////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////
// Module Enter: Get the authorization configuration section
// and see if this user is allowed or not
void OnEnter(Object source, EventArgs eventArgs)
{
HttpApplication app;
HttpContext context;
app = (HttpApplication)source;
context = app.Context;
if (context.SkipAuthorization)
{
if (context.User.Identity.IsAuthenticated == false)
{
PerfCounters.IncrementCounter(AppPerfCounter.ANONYMOUS_REQUESTS);
}
return;
}
// Get the authorization config object
AuthorizationConfig settings = (AuthorizationConfig)context.GetConfig("system.web/authorization");
// Check if the user is allowed, or the request is for the login page
if (!settings.IsUserAllowed(context.User, context.Request.RequestType))
{
// Deny access
context.Response.StatusCode = 401;
WriteErrorMessage(context);
app.CompleteRequest();
}
else
{
if (context.User.Identity.IsAuthenticated == false)
{
PerfCounters.IncrementCounter(AppPerfCounter.ANONYMOUS_REQUESTS);
}
}
}
static internal bool RequestRequiresAuthorization(HttpContext context)
{
if (context.SkipAuthorization)
{
return(false);
}
AuthorizationConfig settings = (AuthorizationConfig)context.GetConfig("system.web/authorization");
// Check if the anonymous user is allowed
if (_AnonUser == null)
{
_AnonUser = new GenericPrincipal(new GenericIdentity(String.Empty, String.Empty), new String[0]);
}
return(settings.IsUserAllowed(_AnonUser, context.Request.RequestType));
}
