FileAuthorizationModule.CheckFileAccessForUser(String, IntPtr, String) Method

Definition

Namespace:

System.Web.Security

Assembly:

System.Web.dll

Determines whether the user has access to the requested file.

public:
 static bool CheckFileAccessForUser(System::String ^ virtualPath, IntPtr token, System::String ^ verb);

public static bool CheckFileAccessForUser (string virtualPath, IntPtr token, string verb);

static member CheckFileAccessForUser : string * nativeint * string -> bool

Public Shared Function CheckFileAccessForUser (virtualPath As String, token As IntPtr, verb As String) As Boolean

Parameters

virtualPath

String

The virtual path to the file.

token

IntPtr

nativeint

A Windows access token representing the user.

verb

String

The HTTP verb used to make the request.

Returns

Boolean

true if the current Windows user represented by token has access to the file using the specified HTTP verb or if the FileAuthorizationModule module is not defined in the application's configuration file; otherwise, false.

Exceptions

ArgumentNullException

virtualPath is null.

-or-

token is Zero.

-or-

verb is null.

ArgumentException

virtualPath is not in the application directory structure of the Web application.

FileNotFoundException

The file specified by virtualPath does not exist.

Remarks

The CheckFileAccessForUser method checks to see whether the current user, represented by a Windows access token, is granted access to the requested file in the file-system access-control lists (ACLs). The virtual path is mapped to the physical file-system path before the check is made.

If the HTTP verb used to make the request is GET, POST, or HEAD, the CheckFileAccessForUser method checks for read access to the file. If any other verb is used, the CheckFileAccessForUser method checks for read/write permission to the file.

Security Note If the FileAuthorizationModule module is not defined in the httpModules configuration section for the application, the FileAuthorizationModule module always returns true.