/// <devdoc>
/// Validates that the WebResource.axd handler is registered in config and actually
/// points to the correct handler type.
/// </devdoc>
private static void EnsureHandlerExistenceChecked()
{
// First we have to check that the handler is registered:
// <add path="WebResource.axd" verb="GET" type="System.Web.Handlers.AssemblyResourceLoader" validate="True" />
if (!_handlerExistenceChecked)
{
HttpContext context = HttpContext.Current;
IIS7WorkerRequest iis7WorkerRequest = (context != null) ? context.WorkerRequest as IIS7WorkerRequest : null;
string webResourcePath = UrlPath.Combine(HttpRuntime.AppDomainAppVirtualPathString, _webResourceUrl);
if (iis7WorkerRequest != null)
{
// check the IIS <handlers> section by mapping the handler
string handlerTypeString = iis7WorkerRequest.MapHandlerAndGetHandlerTypeString(method: "GET",
path: UrlPath.Combine(HttpRuntime.AppDomainAppVirtualPathString, _webResourceUrl),
convertNativeStaticFileModule: false, ignoreWildcardMappings: true);
if (!String.IsNullOrEmpty(handlerTypeString))
{
_handlerExists = (typeof(AssemblyResourceLoader) == BuildManager.GetType(handlerTypeString, true /*throwOnFail*/, false /*ignoreCase*/));
}
}
else
{
// check the <httpHandlers> section
HttpHandlerAction httpHandler = RuntimeConfig.GetConfig(VirtualPath.Create(webResourcePath)).HttpHandlers.FindMapping("GET", VirtualPath.Create(_webResourceUrl));
_handlerExists = (httpHandler != null) && (httpHandler.TypeInternal == typeof(AssemblyResourceLoader));
}
_handlerExistenceChecked = true;
}
}
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
// Module Enter: Get the authorization configuration section
// and see if this user is allowed or not
void OnEnter(Object source, EventArgs eventArgs)
{
HttpApplication app;
HttpContext context;
app = (HttpApplication)source;
context = app.Context;
if (context.SkipAuthorization)
{
if (context.User == null || !context.User.Identity.IsAuthenticated)
{
PerfCounters.IncrementCounter(AppPerfCounter.ANONYMOUS_REQUESTS);
}
return;
}
// Get the authorization config object
AuthorizationSection settings = RuntimeConfig.GetConfig(context).Authorization;
// Check if the user is allowed, or the request is for the login page
if (!settings.EveryoneAllowed && !settings.IsUserAllowed(context.User, context.Request.RequestType))
{
ReportUrlAuthorizationFailure(context, this);
}
else
{
if (context.User == null || !context.User.Identity.IsAuthenticated)
{
PerfCounters.IncrementCounter(AppPerfCounter.ANONYMOUS_REQUESTS);
}
WebBaseEvent.RaiseSystemEvent(this, WebEventCodes.AuditUrlAuthorizationSuccess);
}
}
public static bool CheckUrlAccessForPrincipal(string virtualPath, IPrincipal user, string verb)
{
if (virtualPath == null)
{
throw new ArgumentNullException("virtualPath");
}
if (user == null)
{
throw new ArgumentNullException("user");
}
if (verb == null)
{
throw new ArgumentNullException("verb");
}
verb = verb.Trim();
VirtualPath path = VirtualPath.Create(virtualPath);
if (!path.IsWithinAppRoot)
{
throw new ArgumentException(System.Web.SR.GetString("Virtual_path_outside_application_not_supported"), "virtualPath");
}
if (!s_EnabledDetermined)
{
if (!HttpRuntime.UseIntegratedPipeline)
{
HttpModulesSection httpModules = RuntimeConfig.GetConfig().HttpModules;
int count = httpModules.Modules.Count;
for (int i = 0; i < count; i++)
{
HttpModuleAction action = httpModules.Modules[i];
if (Type.GetType(action.Type, false) == typeof(UrlAuthorizationModule))
{
s_Enabled = true;
break;
}
}
}
else
{
foreach (ModuleConfigurationInfo info in HttpApplication.IntegratedModuleList)
{
if (Type.GetType(info.Type, false) == typeof(UrlAuthorizationModule))
{
s_Enabled = true;
break;
}
}
}
s_EnabledDetermined = true;
}
if (s_Enabled)
{
AuthorizationSection authorization = RuntimeConfig.GetConfig(path).Authorization;
if (!authorization.EveryoneAllowed)
{
return(authorization.IsUserAllowed(user, verb));
}
}
return(true);
}
private void OnEnter(object source, EventArgs eventArgs)
{
HttpApplication application = (HttpApplication)source;
HttpContext context = application.Context;
if (context.SkipAuthorization)
{
if ((context.User == null) || !context.User.Identity.IsAuthenticated)
{
PerfCounters.IncrementCounter(AppPerfCounter.ANONYMOUS_REQUESTS);
}
}
else
{
AuthorizationSection authorization = RuntimeConfig.GetConfig(context).Authorization;
if (!authorization.EveryoneAllowed && !authorization.IsUserAllowed(context.User, context.Request.RequestType))
{
ReportUrlAuthorizationFailure(context, this);
}
else
{
if ((context.User == null) || !context.User.Identity.IsAuthenticated)
{
PerfCounters.IncrementCounter(AppPerfCounter.ANONYMOUS_REQUESTS);
}
WebBaseEvent.RaiseSystemEvent(this, 0xfa3);
}
}
}
internal static CompilationSection GetCompilationConfig()
{
if (!UseMTConfig)
{
return(RuntimeConfig.GetConfig().Compilation);
}
return(GetConfig <CompilationSection>());
}
internal static PagesSection GetPagesConfig(HttpContext context)
{
if (!UseMTConfig)
{
return(RuntimeConfig.GetConfig(context).Pages);
}
return(GetConfig <PagesSection>(context));
}
internal static CompilationSection GetCompilationConfig(VirtualPath vpath)
{
if (!UseMTConfig)
{
return(RuntimeConfig.GetConfig(vpath).Compilation);
}
return(GetConfig <CompilationSection>(vpath));
}
internal static PagesSection GetPagesConfig(VirtualPath vpath)
{
if (!UseMTConfig)
{
return(RuntimeConfig.GetConfig(vpath).Pages);
}
return(GetConfig <PagesSection>(vpath));
}
// Counterpart for RuntimeConfig.GetConfig(string).Compilation
static internal CompilationSection GetCompilationConfig(string vpath)
{
if (!UseMTConfig)
{
return(RuntimeConfig.GetConfig(vpath).Compilation);
}
return(GetConfig <CompilationSection>(vpath));
}
internal static PagesSection GetPagesConfig()
{
if (!UseMTConfig)
{
return(RuntimeConfig.GetConfig().Pages);
}
return(GetConfig <PagesSection>());
}
// Counterpart for RuntimeConfig.GetConfig(string).Pages
static internal PagesSection GetPagesConfig(string vpath)
{
if (!UseMTConfig)
{
return(RuntimeConfig.GetConfig(vpath).Pages);
}
return(GetConfig <PagesSection>(vpath));
}
internal static CompilationSection GetCompilationConfig(HttpContext context)
{
if (!UseMTConfig)
{
return(RuntimeConfig.GetConfig(context).Compilation);
}
return(GetConfig <CompilationSection>(context));
}
/// <devdoc>
/// To be supplied.
/// </devdoc>
public override void Save()
{
bool requiresControlStateInSession = false;
object clientData = null;
Triplet vsTrip = ViewState as Triplet;
// no session view state to store.
if ((ControlState != null) ||
((vsTrip == null || vsTrip.Second != null || vsTrip.Third != null) && ViewState != null))
{
HttpSessionState session = Page.Session;
string sessionViewStateID = Convert.ToString(DateTime.Now.Ticks, 16);
object state = null;
requiresControlStateInSession = Page.Request.Browser.RequiresControlStateInSession;
if (requiresControlStateInSession)
{
// ClientState will just be sessionID
state = new Pair(ViewState, ControlState);
clientData = sessionViewStateID;
}
else
{
// ClientState will be a <sessionID, ControlState>
state = ViewState;
clientData = new Pair(sessionViewStateID, ControlState);
}
string sessionKey = _viewStateSessionKey + sessionViewStateID;
session[sessionKey] = state;
Queue queue = session[_viewStateQueueKey] as Queue;
if (queue == null)
{
queue = new Queue();
session[_viewStateQueueKey] = queue;
}
queue.Enqueue(sessionKey);
SessionPageStateSection cfg = RuntimeConfig.GetConfig(Page.Request.Context).SessionPageState;
int queueCount = queue.Count;
if (cfg != null && queueCount > cfg.HistorySize ||
cfg == null && queueCount > SessionPageStateSection.DefaultHistorySize)
{
string oldSessionKey = (string)queue.Dequeue();
session.Remove(oldSessionKey);
}
}
if (clientData != null)
{
Page.ClientState = Util.SerializeWithAssert(StateFormatter2, new Pair(requiresControlStateInSession, clientData), Purpose.WebForms_SessionPageStatePersister_ClientState);
}
}
public void Init(HttpApplication application)
{
UrlMappingsSection urlMappings = RuntimeConfig.GetConfig().UrlMappings;
if (urlMappings.IsEnabled && (urlMappings.UrlMappings.Count > 0))
{
application.BeginRequest += new EventHandler(this.OnEnter);
}
}
// Sets the thread's CurrentCulture and CurrentUICulture to those associated
// with the current HttpContext. We do this since the culture of a request can
// change over its lifetime and isn't necessarily the default for the AppDomain,
// e.g. if the culture was read from the request headers.
private void SetRequestLevelCulture()
{
CultureInfo culture = null;
CultureInfo uiculture = null;
GlobalizationSection globConfig = RuntimeConfig.GetConfig(HttpContext).Globalization;
if (!String.IsNullOrEmpty(globConfig.Culture))
{
culture = HttpContext.CultureFromConfig(globConfig.Culture, true);
}
if (!String.IsNullOrEmpty(globConfig.UICulture))
{
uiculture = HttpContext.CultureFromConfig(globConfig.UICulture, false);
}
if (HttpContext.DynamicCulture != null)
{
culture = HttpContext.DynamicCulture;
}
if (HttpContext.DynamicUICulture != null)
{
uiculture = HttpContext.DynamicUICulture;
}
// Page also could have its own culture settings
Page page = HttpContext.CurrentHandler as Page;
if (page != null)
{
if (page.DynamicCulture != null)
{
culture = page.DynamicCulture;
}
if (page.DynamicUICulture != null)
{
uiculture = page.DynamicUICulture;
}
}
_originalThreadCurrentCulture = Thread.CurrentThread.CurrentCulture;
_originalThreadCurrentUICulture = Thread.CurrentThread.CurrentUICulture;
if (culture != null && culture != Thread.CurrentThread.CurrentCulture)
{
HttpRuntime.SetCurrentThreadCultureWithAssert(culture);
}
if (uiculture != null && uiculture != Thread.CurrentThread.CurrentUICulture)
{
Thread.CurrentThread.CurrentUICulture = uiculture;
}
}
internal static bool IsUserAllowedToPath(HttpContext context, VirtualPath virtualPath)
{
AuthorizationSection authorization = RuntimeConfig.GetConfig(context, virtualPath).Authorization;
if (!authorization.EveryoneAllowed)
{
return(authorization.IsUserAllowed(context.User, context.Request.RequestType));
}
return(true);
}
internal static Encoding GetEncodingFromConfigPath(VirtualPath configPath)
{
Encoding fileEncoding = null;
fileEncoding = RuntimeConfig.GetConfig(configPath).Globalization.FileEncoding;
if (fileEncoding == null)
{
fileEncoding = Encoding.Default;
}
return(fileEncoding);
}
private void SetDefaultsFromConfig()
{
HttpCookiesSection httpCookies = RuntimeConfig.GetConfig().HttpCookies;
this._secure = httpCookies.RequireSSL;
this._httpOnly = httpCookies.HttpOnlyCookies;
if ((httpCookies.Domain != null) && (httpCookies.Domain.Length > 0))
{
this._domain = httpCookies.Domain;
}
}
/// <internalonly/>
/// <devdoc>
/// </devdoc>
protected internal override void RenderChildren(HtmlTextWriter writer)
{
// We need to register the script here since other controls might register
// for focus during PreRender
Page page = Page;
if (page != null)
{
page.OnFormRender();
page.BeginFormRender(writer, UniqueID);
}
// DevDiv Bugs 154630: move custom hidden fields to the begining of the form
HttpWriter httpWriter = writer.InnerWriter as HttpWriter;
if (page != null && httpWriter != null && RuntimeConfig.GetConfig(Context).Pages.RenderAllHiddenFieldsAtTopOfForm)
{
// If the response is flushed or cleared during render, we won't be able
// to move the hidden fields. Set HasBeenClearedRecently to false and
// then check again when we're ready to move the fields.
httpWriter.HasBeenClearedRecently = false;
// Remember the index where the form begins
int formBeginIndex = httpWriter.GetResponseBufferCountAfterFlush();
base.RenderChildren(writer);
// Remember the index where the custom hidden fields begin
int fieldsBeginIndex = httpWriter.GetResponseBufferCountAfterFlush();
page.EndFormRenderHiddenFields(writer, UniqueID);
// we can only move the hidden fields if the response has not been flushed or cleared
if (!httpWriter.HasBeenClearedRecently)
{
int fieldsEndIndex = httpWriter.GetResponseBufferCountAfterFlush();
httpWriter.MoveResponseBufferRangeForward(fieldsBeginIndex, fieldsEndIndex - fieldsBeginIndex, formBeginIndex);
}
page.EndFormRenderArrayAndExpandoAttribute(writer, UniqueID);
page.EndFormRenderPostBackAndWebFormsScript(writer, UniqueID);
page.OnFormPostRender(writer);
}
else
{
base.RenderChildren(writer);
if (page != null)
{
page.EndFormRender(writer, UniqueID);
page.OnFormPostRender(writer);
}
}
}
public virtual IDictionary DetermineUserCapabilities(WebPartManager webPartManager)
{
if (webPartManager == null)
{
throw new ArgumentNullException("webPartManager");
}
Page page = webPartManager.Page;
if (page == null)
{
throw new ArgumentException(System.Web.SR.GetString("PropertyCannotBeNull", new object[] { "Page" }), "webPartManager");
}
HttpRequest requestInternal = page.RequestInternal;
if (requestInternal == null)
{
throw new ArgumentException(System.Web.SR.GetString("PropertyCannotBeNull", new object[] { "Page.Request" }), "webPartManager");
}
IPrincipal user = null;
if (requestInternal.IsAuthenticated)
{
user = page.User;
}
if (user != null)
{
if (this._supportedUserCapabilities == null)
{
this._supportedUserCapabilities = this.CreateSupportedUserCapabilities();
}
if ((this._supportedUserCapabilities != null) && (this._supportedUserCapabilities.Count != 0))
{
WebPartsSection webParts = RuntimeConfig.GetConfig().WebParts;
if (webParts != null)
{
WebPartsPersonalizationAuthorization authorization = webParts.Personalization.Authorization;
if (authorization != null)
{
IDictionary dictionary = new HybridDictionary();
foreach (WebPartUserCapability capability in this._supportedUserCapabilities)
{
if (authorization.IsUserAllowed(user, capability.Name))
{
dictionary[capability] = capability;
}
}
return(dictionary);
}
}
}
}
return(new HybridDictionary());
}
private void SetDefaultsFromConfig()
{
HttpCookiesSection config = RuntimeConfig.GetConfig().HttpCookies;
_secure = config.RequireSSL;
_httpOnly = config.HttpOnlyCookies;
if (config.Domain != null && config.Domain.Length > 0)
{
_domain = config.Domain;
}
}
public void Init(HttpApplication application)
{
bool urlMappingsEnabled = false;
UrlMappingsSection urlMappings = RuntimeConfig.GetConfig().UrlMappings;
urlMappingsEnabled = urlMappings.IsEnabled && (urlMappings.UrlMappings.Count > 0);
if (urlMappingsEnabled)
{
application.BeginRequest += new EventHandler(OnEnter);
}
}
internal static bool RequestRequiresAuthorization(HttpContext context)
{
if (context.SkipAuthorization)
{
return(false);
}
AuthorizationSection authorization = RuntimeConfig.GetConfig(context).Authorization;
if (_AnonUser == null)
{
_AnonUser = new GenericPrincipal(new GenericIdentity(string.Empty, string.Empty), new string[0]);
}
return(!authorization.IsUserAllowed(_AnonUser, context.Request.RequestType));
}
public void Init(HttpApplication app)
{
bool flag = false;
SessionStateSection sessionState = RuntimeConfig.GetAppConfig().SessionState;
if (!this.s_oneTimeInit)
{
s_lock.AcquireWriterLock();
try
{
if (!this.s_oneTimeInit)
{
this.InitModuleFromConfig(app, sessionState);
flag = true;
if (!CheckTrustLevel(sessionState))
{
s_trustLevelInsufficient = true;
}
s_timeout = (int)sessionState.Timeout.TotalMinutes;
s_useHostingIdentity = sessionState.UseHostingIdentity;
if ((sessionState.Mode == SessionStateMode.InProc) && this._usingAspnetSessionIdManager)
{
s_allowInProcOptimization = true;
}
if (((sessionState.Mode != SessionStateMode.Custom) && (sessionState.Mode != SessionStateMode.Off)) && !sessionState.RegenerateExpiredSessionId)
{
s_allowDelayedStateStoreItemCreation = true;
}
s_configExecutionTimeout = RuntimeConfig.GetConfig().HttpRuntime.ExecutionTimeout;
s_configRegenerateExpiredSessionId = sessionState.RegenerateExpiredSessionId;
s_configCookieless = sessionState.Cookieless;
s_configMode = sessionState.Mode;
this.s_oneTimeInit = true;
}
}
finally
{
s_lock.ReleaseWriterLock();
}
}
if (!flag)
{
this.InitModuleFromConfig(app, sessionState);
}
if (s_trustLevelInsufficient)
{
throw new HttpException(System.Web.SR.GetString("Session_state_need_higher_trust"));
}
}
static internal bool RequestRequiresAuthorization(HttpContext context)
{
if (context.SkipAuthorization)
{
return(false);
}
AuthorizationSection settings = RuntimeConfig.GetConfig(context).Authorization;
// Check if the anonymous user is allowed
if (_AnonUser == null)
{
_AnonUser = new GenericPrincipal(new GenericIdentity(String.Empty, String.Empty), new String[0]);
}
return(!settings.IsUserAllowed(_AnonUser, context.Request.RequestType));
}
public void SaveAs(string filename)
{
if (!Path.IsPathRooted(filename) && RuntimeConfig.GetConfig().HttpRuntime.RequireRootedSaveAsPath)
{
throw new HttpException(System.Web.SR.GetString("SaveAs_requires_rooted_path", new object[] { filename }));
}
FileStream s = new FileStream(filename, FileMode.Create);
try
{
this._stream.WriteTo(s);
s.Flush();
}
finally
{
s.Close();
}
}
public override void Save()
{
bool x = false;
object y = null;
Triplet viewState = base.ViewState as Triplet;
if ((base.ControlState != null) || ((((viewState == null) || (viewState.Second != null)) || (viewState.Third != null)) && (base.ViewState != null)))
{
HttpSessionState session = base.Page.Session;
string str = Convert.ToString(DateTime.Now.Ticks, 0x10);
object obj3 = null;
x = base.Page.Request.Browser.RequiresControlStateInSession;
if (x)
{
obj3 = new Pair(base.ViewState, base.ControlState);
y = str;
}
else
{
obj3 = base.ViewState;
y = new Pair(str, base.ControlState);
}
string str2 = "__SESSIONVIEWSTATE" + str;
session[str2] = obj3;
Queue queue = session["__VIEWSTATEQUEUE"] as Queue;
if (queue == null)
{
queue = new Queue();
session["__VIEWSTATEQUEUE"] = queue;
}
queue.Enqueue(str2);
SessionPageStateSection sessionPageState = RuntimeConfig.GetConfig(base.Page.Request.Context).SessionPageState;
int count = queue.Count;
if (((sessionPageState != null) && (count > sessionPageState.HistorySize)) || ((sessionPageState == null) && (count > 9)))
{
string name = (string)queue.Dequeue();
session.Remove(name);
}
}
if (y != null)
{
base.Page.ClientState = Util.SerializeWithAssert(base.StateFormatter, new Pair(x, y));
}
}
internal HttpBufferlessInputStream(HttpContext context, bool persistEntityBody, bool disableMaxRequestLength)
{
_context = context;
_persistEntityBody = persistEntityBody;
_disableMaxRequestLength = disableMaxRequestLength;
// Check max-request-length for preloaded content
HttpRuntimeSection section = RuntimeConfig.GetConfig(_context).HttpRuntime;
_maxRequestLength = section.MaxRequestLengthBytes;
_fileThreshold = section.RequestLengthDiskThresholdBytes;
if (_persistEntityBody)
{
_rawContent = new HttpRawUploadedContent(_fileThreshold, _context.Request.ContentLength);
}
int contentLength = _context.Request.ContentLength;
_remainingBytes = (contentLength > 0) ? contentLength : Int32.MaxValue;
_length = contentLength;
}
/*
* Save into file
*/
/// <devdoc>
/// <para>
/// Initiates a utility method to save an uploaded file to disk.
/// </para>
/// </devdoc>
public void SaveAs(String filename)
{
// VSWhidbey 82855
if (!Path.IsPathRooted(filename))
{
HttpRuntimeSection config = RuntimeConfig.GetConfig().HttpRuntime;
if (config.RequireRootedSaveAsPath)
{
throw new HttpException(SR.GetString(SR.SaveAs_requires_rooted_path, filename));
}
}
FileStream f = new FileStream(filename, FileMode.Create);
try {
_stream.WriteTo(f);
f.Flush();
}
finally {
f.Close();
}
}
private static void EnsureHandlerExistenceChecked()
{
if (!_handlerExistenceChecked)
{
HttpContext current = HttpContext.Current;
IIS7WorkerRequest request = (current != null) ? (current.WorkerRequest as IIS7WorkerRequest) : null;
string path = UrlPath.Combine(HttpRuntime.AppDomainAppVirtualPathString, "WebResource.axd");
if (request != null)
{
string str2 = request.MapHandlerAndGetHandlerTypeString("GET", path, false);
if (!string.IsNullOrEmpty(str2))
{
_handlerExists = typeof(AssemblyResourceLoader) == BuildManager.GetType(str2, true, false);
}
}
else
{
HttpHandlerAction action = RuntimeConfig.GetConfig(VirtualPath.Create(path)).HttpHandlers.FindMapping("GET", VirtualPath.Create("WebResource.axd"));
_handlerExists = (action != null) && (action.TypeInternal == typeof(AssemblyResourceLoader));
}
_handlerExistenceChecked = true;
}
}
