Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / cdf / src / WCF / System.ServiceModel.Activation / System / ServiceModel / Activation / AspNetPartialTrustHelpers.cs / 1305376 / AspNetPartialTrustHelpers.cs
//------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------
namespace System.ServiceModel
{
using System.Runtime;
using System.Security;
using System.Security.Permissions;
using System.Threading;
using System.Web;
static class AspNetPartialTrustHelpers
{
[Fx.Tag.SecurityNote(Critical = "Caches the PermissionSet associated with the asp.net trust level."
+ "This will not change over the life of the AppDomain.")]
[SecurityCritical]
static SecurityContext aspNetSecurityContext;
[Fx.Tag.SecurityNote(Critical = "If erroneously set to true, could bypass the PermitOnly.")]
[SecurityCritical]
static bool isInitialized;
[Fx.Tag.SecurityNote(Miscellaneous = "RequiresReview - determines if the given PermissionSet is full trust."
+ "We will base subsequent security decisions on this.")]
static bool IsFullTrust(PermissionSet perms)
{
return perms == null || perms.IsUnrestricted();
}
internal static bool NeedPartialTrustInvoke
{
[Fx.Tag.SecurityNote(Critical = "Makes a security sensitive decision, updates aspNetSecurityContext and isInitialized.",
Safe = "Ok to know whether the ASP app is partial trust.")]
[SecuritySafeCritical]
get
{
if (!isInitialized)
{
NamedPermissionSet aspNetPermissionSet = GetHttpRuntimeNamedPermissionSet();
if (!IsFullTrust(aspNetPermissionSet))
{
try
{
aspNetPermissionSet.PermitOnly();
aspNetSecurityContext = System.Runtime.PartialTrustHelpers.CaptureSecurityContextNoIdentityFlow();
}
finally
{
CodeAccessPermission.RevertPermitOnly();
}
}
isInitialized = true;
}
return aspNetSecurityContext != null;
}
}
[Fx.Tag.SecurityNote(Critical = "Asserts AspNetHostingPermission.")]
[SecurityCritical]
[AspNetHostingPermission(SecurityAction.Assert, Level=AspNetHostingPermissionLevel.Unrestricted)]
static NamedPermissionSet GetHttpRuntimeNamedPermissionSet()
{
return HttpRuntime.GetNamedPermissionSet();
}
[Fx.Tag.SecurityNote(Critical = "Touches aspNetSecurityContext.",
Safe = "Ok to invoke the user's delegate under the PT context.")]
[SecuritySafeCritical]
internal static void PartialTrustInvoke(ContextCallback callback, object state)
{
if (NeedPartialTrustInvoke)
{
SecurityContext.Run(aspNetSecurityContext.CreateCopy(), callback, state);
}
else
{
callback(state);
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------
namespace System.ServiceModel
{
using System.Runtime;
using System.Security;
using System.Security.Permissions;
using System.Threading;
using System.Web;
static class AspNetPartialTrustHelpers
{
[Fx.Tag.SecurityNote(Critical = "Caches the PermissionSet associated with the asp.net trust level."
+ "This will not change over the life of the AppDomain.")]
[SecurityCritical]
static SecurityContext aspNetSecurityContext;
[Fx.Tag.SecurityNote(Critical = "If erroneously set to true, could bypass the PermitOnly.")]
[SecurityCritical]
static bool isInitialized;
[Fx.Tag.SecurityNote(Miscellaneous = "RequiresReview - determines if the given PermissionSet is full trust."
+ "We will base subsequent security decisions on this.")]
static bool IsFullTrust(PermissionSet perms)
{
return perms == null || perms.IsUnrestricted();
}
internal static bool NeedPartialTrustInvoke
{
[Fx.Tag.SecurityNote(Critical = "Makes a security sensitive decision, updates aspNetSecurityContext and isInitialized.",
Safe = "Ok to know whether the ASP app is partial trust.")]
[SecuritySafeCritical]
get
{
if (!isInitialized)
{
NamedPermissionSet aspNetPermissionSet = GetHttpRuntimeNamedPermissionSet();
if (!IsFullTrust(aspNetPermissionSet))
{
try
{
aspNetPermissionSet.PermitOnly();
aspNetSecurityContext = System.Runtime.PartialTrustHelpers.CaptureSecurityContextNoIdentityFlow();
}
finally
{
CodeAccessPermission.RevertPermitOnly();
}
}
isInitialized = true;
}
return aspNetSecurityContext != null;
}
}
[Fx.Tag.SecurityNote(Critical = "Asserts AspNetHostingPermission.")]
[SecurityCritical]
[AspNetHostingPermission(SecurityAction.Assert, Level=AspNetHostingPermissionLevel.Unrestricted)]
static NamedPermissionSet GetHttpRuntimeNamedPermissionSet()
{
return HttpRuntime.GetNamedPermissionSet();
}
[Fx.Tag.SecurityNote(Critical = "Touches aspNetSecurityContext.",
Safe = "Ok to invoke the user's delegate under the PT context.")]
[SecuritySafeCritical]
internal static void PartialTrustInvoke(ContextCallback callback, object state)
{
if (NeedPartialTrustInvoke)
{
SecurityContext.Run(aspNetSecurityContext.CreateCopy(), callback, state);
}
else
{
callback(state);
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- SqlParameterizer.cs
- SerializationObjectManager.cs
- BindingOperations.cs
- IImplicitResourceProvider.cs
- DataPagerCommandEventArgs.cs
- X509Certificate2Collection.cs
- Statements.cs
- SQLStringStorage.cs
- ScriptComponentDescriptor.cs
- PrintingPermissionAttribute.cs
- EntityRecordInfo.cs
- DataGridSortCommandEventArgs.cs
- OptimizerPatterns.cs
- XmlSerializableWriter.cs
- SecurityElement.cs
- MetafileHeaderWmf.cs
- UserPreferenceChangingEventArgs.cs
- PackWebRequest.cs
- CompiledAction.cs
- DataGridViewRowsAddedEventArgs.cs
- MultipleViewPattern.cs
- ResourceProperty.cs
- StopStoryboard.cs
- filewebresponse.cs
- Thumb.cs
- BindingElement.cs
- ImageCodecInfoPrivate.cs
- NetTcpSecurityElement.cs
- Assert.cs
- SignedXml.cs
- TabControlAutomationPeer.cs
- HandleCollector.cs
- MemberInitExpression.cs
- RandomNumberGenerator.cs
- GridViewCommandEventArgs.cs
- CompiledQueryCacheEntry.cs
- ProfileSettingsCollection.cs
- TextBoxBase.cs
- TextSimpleMarkerProperties.cs
- SimpleWebHandlerParser.cs
- FolderNameEditor.cs
- SingletonInstanceContextProvider.cs
- HashMembershipCondition.cs
- EncoderParameter.cs
- DoubleLinkListEnumerator.cs
- AspCompat.cs
- PanelStyle.cs
- DecimalFormatter.cs
- BindingNavigator.cs
- DataSourceControl.cs
- DirectoryObjectSecurity.cs
- BindingMAnagerBase.cs
- TemplateBuilder.cs
- InitializeCorrelation.cs
- DataGridViewDesigner.cs
- ActionItem.cs
- HyperLinkColumn.cs
- XsltContext.cs
- ToolBarDesigner.cs
- ListItem.cs
- xmlglyphRunInfo.cs
- InstanceLockTracking.cs
- TextServicesContext.cs
- SessionEndedEventArgs.cs
- SecurityTimestamp.cs
- CutCopyPasteHelper.cs
- AdornedElementPlaceholder.cs
- ITextView.cs
- EllipseGeometry.cs
- QueryContinueDragEvent.cs
- TextSerializer.cs
- HtmlMeta.cs
- HttpCookie.cs
- WebPartEditVerb.cs
- FormatConvertedBitmap.cs
- ColorConvertedBitmap.cs
- Clipboard.cs
- XMLUtil.cs
- Accessors.cs
- XmlSchemaInferenceException.cs
- TracingConnectionListener.cs
- ToolStripContentPanelRenderEventArgs.cs
- StringCollectionMarkupSerializer.cs
- SamlSubject.cs
- CodeChecksumPragma.cs
- ReflectEventDescriptor.cs
- EditCommandColumn.cs
- StateMachineHelpers.cs
- ToolStripSplitStackLayout.cs
- TextRangeProviderWrapper.cs
- IncrementalCompileAnalyzer.cs
- GridViewUpdatedEventArgs.cs
- PeerInputChannelListener.cs
- CapabilitiesUse.cs
- Transform.cs
- TrackingProvider.cs
- GridViewColumnCollectionChangedEventArgs.cs
- DataSourceView.cs
- SamlAuthorityBinding.cs
- MatcherBuilder.cs