如何测试虚拟目录的用户权限?
Jam*_*uth 9 c# security iis virtual-directory
在HttpModule中,在url重写之后,我正在使用以下方法测试对应用程序中的虚拟路径的用户权限:
// Since we are now rewriting the path we need to check again that the
// current user has access to the rewritten path.
// Get the user for the current request
// If the user is anonymous or authentication doesn't work for this suffix
// avoid a NullReferenceException in the UrlAuthorizationModule by creating
// a generic identity.
string virtualCachedPath = cache.GetVirtualCachedPath();
IPrincipal user = context.User ?? new GenericPrincipal(
new GenericIdentity(string.Empty, string.Empty), new string[0]);
// Do we have permission to call
// UrlAuthorizationModule.CheckUrlAccessForPrincipal?
PermissionSet permission = new PermissionSet(PermissionState.None);
permission.AddPermission(
new AspNetHostingPermission(AspNetHostingPermissionLevel.Unrestricted));
bool hasPermission =
permission.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet);
bool isAllowed = true;
// Run the rewritten path past the auth system again, using the result as
// the default "AllowAccess" value
if (hasPermission && !context.SkipAuthorization)
{
isAllowed = UrlAuthorizationModule.CheckUrlAccessForPrincipal(
virtualCachedPath, user, "GET");
}
virtualCachedPath任何虚拟路径在哪里,例如~/app_data/cache位于应用程序的根目录.
但是,ArgumentException如果针对外部虚拟目录进行测试,则会抛出一个.
[ArgumentException:不支持当前应用程序之外的虚拟路径.参数名称:virtualPath]
例如
检查用户对虚拟目录的权限的正确方法是什么?
当传递到的路径是相对 URL 格式的路径(“~/PATH”)时,我能够成功使用该UrlAuthorizationModule.CheckUrlAccessForPrincipal方法来检查对驻留在外部目录(映射为虚拟目录)中的文件的访问CheckUrlAccessForPrincipal。相反,如果我使用文件系统约定(“C:\ PATH \”)传递物理路径,我会得到ArgumentException您所描述的内容。
所以我怀疑这virtualCachedPath实际上可能是文件系统格式的路径,至少在引发异常的情况下是这样。我建议您在应用程序中实现日志记录,以便您可以仔细检查virtualCachedPath引发异常时的值:
try
{
isAllowed = UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtualCachedPath, user, "GET");
}
catch (ArgumentException ex)
{
Trace.TraceInformation("VirtualCachedPath: {0}", virtualCachedPath);
throw;
}
| 归档时间: |
|
| 查看次数: |
712 次 |
| 最近记录: |