1 //
2 // System.Web.Configuration.AuthorizationSection
3 //
4 // Authors:
5 //	Chris Toshok (toshok@ximian.com)
6 //
7 // (C) 2005 Novell, Inc (http://www.novell.com)
8 //
9 
10 //
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
18 //
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
21 //
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 
31 using System;
32 using System.Configuration;
33 using System.Security.Principal;
34 
35 
36 namespace System.Web.Configuration {
37 
38 	public sealed class AuthorizationSection : ConfigurationSection
39 	{
40 		static ConfigurationProperty rulesProp;
41 		static ConfigurationPropertyCollection properties;
42 
AuthorizationSection()43 		static AuthorizationSection ()
44 		{
45 			rulesProp = new ConfigurationProperty (String.Empty, typeof (AuthorizationRuleCollection), null,
46 							       null, PropertyHelper.DefaultValidator,
47 							       ConfigurationPropertyOptions.IsDefaultCollection);
48 			properties = new ConfigurationPropertyCollection ();
49 
50 			properties.Add (rulesProp);
51 		}
52 
PostDeserialize()53 		protected override void PostDeserialize()
54 		{
55 			base.PostDeserialize ();
56 		}
57 
58 		[ConfigurationProperty ("", Options = ConfigurationPropertyOptions.IsDefaultCollection)]
59 		public AuthorizationRuleCollection Rules {
60 			get { return (AuthorizationRuleCollection) base [rulesProp];}
61 		}
62 
63 		protected internal override ConfigurationPropertyCollection Properties {
64 			get { return properties; }
65 		}
66 
67 
IsValidUser(IPrincipal user, string verb)68 		internal bool IsValidUser (IPrincipal user, string verb)
69 		{
70 			string username = (user == null) ? String.Empty : user.Identity.Name;
71 			foreach (AuthorizationRule rule in Rules) {
72 				if (rule.Verbs.Count != 0 && !rule.CheckVerb (verb))
73 					continue;
74 
75 				if (rule.CheckUser (username) || (user != null && rule.CheckRole(user)))
76 					return (rule.Action == AuthorizationRuleAction.Allow);
77 			}
78 
79 			return true;
80 		}
81 
82 	}
83 
84 }
85 
86 
87