public override SiteMapNode FindSiteMapNode(string rawUrl)
{
if (rawUrl == null)
{
throw new ArgumentNullException("rawUrl");
}
if (rawUrl == String.Empty)
{
return(null);
}
BuildSiteMap();
SiteMapNode node;
if (VirtualPathUtility.IsAppRelative(rawUrl))
{
rawUrl = VirtualPathUtility.ToAbsolute(rawUrl, HttpRuntime.AppDomainAppVirtualPath, false);
}
if (!urlToNode.TryGetValue(rawUrl, out node))
{
return(null);
}
return(CheckAccessibility(node));
}
void RewritePath(string filePath, string pathInfo, string queryString, bool setClientFilePath)
{
if (filePath == null)
{
throw new ArgumentNullException("filePath");
}
if (!VirtualPathUtility.IsValidVirtualPath(filePath))
{
throw new HttpException("'" + HttpUtility.HtmlEncode(filePath) + "' is not a valid virtual path.");
}
bool pathRelative = VirtualPathUtility.IsAppRelative(filePath);
bool pathAbsolute = pathRelative ? false : VirtualPathUtility.IsAbsolute(filePath);
HttpRequest req = Request;
if (req == null)
{
return;
}
if (pathRelative || pathAbsolute)
{
if (pathRelative)
{
filePath = VirtualPathUtility.ToAbsolute(filePath);
}
else
{
filePath = filePath;
}
}
else
{
filePath = VirtualPathUtility.AppendTrailingSlash(req.BaseVirtualDir) + filePath;
}
if (!StrUtils.StartsWith(filePath, HttpRuntime.AppDomainAppVirtualPath))
{
throw new HttpException(404, "The virtual path '" + HttpUtility.HtmlEncode(filePath) + "' maps to another application.", filePath);
}
req.SetCurrentExePath(filePath);
req.SetFilePath(filePath);
if (setClientFilePath)
{
req.ClientFilePath = filePath;
}
// A null pathInfo or queryString is ignored and previous values remain untouched
if (pathInfo != null)
{
req.SetPathInfo(pathInfo);
}
if (queryString != null)
{
req.QueryStringRaw = queryString;
}
}
public void IsAppRelative()
{
Assert.IsTrue(VPU.IsAppRelative("~"), "A0");
Assert.IsTrue(VPU.IsAppRelative("~/Stuff"), "A1");
Assert.IsFalse(VPU.IsAppRelative("./Stuff"), "A2");
Assert.IsFalse(VPU.IsAppRelative("/Stuff"), "A3");
Assert.IsFalse(VPU.IsAppRelative("/"), "A4");
Assert.IsFalse(VPU.IsAppRelative("~Stuff"), "A5");
Assert.IsTrue(VPU.IsAppRelative("~"), "A0");
Assert.IsTrue(VPU.IsAppRelative("~\\Stuff"), "A1");
Assert.IsFalse(VPU.IsAppRelative(".\\Stuff"), "A2");
Assert.IsFalse(VPU.IsAppRelative("\\Stuff"), "A3");
Assert.IsFalse(VPU.IsAppRelative("\\"), "A4");
Assert.IsFalse(VPU.IsAppRelative("~Stuff"), "A5");
}
internal string MapUrl(string url)
{
if (String.IsNullOrEmpty(url))
{
return(url);
}
string appVPath = HttpRuntime.AppDomainAppVirtualPath;
if (String.IsNullOrEmpty(appVPath))
{
appVPath = "/";
}
if (VirtualPathUtility.IsAppRelative(url))
{
return(VirtualPathUtility.ToAbsolute(url, appVPath, true));
}
else
{
return(VirtualPathUtility.ToAbsolute(UrlUtils.Combine(appVPath, url), appVPath, true));
}
}
public VirtualPath(string vpath, string physicalPath, bool isFake)
{
IsRooted = VirtualPathUtility.IsRooted(vpath);
IsAbsolute = VirtualPathUtility.IsAbsolute(vpath);
IsAppRelative = VirtualPathUtility.IsAppRelative(vpath);
if (isFake)
{
if (String.IsNullOrEmpty(physicalPath))
{
throw new ArgumentException("physicalPath");
}
_physicalPath = physicalPath;
Original = "~/" + Path.GetFileName(_physicalPath);
IsFake = true;
}
else
{
Original = vpath;
IsFake = false;
}
}
public virtual bool IsAccessibleToUser(HttpContext context, SiteMapNode node)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
if (node == null)
{
throw new ArgumentNullException("node");
}
if (!SecurityTrimmingEnabled)
{
return(true);
}
/* The node is accessible (according to msdn2) if:
*
* 1. The Roles exists on node and the current user is in at least one of the specified roles.
*
* 2. The current thread has an associated WindowsIdentity that has file access to the requested URL and
* the URL is located within the directory structure for the application.
*
* 3. The current user is authorized specifically for the requested URL in the authorization element for
* the current application and the URL is located within the directory structure for the application.
*/
/* 1. */
IList roles = node.Roles;
if (roles != null && roles.Count > 0)
{
foreach (string rolename in roles)
{
if (rolename == "*" || context.User.IsInRole(rolename))
{
return(true);
}
}
}
/* 2. */
/* XXX */
/* 3. */
string url = node.Url;
if (!String.IsNullOrEmpty(url))
{
// TODO check url is located within the current application
if (VirtualPathUtility.IsAppRelative(url) || !VirtualPathUtility.IsAbsolute(url))
{
url = VirtualPathUtility.Combine(VirtualPathUtility.AppendTrailingSlash(HttpRuntime.AppDomainAppVirtualPath), url);
}
AuthorizationSection config = (AuthorizationSection)WebConfigurationManager.GetSection(
"system.web/authorization",
url);
if (config != null)
{
return(config.IsValidUser(context.User, context.Request.HttpMethod));
}
}
return(false);
}
public void IsAppRelative_ArgException2()
{
Assert.IsFalse(VPU.IsAppRelative(null), "A1");
}
public void IsAppRelative_ArgException1()
{
Assert.IsFalse(VPU.IsAppRelative(""), "A1");
}
