/// <summary>
/// Determines if the request is authorized by objects implementing
/// <see cref="IRequestAuthorizationHandler" />.
/// </summary>
/// <returns>
/// Returns zero if unauthorized, a value greater than zero if
/// authorized otherwise a value less than zero if no handlers
/// were available to answer.
/// </returns>
private static int IsAuthorized(HttpContext context)
{
Debug.Assert(context != null);
int authorized = /* uninitialized */ -1;
IEnumerator authorizationHandlers = GetAuthorizationHandlers(context).GetEnumerator();
while (authorized != 0 && authorizationHandlers.MoveNext())
{
IRequestAuthorizationHandler authorizationHandler = (IRequestAuthorizationHandler)authorizationHandlers.Current;
authorized = authorizationHandler.Authorize(context) ? 1 : 0;
}
return(authorized);
}
private static IList <IRequestAuthorizationHandler> GetAuthorizationHandlers(HttpContext context)
{
Debug.Assert(context != null);
object key = _authorizationHandlersKey;
IList <IRequestAuthorizationHandler> handlers = (IList <IRequestAuthorizationHandler>)context.Items[key];
if (handlers == null)
{
const int capacity = 4;
List <IRequestAuthorizationHandler> list = new List <IRequestAuthorizationHandler>(capacity);
HttpApplication application = context.ApplicationInstance;
IRequestAuthorizationHandler appReqHandler = application as IRequestAuthorizationHandler;
if (appReqHandler != null)
{
list.Add(appReqHandler);
}
foreach (IHttpModule module in HttpModuleRegistry.GetModules(application))
{
IRequestAuthorizationHandler modReqHander = module as IRequestAuthorizationHandler;
if (modReqHander != null)
{
list.Add(modReqHander);
}
}
if (list != null)
{
context.Items[key] = handlers = list.AsReadOnly();
}
}
return(handlers);
}
public AuthorizationPipelineBehavior(IRequestAuthorizationHandler <TRequest> authorizationHandler)
{
_authorizationHandler = authorizationHandler;
}
