1 //------------------------------------------------------------------------------
2 // <copyright file="SecurityUtil.cs" company="Microsoft">
3 // Copyright (c) Microsoft Corporation. All rights reserved.
5 //------------------------------------------------------------------------------
10 * Copyright (c) 1999 Microsoft Corporation
13 namespace System
.Web
.Util
{
14 using System
.Globalization
;
15 using System
.Web
.Hosting
;
16 using System
.Collections
;
17 using System
.Collections
.Specialized
;
19 using System
.Data
.SqlClient
;
20 using System
.Data
.SqlTypes
;
21 using System
.Configuration
.Provider
;
22 using System
.Configuration
;
23 using System
.Text
.RegularExpressions
;
24 using System
.Web
.DataAccess
;
26 internal static class SecUtility
{
28 internal static string GetDefaultAppName() {
30 string appName
= HostingEnvironment
.ApplicationVirtualPath
;
31 if (String
.IsNullOrEmpty(appName
)) {
33 // ROTORTODO: enable Process.MainModule or support an alternative
34 // naming scheme for (HttpRuntime.AppDomainAppVirtualPath == null)
36 appName
= System
.Diagnostics
.Process
.GetCurrentProcess().
37 MainModule
.ModuleName
;
39 int indexOfDot
= appName
.IndexOf('.');
40 if (indexOfDot
!= -1) {
41 appName
= appName
.Remove(indexOfDot
);
43 #endif // !FEATURE_PAL
46 if (String
.IsNullOrEmpty(appName
)) {
58 internal static string GetConnectionString(NameValueCollection config
) {
59 Debug
.Assert(config
!= null);
61 string connectionString
= config
["connectionString"];
62 if (!String
.IsNullOrEmpty(connectionString
)) {
63 return connectionString
;
66 string connectionStringName
= config
["connectionStringName"];
67 if (String
.IsNullOrEmpty(connectionStringName
))
68 throw new ProviderException(SR
.GetString(SR
.Connection_name_not_specified
));
70 connectionString
= SqlConnectionHelper
.GetConnectionString(connectionStringName
, lookupConnectionString
: true, appLevel
: true);
71 if (String
.IsNullOrEmpty(connectionString
)) {
72 throw new ProviderException(SR
.GetString(SR
.Connection_string_not_found
, connectionStringName
));
75 return connectionString
;
80 // We don't trim the param before checking with password parameters
81 internal static bool ValidatePasswordParameter(ref string param
, int maxSize
) {
86 if (param
.Length
< 1) {
90 if (maxSize
> 0 && (param
.Length
> maxSize
) ) {
97 internal static bool ValidateParameter(ref string param
, bool checkForNull
, bool checkIfEmpty
, bool checkForCommas
, int maxSize
) {
102 param
= param
.Trim();
103 if ((checkIfEmpty
&& param
.Length
< 1) ||
104 (maxSize
> 0 && param
.Length
> maxSize
) ||
105 (checkForCommas
&& param
.Contains(","))) {
112 // We don't trim the param before checking with password parameters
113 internal static void CheckPasswordParameter(ref string param
, int maxSize
, string paramName
) {
115 throw new ArgumentNullException(paramName
);
118 if (param
.Length
< 1) {
119 throw new ArgumentException(SR
.GetString(SR
.Parameter_can_not_be_empty
, paramName
), paramName
);
122 if (maxSize
> 0 && param
.Length
> maxSize
) {
123 throw new ArgumentException(SR
.GetString(SR
.Parameter_too_long
, paramName
, maxSize
.ToString(CultureInfo
.InvariantCulture
)), paramName
);
127 internal static void CheckParameter(ref string param
, bool checkForNull
, bool checkIfEmpty
, bool checkForCommas
, int maxSize
, string paramName
) {
130 throw new ArgumentNullException(paramName
);
136 param
= param
.Trim();
137 if (checkIfEmpty
&& param
.Length
< 1) {
138 throw new ArgumentException(SR
.GetString(SR
.Parameter_can_not_be_empty
, paramName
), paramName
);
141 if (maxSize
> 0 && param
.Length
> maxSize
) {
142 throw new ArgumentException(SR
.GetString(SR
.Parameter_too_long
, paramName
, maxSize
.ToString(CultureInfo
.InvariantCulture
)), paramName
);
145 if (checkForCommas
&& param
.Contains(",")) {
146 throw new ArgumentException(SR
.GetString(SR
.Parameter_can_not_contain_comma
, paramName
), paramName
);
150 internal static void CheckArrayParameter(ref string[] param
, bool checkForNull
, bool checkIfEmpty
, bool checkForCommas
, int maxSize
, string paramName
) {
152 throw new ArgumentNullException(paramName
);
155 if (param
.Length
< 1) {
156 throw new ArgumentException(SR
.GetString(SR
.Parameter_array_empty
, paramName
), paramName
);
159 Hashtable values
= new Hashtable(param
.Length
);
160 for (int i
= param
.Length
- 1; i
>= 0; i
--) {
161 SecUtility
.CheckParameter(ref param
[i
], checkForNull
, checkIfEmpty
, checkForCommas
, maxSize
,
162 paramName
+ "[ " + i
.ToString(CultureInfo
.InvariantCulture
) + " ]");
163 if (values
.Contains(param
[i
])) {
164 throw new ArgumentException(SR
.GetString(SR
.Parameter_duplicate_array_element
, paramName
), paramName
);
167 values
.Add(param
[i
], param
[i
]);
172 internal static bool GetBooleanValue(NameValueCollection config
, string valueName
, bool defaultValue
) {
173 string sValue
= config
[valueName
];
174 if (sValue
== null) {
179 if (bool.TryParse(sValue
, out result
)) {
183 throw new ProviderException(SR
.GetString(SR
.Value_must_be_boolean
, valueName
));
187 internal static int GetIntValue(NameValueCollection config
, string valueName
, int defaultValue
, bool zeroAllowed
, int maxValueAllowed
) {
188 string sValue
= config
[valueName
];
190 if (sValue
== null) {
195 if (!Int32
.TryParse(sValue
, out iValue
)) {
197 throw new ProviderException(SR
.GetString(SR
.Value_must_be_non_negative_integer
, valueName
));
200 throw new ProviderException(SR
.GetString(SR
.Value_must_be_positive_integer
, valueName
));
203 if (zeroAllowed
&& iValue
< 0) {
204 throw new ProviderException(SR
.GetString(SR
.Value_must_be_non_negative_integer
, valueName
));
207 if (!zeroAllowed
&& iValue
<= 0) {
208 throw new ProviderException(SR
.GetString(SR
.Value_must_be_positive_integer
, valueName
));
211 if (maxValueAllowed
> 0 && iValue
> maxValueAllowed
) {
212 throw new ProviderException(SR
.GetString(SR
.Value_too_big
, valueName
, maxValueAllowed
.ToString(CultureInfo
.InvariantCulture
)));
218 internal static TimeUnit
GetTimeoutUnit(NameValueCollection config
, string valueName
, TimeUnit defaultValue
) {
220 string sValue
= config
[valueName
];
222 if (sValue
== null || !Enum
.TryParse(sValue
, out unit
)) {
229 internal static int? GetNullableIntValue(NameValueCollection config
, string valueName
) {
231 string sValue
= config
[valueName
];
233 if (sValue
== null || !Int32
.TryParse(sValue
, out iValue
)) {
241 internal static void CheckSchemaVersion(ProviderBase provider
, SqlConnection connection
, string[] features
, string version
, ref int schemaVersionCheck
) {
242 if (connection
== null) {
243 throw new ArgumentNullException("connection");
246 if (features
== null) {
247 throw new ArgumentNullException("features");
250 if (version
== null) {
251 throw new ArgumentNullException("version");
254 if (schemaVersionCheck
== -1) {
255 throw new ProviderException(SR
.GetString(SR
.Provider_Schema_Version_Not_Match
, provider
.ToString(), version
));
257 else if (schemaVersionCheck
== 0) {
259 if (schemaVersionCheck
== -1) {
260 throw new ProviderException(SR
.GetString(SR
.Provider_Schema_Version_Not_Match
, provider
.ToString(), version
));
262 else if (schemaVersionCheck
== 0) {
264 SqlCommand cmd
= null;
265 SqlParameter p
= null;
267 foreach (string feature
in features
) {
268 cmd
= new SqlCommand("dbo.aspnet_CheckSchemaVersion", connection
);
270 cmd
.CommandType
= CommandType
.StoredProcedure
;
272 p
= new SqlParameter("@Feature", feature
);
273 cmd
.Parameters
.Add(p
);
275 p
= new SqlParameter("@CompatibleSchemaVersion", version
);
276 cmd
.Parameters
.Add(p
);
278 p
= new SqlParameter("@ReturnValue", SqlDbType
.Int
);
279 p
.Direction
= ParameterDirection
.ReturnValue
;
280 cmd
.Parameters
.Add(p
);
282 cmd
.ExecuteNonQuery();
284 iStatus
= ((p
.Value
!= null) ? ((int)p
.Value
) : -1);
286 schemaVersionCheck
= -1;
288 throw new ProviderException(SR
.GetString(SR
.Provider_Schema_Version_Not_Match
, provider
.ToString(), version
));
292 schemaVersionCheck
= 1;
297 #endif // !FEATURE_PAL