public object Create(object parent, object context, XmlNode section) { AuthorizationConfig config = new AuthorizationConfig(parent); if (section.Attributes != null && section.Attributes.Count != 0) { ThrowException("Unrecognized attribute", section); } XmlNodeList authNodes = section.ChildNodes; foreach (XmlNode child in authNodes) { XmlNodeType ntype = child.NodeType; if (ntype != XmlNodeType.Element) { continue; } string childName = child.Name; bool allow = (childName == "allow"); bool deny = (childName == "deny"); if (!allow && !deny) { ThrowException("Element name must be 'allow' or 'deny'.", child); } string users = AttValue("users", child); string roles = AttValue("roles", child); if (users == null && roles == null) { ThrowException("At least 'users' or 'roles' must be present.", child); } string verbs = AttValue("verbs", child); if (child.Attributes != null && child.Attributes.Count != 0) { ThrowException("Unrecognized attribute.", child); } bool added; if (allow) { added = config.Allow(users, roles, verbs); } else { added = config.Deny(users, roles, verbs); } if (!added) { ThrowException("User and role names cannot contain '?' or '*'.", child); } } return(config); }
public object Create (object parent, object context, XmlNode section) { AuthorizationConfig config = new AuthorizationConfig (parent); if (section.Attributes != null && section.Attributes.Count != 0) ThrowException ("Unrecognized attribute", section); XmlNodeList authNodes = section.ChildNodes; foreach (XmlNode child in authNodes) { XmlNodeType ntype = child.NodeType; if (ntype != XmlNodeType.Element) continue; string childName = child.Name; bool allow = (childName == "allow"); bool deny = (childName == "deny"); if (!allow && !deny) ThrowException ("Element name must be 'allow' or 'deny'.", child); string users = AttValue ("users", child); string roles = AttValue ("roles", child); if (users == null && roles == null) ThrowException ("At least 'users' or 'roles' must be present.", child); string verbs = AttValue ("verbs", child); if (child.Attributes != null && child.Attributes.Count != 0) ThrowException ("Unrecognized attribute.", child); bool added; if (allow) added = config.Allow (users, roles, verbs); else added = config.Deny (users, roles, verbs); if (!added) ThrowException ("User and role names cannot contain '?' or '*'.", child); } return config; }
internal AuthorizationConfig (object parent) { this.parent = parent as AuthorizationConfig; }
internal AuthorizationConfig(object parent) { this.parent = parent as AuthorizationConfig; }
////////////////////////////////////////////////////////////////////// // CTor internal AuthorizationConfig(AuthorizationConfig parent, XmlNode node) { Debug.Trace("security", "AuthorizationConfigSettings ctor"); if (parent != null) { _AllRules = (ArrayList)parent._AllRules.Clone(); } else { _AllRules = new ArrayList(); } HandlerBase.CheckForUnrecognizedAttributes(node); ArrayList rules = new ArrayList(); foreach (XmlNode child in node.ChildNodes) { //////////////////////////////////////////////////////////// // Step 1: For each child (Allow / Deny Tag) if (child.NodeType != XmlNodeType.Element) { continue; } bool allow = false; bool fRolesPresent = false; bool fUsersPresent = false; String [] verbs = null; String [] users = null; String [] roles = null; String [] temp = null; XmlNode attribute; //////////////////////////////////////////////////////////// // Step 3: Make sure we have an allow or deny tag allow = (child.Name == _strAllowTag); if (allow == false && (child.Name == _strDenyTag) == false) { throw new ConfigurationException( HttpRuntime.FormatResourceString(SR.Auth_rule_must_have_allow_or_deny), child); } //////////////////////////////////////////////////////////// // Step 4: Get the list of verbs attribute = child.Attributes.RemoveNamedItem(_strVerbTag); if (attribute != null) { temp = attribute.Value.ToLower(CultureInfo.InvariantCulture).Split(_strComma); verbs = TrimStrings(temp); } //////////////////////////////////////////////////////////// // Step 5: Get the list of users attribute = child.Attributes.RemoveNamedItem(_strUsersTag); if (attribute != null && attribute.Value.Length > 0) { //////////////////////////////////////////////////////////// // Step 5a: If the users tag is present and not empty, then // construct an array of user names (string array) fUsersPresent = true; temp = attribute.Value.ToLower(CultureInfo.InvariantCulture).Split(_strComma); users = TrimStrings(temp); //////////////////////////////////////////////////////////// // Step 5b: Make sure that no user name has the char ? or * // embeded in it if (users != null && users.Length > 0) { // For each user name int iNumUsers = users.Length; for (int iter = 0; iter < iNumUsers; iter++) { if (users[iter].Length > 1) // If length is > 1 { if (users[iter].IndexOf('*') >= 0) // Contains '*' { throw new ConfigurationException(HttpRuntime.FormatResourceString(SR.Auth_rule_names_cant_contain_char, "*"), attribute); } if (users[iter].IndexOf('?') >= 0) // Contains '?' { throw new ConfigurationException(HttpRuntime.FormatResourceString(SR.Auth_rule_names_cant_contain_char, "?"), attribute); } } } } } //////////////////////////////////////////////////////////// // Step 6: Get the list of roles attribute = child.Attributes.RemoveNamedItem(_strRolesTag); if (attribute != null && attribute.Value.Length > 0) { //////////////////////////////////////////////////////////// // Step 6a: If the roles tag is present and not empty, then // construct an array of role names (string array) fRolesPresent = true; temp = attribute.Value.Split(_strComma); roles = TrimStrings(temp); //////////////////////////////////////////////////////////// // Step 6b: Make sure that no user name has the char ? or * // embeded in it if (roles != null && roles.Length > 0) { // For each role name int iNumRoles = roles.Length; for (int iter = 0; iter < iNumRoles; iter++) { if (roles[iter].Length > 0) // If length is > 1 { int foundIndex = roles[iter].IndexOfAny(new char [] { '*', '?' }); if (foundIndex >= 0) { throw new ConfigurationException( HttpRuntime.FormatResourceString(SR.Auth_rule_names_cant_contain_char, roles[iter][foundIndex].ToString()), attribute); } } } } } //////////////////////////////////////////////////////////// // Step 7: Make sure that either the "roles" tag or the "users" // tag was present if (!fRolesPresent && !fUsersPresent) { throw new ConfigurationException( HttpRuntime.FormatResourceString(SR.Auth_rule_must_specify_users_andor_roles), child); } //////////////////////////////////////////////////////////// // Step 8: Make sure that there were no unrecognized properties HandlerBase.CheckForUnrecognizedAttributes(child); //////////////////////////////////////////////////////////// // Step 8b: Move back to the current auth rule node // ctracy 00.09.26: no longer necessary after migration to .NET XML DOM //cursor.MoveToParent(); //////////////////////////////////////////////////////////// // Step 9: Add the rule to our list rules.Add(new AuthorizationConfigRule(allow, verbs, users, roles)); } _AllRules.InsertRange(0, rules); Debug.Trace("security", "AuthorizationConfigSettings:: ReadSettings counts:" + _AllRules.Count + " rules " + rules.Count); }