Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
10 janvier 2008 4 10 /01 /janvier /2008 19:55

Voici des méthodes qui permettent de manipuler les fichiers Web.config pour changer les autorisations d'accés des fichiers en se basant sur les rôles.

La méthode AddWebConfigAuthorization permet d'ajouter une node <location> dans le fichier Web.config.

Code :

Public Sub AddWebConfigAuthorization(ByVal webConfigFile As String, ByVal fileName As String, ByVal allowRoles As String, ByVal denyRoles As String, ByVal allowUsers As String, ByVal denyUsers As String)

        Dim myConfig As New XmlDocument
        Dim nodeConfiguration As XmlNode
        Dim nodeLocation As XmlNode
        Dim nodeSystemWeb As XmlNode
        Dim nodeAuthorization As XmlNode
        Dim nodeAllow As XmlNode
        Dim nodeDeny As XmlNode
        Dim attributePath As XmlAttribute
        Dim attributeUsers As XmlAttribute
        Dim attributeRoles As XmlAttribute

        myConfig.Load(webConfigFile)

        nodeConfiguration = myConfig.SelectSingleNode("/configuration")

        nodeLocation = myConfig.CreateNode(XmlNodeType.Element, "location", Nothing)
        nodeConfiguration.AppendChild(nodeLocation)

        nodeSystemWeb = myConfig.CreateNode(XmlNodeType.Element, "system.web", Nothing)
        nodeLocation.AppendChild(nodeSystemWeb)

        nodeAuthorization = myConfig.CreateNode(XmlNodeType.Element, "authorization", Nothing)
        nodeSystemWeb.AppendChild(nodeAuthorization)

        If allowUsers IsNot Nothing Then
            nodeAllow = myConfig.CreateNode(XmlNodeType.Element, "allow", Nothing)
            nodeAuthorization.AppendChild(nodeAllow)

            attributeUsers = myConfig.CreateAttribute("users")
            attributeUsers.Value = allowUsers
            nodeAllow.Attributes.Append(attributeUsers)
        End If

        If denyUsers IsNot Nothing Then
            nodeDeny = myConfig.CreateNode(XmlNodeType.Element, "deny", Nothing)
            nodeAuthorization.AppendChild(nodeDeny)

            attributeUsers = myConfig.CreateAttribute("users")
            attributeUsers.Value = denyUsers
            nodeDeny.Attributes.Append(attributeUsers)
        End If

        If allowRoles IsNot Nothing Then
            nodeAllow = myConfig.CreateNode(XmlNodeType.Element, "allow", Nothing)
            nodeAuthorization.AppendChild(nodeAllow)

            attributeRoles = myConfig.CreateAttribute("roles")
            attributeRoles.Value = allowRoles
            nodeAllow.Attributes.Append(attributeRoles)
        End If

        If denyRoles IsNot Nothing Then
            nodeDeny = myConfig.CreateNode(XmlNodeType.Element, "deny", Nothing)
            nodeAuthorization.AppendChild(nodeDeny)

            attributeRoles = myConfig.CreateAttribute("roles")
            attributeRoles.Value = denyRoles
            nodeDeny.Attributes.Append(attributeRoles)
        End If

        attributePath = myConfig.CreateAttribute("path")
        attributePath.Value = fileName
        nodeLocation.Attributes.Append(attributePath)

        myConfig.Save(webConfigFile)

    End Sub

 

Exemple d'utilisation :

Pour donner les droits d'accès à un fichier nommé "fleurs.jpg" uniquement aux rôles "Administrateur" et "Modérateur" il suffit de l'utiliser ainsi :

Code :

AddWebConfigAuthorization(Server.MapPath("~/public/documents/Web.config"), "fleurs.jpg", "Administrateur,Modérateur", Nothing, Nothing, "?")

 

 

La méthode RemoveWebConfigAuthorization permet de supprimer le node location correspondant à un fichier.

Code :

Public Sub RemoveWebConfigAuthorization(ByVal webConfigFile As String, ByVal fileName As String)
        Dim myConfig As New XmlDocument
        Dim nodesLocation As XmlNodeList
        Dim nodeConfiguration As XmlNode
        Dim pathValue As String

        myConfig.Load(webConfigFile)

        nodeConfiguration = myConfig.SelectSingleNode("/configuration")
        nodesLocation = myConfig.GetElementsByTagName("location")

        For Each node As XmlNode In nodesLocation
            pathValue = node.Attributes("path").Value.ToString
            If pathValue = fileName Then
                node.RemoveAll()
                nodeConfiguration.RemoveChild(node)
                myConfig.Save(webConfigFile)
                Exit For
            End If
        Next

    End Sub

 

Exemple d'utilisation :

Code :

RemoveWebConfigAuthorization(Server.MapPath("~/public/documents/Web.config"), "fleurs.jpg")

 

 

La fonction IsFileAllowAnonymous permet de savoir si un utilisateur anonyme peut accéder au fichier.

Code :

Public Function IsFileAllowAnonymous(ByVal webConfigFile As String, ByVal fileName As String) As Boolean
        Dim myConfig As New XmlDocument
        Dim nodesLocation As XmlNodeList
        Dim nodeAuthorization As XmlNode
        Dim nodeConfiguration As XmlNode
        Dim pathValue As String

        myConfig.Load(webConfigFile)

        nodeConfiguration = myConfig.SelectSingleNode("/configuration")
        nodesLocation = myConfig.GetElementsByTagName("location")

        For Each node As XmlNode In nodesLocation
            pathValue = node.Attributes("path").Value.ToString
            If pathValue = fileName Then

                nodeAuthorization = node.SelectSingleNode("system.web/authorization")

                For Each childNode As XmlNode In nodeAuthorization.ChildNodes
                    If childNode.Name = "allow" Then
                        If childNode.Attributes("users") IsNot Nothing Then
                            If childNode.Attributes("users").Value = "?" Then
                                Return True
                            Else
                                Return False
                            End If
                        End If
                    End If
                Next

                Exit For
            End If
        Next

        Return False

    End Function

 

Exemple d'utilisation :

Code :

IsFileAllowAnonymous(Server.MapPath("~/public/documents/Web.config"), "fleurs.jpg")

 

La méthode GetFileAllowRoles permet d'obtenir les roles ayant les droits d'accés à un fichier

Code :

Public Function GetFileAllowRoles(ByVal webConfigFile As String, ByVal fileName As String) As String

        Dim myConfig As New XmlDocument
        Dim nodesLocation As XmlNodeList
        Dim nodeLocation As XmlNode
        Dim nodeAuthorization As XmlNode
        Dim nodeConfiguration As XmlNode
        Dim pathValue As String

        myConfig.Load(webConfigFile)

        nodeConfiguration = myConfig.SelectSingleNode("/configuration")
        nodesLocation = myConfig.GetElementsByTagName("location")

        For Each node As XmlNode In nodesLocation
            pathValue = node.Attributes("path").Value.ToString
            If pathValue = fileName Then

                nodeAuthorization = node.SelectSingleNode("system.web/authorization")

                For Each childNode As XmlNode In nodeAuthorization.ChildNodes
                    If childNode.Name = "allow" Then
                        If childNode.Attributes("roles") IsNot Nothing Then
                            Return childNode.Attributes("roles").Value.ToString
                        End If
                    End If
                Next

                Exit For
            End If
        Next

        Return ""
    End Function

 

Exemple d'utilisation :

Code :

GetFileAllowRoles(Server.MapPath("~/public/documents/Web.config"), "fleurs.jpg")

 

 

Sur le même principe, il est possible de créer des méthodes gérant les utilisateurs au lieu des rôles.

Il n'est pas conseillé de modifier dynamiquement le fichier Web.config qui se trouve à la racine de votre site. Créer plutôt un sous dossier dans lequel vous mettrez vos fichiers et un fichier Web.config "vierge".

Partager cet article

Repost 0
Published by Cyril - dans ASP.NET
commenter cet article

commentaires