public object Create(object parent, object context, XmlNode section)
{
AuthorizationConfig config = new AuthorizationConfig(parent);
if (section.Attributes != null && section.Attributes.Count != 0)
{
ThrowException("Unrecognized attribute", section);
}
XmlNodeList authNodes = section.ChildNodes;
foreach (XmlNode child in authNodes)
{
XmlNodeType ntype = child.NodeType;
if (ntype != XmlNodeType.Element)
{
continue;
}
string childName = child.Name;
bool allow = (childName == "allow");
bool deny = (childName == "deny");
if (!allow && !deny)
{
ThrowException("Element name must be 'allow' or 'deny'.", child);
}
string users = AttValue("users", child);
string roles = AttValue("roles", child);
if (users == null && roles == null)
{
ThrowException("At least 'users' or 'roles' must be present.", child);
}
string verbs = AttValue("verbs", child);
if (child.Attributes != null && child.Attributes.Count != 0)
{
ThrowException("Unrecognized attribute.", child);
}
bool added;
if (allow)
{
added = config.Allow(users, roles, verbs);
}
else
{
added = config.Deny(users, roles, verbs);
}
if (!added)
{
ThrowException("User and role names cannot contain '?' or '*'.", child);
}
}
return(config);
}
public object Create (object parent, object context, XmlNode section)
{
AuthorizationConfig config = new AuthorizationConfig (parent);
if (section.Attributes != null && section.Attributes.Count != 0)
ThrowException ("Unrecognized attribute", section);
XmlNodeList authNodes = section.ChildNodes;
foreach (XmlNode child in authNodes) {
XmlNodeType ntype = child.NodeType;
if (ntype != XmlNodeType.Element)
continue;
string childName = child.Name;
bool allow = (childName == "allow");
bool deny = (childName == "deny");
if (!allow && !deny)
ThrowException ("Element name must be 'allow' or 'deny'.", child);
string users = AttValue ("users", child);
string roles = AttValue ("roles", child);
if (users == null && roles == null)
ThrowException ("At least 'users' or 'roles' must be present.", child);
string verbs = AttValue ("verbs", child);
if (child.Attributes != null && child.Attributes.Count != 0)
ThrowException ("Unrecognized attribute.", child);
bool added;
if (allow)
added = config.Allow (users, roles, verbs);
else
added = config.Deny (users, roles, verbs);
if (!added)
ThrowException ("User and role names cannot contain '?' or '*'.", child);
}
return config;
}
internal AuthorizationConfig (object parent)
{
this.parent = parent as AuthorizationConfig;
}
internal AuthorizationConfig(object parent)
{
this.parent = parent as AuthorizationConfig;
}
//////////////////////////////////////////////////////////////////////
// CTor
internal AuthorizationConfig(AuthorizationConfig parent, XmlNode node)
{
Debug.Trace("security", "AuthorizationConfigSettings ctor");
if (parent != null)
{
_AllRules = (ArrayList)parent._AllRules.Clone();
}
else
{
_AllRules = new ArrayList();
}
HandlerBase.CheckForUnrecognizedAttributes(node);
ArrayList rules = new ArrayList();
foreach (XmlNode child in node.ChildNodes)
{
////////////////////////////////////////////////////////////
// Step 1: For each child (Allow / Deny Tag)
if (child.NodeType != XmlNodeType.Element)
{
continue;
}
bool allow = false;
bool fRolesPresent = false;
bool fUsersPresent = false;
String [] verbs = null;
String [] users = null;
String [] roles = null;
String [] temp = null;
XmlNode attribute;
////////////////////////////////////////////////////////////
// Step 3: Make sure we have an allow or deny tag
allow = (child.Name == _strAllowTag);
if (allow == false && (child.Name == _strDenyTag) == false)
{
throw new ConfigurationException(
HttpRuntime.FormatResourceString(SR.Auth_rule_must_have_allow_or_deny),
child);
}
////////////////////////////////////////////////////////////
// Step 4: Get the list of verbs
attribute = child.Attributes.RemoveNamedItem(_strVerbTag);
if (attribute != null)
{
temp = attribute.Value.ToLower(CultureInfo.InvariantCulture).Split(_strComma);
verbs = TrimStrings(temp);
}
////////////////////////////////////////////////////////////
// Step 5: Get the list of users
attribute = child.Attributes.RemoveNamedItem(_strUsersTag);
if (attribute != null && attribute.Value.Length > 0)
{
////////////////////////////////////////////////////////////
// Step 5a: If the users tag is present and not empty, then
// construct an array of user names (string array)
fUsersPresent = true;
temp = attribute.Value.ToLower(CultureInfo.InvariantCulture).Split(_strComma);
users = TrimStrings(temp);
////////////////////////////////////////////////////////////
// Step 5b: Make sure that no user name has the char ? or *
// embeded in it
if (users != null && users.Length > 0)
{
// For each user name
int iNumUsers = users.Length;
for (int iter = 0; iter < iNumUsers; iter++)
{
if (users[iter].Length > 1) // If length is > 1
{
if (users[iter].IndexOf('*') >= 0) // Contains '*'
{
throw new ConfigurationException(HttpRuntime.FormatResourceString(SR.Auth_rule_names_cant_contain_char, "*"),
attribute);
}
if (users[iter].IndexOf('?') >= 0) // Contains '?'
{
throw new ConfigurationException(HttpRuntime.FormatResourceString(SR.Auth_rule_names_cant_contain_char, "?"),
attribute);
}
}
}
}
}
////////////////////////////////////////////////////////////
// Step 6: Get the list of roles
attribute = child.Attributes.RemoveNamedItem(_strRolesTag);
if (attribute != null && attribute.Value.Length > 0)
{
////////////////////////////////////////////////////////////
// Step 6a: If the roles tag is present and not empty, then
// construct an array of role names (string array)
fRolesPresent = true;
temp = attribute.Value.Split(_strComma);
roles = TrimStrings(temp);
////////////////////////////////////////////////////////////
// Step 6b: Make sure that no user name has the char ? or *
// embeded in it
if (roles != null && roles.Length > 0)
{
// For each role name
int iNumRoles = roles.Length;
for (int iter = 0; iter < iNumRoles; iter++)
{
if (roles[iter].Length > 0) // If length is > 1
{
int foundIndex = roles[iter].IndexOfAny(new char [] { '*', '?' });
if (foundIndex >= 0)
{
throw new ConfigurationException(
HttpRuntime.FormatResourceString(SR.Auth_rule_names_cant_contain_char, roles[iter][foundIndex].ToString()),
attribute);
}
}
}
}
}
////////////////////////////////////////////////////////////
// Step 7: Make sure that either the "roles" tag or the "users"
// tag was present
if (!fRolesPresent && !fUsersPresent)
{
throw new ConfigurationException(
HttpRuntime.FormatResourceString(SR.Auth_rule_must_specify_users_andor_roles),
child);
}
////////////////////////////////////////////////////////////
// Step 8: Make sure that there were no unrecognized properties
HandlerBase.CheckForUnrecognizedAttributes(child);
////////////////////////////////////////////////////////////
// Step 8b: Move back to the current auth rule node
// ctracy 00.09.26: no longer necessary after migration to .NET XML DOM
//cursor.MoveToParent();
////////////////////////////////////////////////////////////
// Step 9: Add the rule to our list
rules.Add(new AuthorizationConfigRule(allow, verbs, users, roles));
}
_AllRules.InsertRange(0, rules);
Debug.Trace("security", "AuthorizationConfigSettings:: ReadSettings counts:" + _AllRules.Count + " rules " + rules.Count);
}
