199 lines
7.0 KiB
C#
199 lines
7.0 KiB
C#
//------------------------------------------------------------------------------
|
|
// <copyright file="AuthorizationRuleCollection.cs" company="Microsoft">
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|
// </copyright>
|
|
//------------------------------------------------------------------------------
|
|
|
|
namespace System.Web.Configuration {
|
|
using System;
|
|
using System.Xml;
|
|
using System.Configuration;
|
|
using System.Collections.Specialized;
|
|
using System.Collections;
|
|
using System.Globalization;
|
|
using System.IO;
|
|
using System.Text;
|
|
using System.Security.Principal;
|
|
using System.Web.Util;
|
|
using System.ComponentModel;
|
|
using System.Security.Permissions;
|
|
|
|
[ConfigurationCollection(typeof(AuthorizationRule), AddItemName = "allow,deny",
|
|
CollectionType = ConfigurationElementCollectionType.BasicMapAlternate)]
|
|
public sealed class AuthorizationRuleCollection : ConfigurationElementCollection {
|
|
private static ConfigurationPropertyCollection _properties;
|
|
|
|
static AuthorizationRuleCollection() {
|
|
_properties = new ConfigurationPropertyCollection();
|
|
}
|
|
|
|
public AuthorizationRuleCollection() {
|
|
}
|
|
|
|
protected override ConfigurationPropertyCollection Properties {
|
|
get {
|
|
return _properties;
|
|
}
|
|
}
|
|
|
|
// public properties
|
|
public AuthorizationRule this[int index] {
|
|
get {
|
|
return (AuthorizationRule)BaseGet(index);
|
|
}
|
|
set {
|
|
if (BaseGet(index) != null) {
|
|
BaseRemoveAt(index);
|
|
}
|
|
BaseAdd(index, value);
|
|
}
|
|
}
|
|
// Protected Overrides
|
|
protected override ConfigurationElement CreateNewElement() {
|
|
return new AuthorizationRule();
|
|
}
|
|
protected override ConfigurationElement CreateNewElement(string elementName) {
|
|
AuthorizationRule newElement = new AuthorizationRule();
|
|
switch (elementName.ToLower(CultureInfo.InvariantCulture)) {
|
|
case "allow":
|
|
newElement.Action = AuthorizationRuleAction.Allow;
|
|
break;
|
|
case "deny":
|
|
newElement.Action = AuthorizationRuleAction.Deny;
|
|
break;
|
|
}
|
|
return newElement;
|
|
}
|
|
|
|
protected override Object GetElementKey(ConfigurationElement element) {
|
|
AuthorizationRule rule = (AuthorizationRule)element;
|
|
return rule._ActionString;
|
|
}
|
|
|
|
protected override string ElementName {
|
|
get {
|
|
return String.Empty; //_LookUpInElement_
|
|
}
|
|
}
|
|
public override ConfigurationElementCollectionType CollectionType {
|
|
get {
|
|
return ConfigurationElementCollectionType.BasicMapAlternate;
|
|
}
|
|
}
|
|
|
|
// IsElement name allows collection with multiple element names to
|
|
// exist with the base class architecture. Given an element name
|
|
// it simply returns true if the name is legal for the default collection
|
|
// or false otherwise.
|
|
protected override bool IsElementName(string elementname) {
|
|
bool IsElement = false;
|
|
switch (elementname.ToLower(CultureInfo.InvariantCulture)) {
|
|
case "allow":
|
|
case "deny":
|
|
IsElement = true;
|
|
break;
|
|
}
|
|
return IsElement;
|
|
}
|
|
|
|
internal bool IsUserAllowed(IPrincipal user, String verb) {
|
|
if (user == null) {
|
|
return false;
|
|
}
|
|
|
|
if (!_fCheckForCommonCasesDone) {
|
|
DoCheckForCommonCases();
|
|
_fCheckForCommonCasesDone = true;
|
|
}
|
|
if (!user.Identity.IsAuthenticated && _iAnonymousAllowed != 0)
|
|
return (_iAnonymousAllowed > 0);
|
|
|
|
if (_iAllUsersAllowed != 0)
|
|
return (_iAllUsersAllowed > 0);
|
|
|
|
// Go down the list permissions and check each one
|
|
foreach (AuthorizationRule rule in this) {
|
|
int result = rule.IsUserAllowed(user, verb);
|
|
if (result != 0)
|
|
return (result > 0);
|
|
}
|
|
return false;
|
|
}
|
|
|
|
private void DoCheckForCommonCases()
|
|
{
|
|
bool fStillLookingForAnonymous = true;
|
|
bool fAnyAllowRulesFound = false;
|
|
bool fAnyDenyRulesFound = false;
|
|
|
|
foreach (AuthorizationRule rule in this)
|
|
{
|
|
if (rule.Everyone) // Found a rule for Every-user
|
|
{
|
|
if (!fAnyAllowRulesFound && rule.Action == AuthorizationRuleAction.Deny)
|
|
_iAllUsersAllowed = -1;
|
|
if (!fAnyDenyRulesFound && rule.Action == AuthorizationRuleAction.Allow)
|
|
_iAllUsersAllowed = 1;
|
|
return; // done!
|
|
}
|
|
if (fStillLookingForAnonymous && rule.IncludesAnonymous) // Found a rule for anonymous-user
|
|
{
|
|
if (!fAnyAllowRulesFound && rule.Action == AuthorizationRuleAction.Deny)
|
|
_iAnonymousAllowed = -1;
|
|
if (!fAnyDenyRulesFound && rule.Action == AuthorizationRuleAction.Allow)
|
|
_iAnonymousAllowed = 1;
|
|
fStillLookingForAnonymous = false;
|
|
}
|
|
|
|
if (!fAnyAllowRulesFound && rule.Action == AuthorizationRuleAction.Allow)
|
|
fAnyAllowRulesFound = true;
|
|
if (!fAnyDenyRulesFound && rule.Action == AuthorizationRuleAction.Deny)
|
|
fAnyDenyRulesFound = true;
|
|
|
|
if (!fStillLookingForAnonymous && fAnyAllowRulesFound && fAnyDenyRulesFound)
|
|
return;
|
|
}
|
|
}
|
|
|
|
// public methods
|
|
public void Add(AuthorizationRule rule) {
|
|
BaseAdd(-1, rule); // add to the end of the list and dont overwrite dups!
|
|
}
|
|
|
|
public void Clear() {
|
|
BaseClear();
|
|
}
|
|
|
|
public AuthorizationRule Get(int index) {
|
|
return (AuthorizationRule)BaseGet(index);
|
|
}
|
|
|
|
public void RemoveAt(int index) {
|
|
BaseRemoveAt(index);
|
|
}
|
|
|
|
public void Set(int index, AuthorizationRule rule) {
|
|
BaseAdd(index, rule);
|
|
}
|
|
|
|
public int IndexOf(AuthorizationRule rule) {
|
|
for (int x = 0; x < Count; x++) {
|
|
if (Object.Equals(Get(x), rule)) {
|
|
return x;
|
|
}
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
public void Remove(AuthorizationRule rule) {
|
|
int index = IndexOf(rule);
|
|
if (index >= 0) {
|
|
BaseRemoveAt(index);
|
|
}
|
|
}
|
|
private int _iAllUsersAllowed = 0;
|
|
private int _iAnonymousAllowed = 0;
|
|
private bool _fCheckForCommonCasesDone = false;
|
|
}
|
|
}
|