-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
Copy pathDefaultHttpHandler.cs
130 lines (102 loc) · 4.98 KB
/
DefaultHttpHandler.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
//------------------------------------------------------------------------------
// <copyright file="DefaultHttpHandler.cs" company="Microsoft">
// Copyright (c) Microsoft Corporation. All rights reserved.
// </copyright>
//------------------------------------------------------------------------------
namespace System.Web {
using System;
using System.Collections;
using System.Collections.Specialized;
using System.Globalization;
using System.Text;
using System.Web.Util;
using System.Security.Permissions;
public class DefaultHttpHandler : IHttpAsyncHandler {
private HttpContext _context;
private NameValueCollection _executeUrlHeaders;
public DefaultHttpHandler() {
}
protected HttpContext Context {
get { return _context; }
}
// headers to provide to execute url
protected NameValueCollection ExecuteUrlHeaders {
get {
if (_executeUrlHeaders == null && _context != null) {
_executeUrlHeaders = new NameValueCollection(_context.Request.Headers);
}
return _executeUrlHeaders;
}
}
// called when we know a precondition for calling
// execute URL has been violated
public virtual void OnExecuteUrlPreconditionFailure() {
// do nothing - the derived class might throw
}
// add a virtual method that provides the request target for the EXECUTE_URL call
// if return null, the default calls EXECUTE_URL for the default target
public virtual String OverrideExecuteUrlPath() {
return null;
}
internal static bool IsClassicAspRequest(String filePath) {
return StringUtil.StringEndsWithIgnoreCase(filePath, ".asp");
}
[FileIOPermission(SecurityAction.Assert, Unrestricted = true)]
private static string MapPathWithAssert(HttpContext context, string virtualPath) {
return context.Request.MapPath(virtualPath);
}
public virtual IAsyncResult BeginProcessRequest(HttpContext context, AsyncCallback callback, Object state) {
// DDB 168193: DefaultHttpHandler is obsolate in integrated mode
if (HttpRuntime.UseIntegratedPipeline) {
throw new PlatformNotSupportedException(SR.GetString(SR.Method_Not_Supported_By_Iis_Integrated_Mode, "DefaultHttpHandler.BeginProcessRequest"));
}
_context = context;
HttpResponse response = _context.Response;
if (response.CanExecuteUrlForEntireResponse) {
// use ExecuteUrl
String path = OverrideExecuteUrlPath();
if (path != null && !HttpRuntime.IsFullTrust) {
// validate that an untrusted derived classes (not in GAC)
// didn't set the path to a place that CAS wouldn't let it access
if (!this.GetType().Assembly.GlobalAssemblyCache) {
HttpRuntime.CheckFilePermission(MapPathWithAssert(context, path));
}
}
return response.BeginExecuteUrlForEntireResponse(path, _executeUrlHeaders, callback, state);
}
else {
// let the base class throw if it doesn't want static files handler
OnExecuteUrlPreconditionFailure();
// use static file handler
_context = null; // don't keep request data alive in sync case
HttpRequest request = context.Request;
// refuse POST requests
if (request.HttpVerb == HttpVerb.POST) {
throw new HttpException(405, SR.GetString(SR.Method_not_allowed, request.HttpMethod, request.Path));
}
// refuse .asp requests
if (IsClassicAspRequest(request.FilePath)) {
throw new HttpException(403, SR.GetString(SR.Path_forbidden, request.Path));
}
// default to static file handler
StaticFileHandler.ProcessRequestInternal(context, OverrideExecuteUrlPath());
// return async result indicating completion
return new HttpAsyncResult(callback, state, true, null, null);
}
}
public virtual void EndProcessRequest(IAsyncResult result) {
if (_context != null) {
HttpResponse response = _context.Response;
_context = null;
response.EndExecuteUrlForEntireResponse(result);
}
}
public virtual void ProcessRequest(HttpContext context) {
// this handler should never be called synchronously
throw new InvalidOperationException(SR.GetString(SR.Cannot_call_defaulthttphandler_sync));
}
public virtual bool IsReusable {
get { return false; }
}
}
}