//////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////// // Module Enter: Get the authorization configuration section // and see if this user is allowed or not void OnEnter(Object source, EventArgs eventArgs) { HttpApplication app; HttpContext context; app = (HttpApplication)source; context = app.Context; if (context.SkipAuthorization) { if (context.User.Identity.IsAuthenticated == false) { PerfCounters.IncrementCounter(AppPerfCounter.ANONYMOUS_REQUESTS); } return; } // Get the authorization config object AuthorizationConfig settings = (AuthorizationConfig)context.GetConfig("system.web/authorization"); // Check if the user is allowed, or the request is for the login page if (!settings.IsUserAllowed(context.User, context.Request.RequestType)) { // Deny access context.Response.StatusCode = 401; WriteErrorMessage(context); app.CompleteRequest(); } else { if (context.User.Identity.IsAuthenticated == false) { PerfCounters.IncrementCounter(AppPerfCounter.ANONYMOUS_REQUESTS); } } }
static internal bool RequestRequiresAuthorization(HttpContext context) { if (context.SkipAuthorization) { return(false); } AuthorizationConfig settings = (AuthorizationConfig)context.GetConfig("system.web/authorization"); // Check if the anonymous user is allowed if (_AnonUser == null) { _AnonUser = new GenericPrincipal(new GenericIdentity(String.Empty, String.Empty), new String[0]); } return(settings.IsUserAllowed(_AnonUser, context.Request.RequestType)); }