Beispiel #1
0
        internal static void ExecuteWebServiceCall(HttpContext context, WebServiceMethodData methodData)
        {
            try {
                NamedPermissionSet s_permissionSet = HttpRuntime.NamedPermissionSet;
                if (s_permissionSet != null)
                {
                    s_permissionSet.PermitOnly();
                }

                // Deserialize the javascript request body
                IDictionary <string, object> rawParams = GetRawParams(methodData, context);
                InvokeMethod(context, methodData, rawParams);
            }
            catch (Exception ex) {
                WriteExceptionJsonString(context, ex);
            }
        }
Beispiel #2
0
        private static Action <Action> GetCallInAppTrustThunk()
        {
            // do we need to create the thunk?
            if (_callInAppTrustThunk == null)
            {
                try
                {
                    if (!typeof(SecurityUtil).Assembly.IsFullyTrusted || /* bin-deployed */
                        AppDomain.CurrentDomain.IsHomogenous /* .NET 4 CAS model */)
                    {
                        // we're already running in the application's trust level, so nothing to do
                        _callInAppTrustThunk = f => f();
                    }
                    else
                    {
                        // legacy CAS model - need to lower own permission level to be compatible with legacy systems
                        // This is essentially the same logic as Page.ProcessRequest(HttpContext)
                        NamedPermissionSet namedPermissionSet        = (NamedPermissionSet)typeof(HttpRuntime).GetProperty("NamedPermissionSet", BindingFlags.NonPublic | BindingFlags.Public | BindingFlags.Static).GetValue(null, null);
                        bool disableProcessRequestInApplicationTrust = (bool)typeof(HttpRuntime).GetProperty("DisableProcessRequestInApplicationTrust", BindingFlags.NonPublic | BindingFlags.Public | BindingFlags.Static).GetValue(null, null);
                        if (namedPermissionSet != null && !disableProcessRequestInApplicationTrust)
                        {
                            _callInAppTrustThunk = f =>
                            {
                                // lower permissions
                                namedPermissionSet.PermitOnly();
                                f();
                            };
                        }
                        else
                        {
                            // application's trust level is FullTrust, so nothing to do
                            _callInAppTrustThunk = f => f();
                        }
                    }
                }
                catch
                {
                    // MVC assembly is already running in application trust, so swallow exceptions
                }
            }

            // if there was an error, just process transparently
            return(_callInAppTrustThunk ?? (Action <Action>)(f => f()));
        }