Programmatically determine if path is restricted

Question

I am creating an HttpModule in ASP.NET 2. The module needs to perform a different logic based on whether or not the requested path is public or protected. The web.config sets authorization with the <system.web><authorization> tag and several <location> tags.

Is there a way for the HttpModule to figure out if the path of the current request is protected or not? I don't want to hard code the values in the code.

Answer 1

There's no direct way to look at a filesystem entry and get your effective permissions on it. And computing the effective permission set on a file or directory is...complicated (that would be a polite way of putting it).

Seems like that would be a fairly obvious piece of information that the System.IO classes ought to provide, but evidently the CLR team didn't think so. I think part of the problem is the inherent race condition. The permissions on a given object are dynamic and could conceivably change at any time. They could even change between your permissions check and the actual accessing of the object, resulting in an exception being raised.

These questions have some help:

• Effective file permissions tool's api in windows
• how can you easily check if access is denied for a file in .NET?

The easiest way is to demand the permissions you want, catch the exception if you don't have them and use that to return a bool yes/no value:

// you'll need access to the namespace namespace System.Security.Permissions
public bool HasAccess( string path , FileIOPermissionAccess accessDesired )
{
  bool isGranted ;

  try
  {
    FileIOPermission permission = new FileIOPermission( accessDesired , path ) ;

    permission.Demand() ;

    isGranted = true ;

  }
  catch
  {
    isGranted = false ;
  }

  return isGranted ;
}

Answer 2

If your using standard authentication/authorization then you can use CheckUrlAccessForPrincipal.

UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtualPath, user, verb);