private static bool      _fAuthChecked;
+		private static bool      _fAuthRequired;
+
 		AuthenticationSection _config = null;
 		bool isConfigInitialized = false;
 		EventHandlerList events = new EventHandlerList ();
-		
+	
+		internal static bool FormsAuthRequired {
+			get {
+				return _fAuthRequired;
+			}
+		}
+
 		public event FormsAuthenticationEventHandler Authenticate {
 			add { events.AddHandler (authenticateEvent, value); }
 			remove { events.RemoveHandler (authenticateEvent, value); }
@@ -57,6 +67,14 @@ namespace System.Web.Security
 			if(isConfigInitialized)
 				return;
 			_config = (AuthenticationSection) WebConfigurationManager.GetSection ("system.web/authentication");
+
+			// authentication is an app level setting only
+			// so we can read app config early on in an attempt to try and
+			// skip wiring up event delegates
+			if (!_fAuthChecked) {
+				_fAuthRequired = (_config.Mode == AuthenticationMode.Forms);
+				_fAuthChecked = true;
+			}
 			isConfigInitialized = true;
 		}

@@ -71,6 +89,7 @@ namespace System.Web.Security

 		public void Init (HttpApplication app)
 		{
+
 			app.AuthenticateRequest += new EventHandler (OnAuthenticateRequest);
 			app.EndRequest += new EventHandler (OnEndRequest);
 		}
--- a/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs
+++ b/mcs/class/System.Web/System.Web.Security/UrlAuthorizationModule.cs
@@ -77,6 +77,21 @@ namespace System.Web.Security

 			return config == null ? true : config.IsValidUser (user, verb);
 		}
+
+		internal static void ReportUrlAuthorizationFailure(HttpContext context, object webEventSource) {
+			// Deny access
+			context.Response.StatusCode = 401;
+			context.Response.Write (new HttpException(401, "Unauthorized").GetHtmlErrorMessage ());
+
+#if false // Sys.Web.Mng not implemented on mono.
+			if (context.User != null && context.User.Identity.IsAuthenticated) {
+				// We don't raise failure audit event for anonymous user
+				WebBaseEvent.RaiseSystemEvent(webEventSource, WebEventCodes.AuditUrlAuthorizationFailure);
+			}
+#endif
+			context.ApplicationInstance.CompleteRequest();
+		}
+
 	}
 }