Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / xsp / System / Web / Routing / PageRouteHandler.cs / 1305376 / PageRouteHandler.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//-----------------------------------------------------------------------------
namespace System.Web.Routing {
using System;
using System.Web.UI;
using System.Web.Compilation;
using System.Web.Security;
using System.Security;
using System.Security.Permissions;
using System.Security.Principal;
public class PageRouteHandler : IRouteHandler {
public PageRouteHandler(string virtualPath)
: this(virtualPath, true) {
}
public PageRouteHandler(string virtualPath, bool checkPhysicalUrlAccess) {
if (string.IsNullOrEmpty(virtualPath) || !virtualPath.StartsWith("~/", StringComparison.OrdinalIgnoreCase)) {
throw new ArgumentException(SR.GetString(SR.PageRouteHandler_InvalidVirtualPath), "virtualPath");
}
this.VirtualPath = virtualPath;
this.CheckPhysicalUrlAccess = checkPhysicalUrlAccess;
_useRouteVirtualPath = VirtualPath.Contains("{");
}
///
/// This is the full virtual path (using tilde syntax) to the WebForm page.
///
///
/// Needs to be thread safe so this is only settable via ctor.
///
public string VirtualPath { get; private set; }
///
/// Because we're not actually rewriting the URL, ASP.NET's URL Auth will apply
/// to the incoming request URL and not the URL of the physical WebForm page.
/// Setting this to true (default) will apply URL access rules against the
/// physical file.
///
/// True by default
public bool CheckPhysicalUrlAccess { get; private set; }
private bool _useRouteVirtualPath;
private Route _routeVirtualPath;
private Route RouteVirtualPath {
get {
if (_routeVirtualPath == null) {
//Trim off ~/
_routeVirtualPath = new Route(VirtualPath.Substring(2), this);
}
return _routeVirtualPath;
}
}
private bool CheckUrlAccess(string virtualPath, RequestContext requestContext) {
IPrincipal user = requestContext.HttpContext.User;
// If there's no authenticated user, use the default identity
if (user == null) {
user = new GenericPrincipal(new GenericIdentity(String.Empty, String.Empty), new string[0]);
}
return CheckUrlAccessWithAssert(virtualPath, requestContext, user);
}
[SecurityPermission(SecurityAction.Assert, Unrestricted = true)]
private bool CheckUrlAccessWithAssert(string virtualPath, RequestContext requestContext, IPrincipal user) {
return UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtualPath, user, requestContext.HttpContext.Request.HttpMethod);
}
public virtual IHttpHandler GetHttpHandler(RequestContext requestContext) {
if (requestContext == null) {
throw new ArgumentNullException("requestContext");
}
string virtualPath = GetSubstitutedVirtualPath(requestContext);
// Virtual Path ----s up with query strings, so we need to strip them off
int qmark = virtualPath.IndexOf('?');
if (qmark != -1) {
virtualPath = virtualPath.Substring(0, qmark);
}
if (this.CheckPhysicalUrlAccess && !CheckUrlAccess(virtualPath, requestContext)) {
return new UrlAuthFailureHandler();
}
Page page = BuildManager.CreateInstanceFromVirtualPath(virtualPath, typeof(Page)) as Page;
return page;
}
///
/// Gets the virtual path to the resource after applying substitutions based on route data.
///
///
///
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//-----------------------------------------------------------------------------
namespace System.Web.Routing {
using System;
using System.Web.UI;
using System.Web.Compilation;
using System.Web.Security;
using System.Security;
using System.Security.Permissions;
using System.Security.Principal;
public class PageRouteHandler : IRouteHandler {
public PageRouteHandler(string virtualPath)
: this(virtualPath, true) {
}
public PageRouteHandler(string virtualPath, bool checkPhysicalUrlAccess) {
if (string.IsNullOrEmpty(virtualPath) || !virtualPath.StartsWith("~/", StringComparison.OrdinalIgnoreCase)) {
throw new ArgumentException(SR.GetString(SR.PageRouteHandler_InvalidVirtualPath), "virtualPath");
}
this.VirtualPath = virtualPath;
this.CheckPhysicalUrlAccess = checkPhysicalUrlAccess;
_useRouteVirtualPath = VirtualPath.Contains("{");
}
///
/// This is the full virtual path (using tilde syntax) to the WebForm page.
///
///
/// Needs to be thread safe so this is only settable via ctor.
///
public string VirtualPath { get; private set; }
///
/// Because we're not actually rewriting the URL, ASP.NET's URL Auth will apply
/// to the incoming request URL and not the URL of the physical WebForm page.
/// Setting this to true (default) will apply URL access rules against the
/// physical file.
///
/// True by default
public bool CheckPhysicalUrlAccess { get; private set; }
private bool _useRouteVirtualPath;
private Route _routeVirtualPath;
private Route RouteVirtualPath {
get {
if (_routeVirtualPath == null) {
//Trim off ~/
_routeVirtualPath = new Route(VirtualPath.Substring(2), this);
}
return _routeVirtualPath;
}
}
private bool CheckUrlAccess(string virtualPath, RequestContext requestContext) {
IPrincipal user = requestContext.HttpContext.User;
// If there's no authenticated user, use the default identity
if (user == null) {
user = new GenericPrincipal(new GenericIdentity(String.Empty, String.Empty), new string[0]);
}
return CheckUrlAccessWithAssert(virtualPath, requestContext, user);
}
[SecurityPermission(SecurityAction.Assert, Unrestricted = true)]
private bool CheckUrlAccessWithAssert(string virtualPath, RequestContext requestContext, IPrincipal user) {
return UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtualPath, user, requestContext.HttpContext.Request.HttpMethod);
}
public virtual IHttpHandler GetHttpHandler(RequestContext requestContext) {
if (requestContext == null) {
throw new ArgumentNullException("requestContext");
}
string virtualPath = GetSubstitutedVirtualPath(requestContext);
// Virtual Path ----s up with query strings, so we need to strip them off
int qmark = virtualPath.IndexOf('?');
if (qmark != -1) {
virtualPath = virtualPath.Substring(0, qmark);
}
if (this.CheckPhysicalUrlAccess && !CheckUrlAccess(virtualPath, requestContext)) {
return new UrlAuthFailureHandler();
}
Page page = BuildManager.CreateInstanceFromVirtualPath(virtualPath, typeof(Page)) as Page;
return page;
}
///
/// Gets the virtual path to the resource after applying substitutions based on route data.
///
///
///
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- Control.cs
- ClientSettingsSection.cs
- AsymmetricSecurityBindingElement.cs
- EnumValAlphaComparer.cs
- RepeatBehaviorConverter.cs
- ErrorFormatterPage.cs
- RoleService.cs
- CqlParserHelpers.cs
- RawStylusInputReport.cs
- Function.cs
- GraphicsState.cs
- ThreadLocal.cs
- TypeBuilder.cs
- StackSpiller.cs
- JoinTreeNode.cs
- PriorityRange.cs
- WebPartEditVerb.cs
- XmlElementCollection.cs
- CryptoConfig.cs
- DataGridViewCellParsingEventArgs.cs
- DataGridViewCellCancelEventArgs.cs
- SettingsSavedEventArgs.cs
- RectAnimationBase.cs
- TreeNodeStyleCollectionEditor.cs
- WebPartsPersonalizationAuthorization.cs
- AnnotationHighlightLayer.cs
- StylusEventArgs.cs
- InvalidPrinterException.cs
- CompositeActivityCodeGenerator.cs
- StylusEventArgs.cs
- TextSelectionHighlightLayer.cs
- BlurBitmapEffect.cs
- StyleReferenceConverter.cs
- TableHeaderCell.cs
- __TransparentProxy.cs
- TypeDescriptionProviderAttribute.cs
- HtmlControl.cs
- WindowsButton.cs
- Rect.cs
- SymbolType.cs
- WeakRefEnumerator.cs
- ImageAttributes.cs
- SystemIcmpV6Statistics.cs
- ConfigXmlCDataSection.cs
- ITreeGenerator.cs
- ManagementEventWatcher.cs
- mactripleDES.cs
- DrawToolTipEventArgs.cs
- ToolStripContentPanelRenderEventArgs.cs
- HashAlgorithm.cs
- XsltException.cs
- TCPListener.cs
- X509PeerCertificateAuthenticationElement.cs
- SpeechUI.cs
- keycontainerpermission.cs
- Intellisense.cs
- RuleSettings.cs
- HostedHttpTransportManager.cs
- XslAstAnalyzer.cs
- Parser.cs
- Gdiplus.cs
- SimpleWorkerRequest.cs
- InfoCardAsymmetricCrypto.cs
- Run.cs
- RelatedPropertyManager.cs
- RootContext.cs
- DbConnectionPoolGroup.cs
- NameValueFileSectionHandler.cs
- DataControlExtensions.cs
- ToolStripProgressBar.cs
- brushes.cs
- FrameworkRichTextComposition.cs
- ImplicitInputBrush.cs
- FontInfo.cs
- ConnectionStringSettingsCollection.cs
- SizeChangedEventArgs.cs
- JpegBitmapEncoder.cs
- RelationshipEndMember.cs
- NumberFormatInfo.cs
- NamespaceQuery.cs
- QuestionEventArgs.cs
- StylusButtonEventArgs.cs
- MulticastOption.cs
- ShaderEffect.cs
- HtmlTableCell.cs
- NullableFloatMinMaxAggregationOperator.cs
- QueryOperationResponseOfT.cs
- Rotation3DAnimationBase.cs
- ScriptComponentDescriptor.cs
- Dynamic.cs
- VersionedStream.cs
- PlainXmlDeserializer.cs
- HelpKeywordAttribute.cs
- SymbolEqualComparer.cs
- SoapSchemaMember.cs
- UrlMappingsSection.cs
- TransformCollection.cs
- DesignColumn.cs
- ChangeDirector.cs
- EmptyReadOnlyDictionaryInternal.cs