Is there an easy way to read the cookieName from the web.config for the anonymousIdentification section while working in Medium Trust?
What I'm trying to do is prevent the creation of thousands of Anonymous users because either:
How I'm attempting to accomplish this is by checking for the presence of either the Forms Authentication or Anonymous Identification cookies in Application_BeginRequest. If there is no cookie, I set a flag that will prevent the saving of anything to the database.
But in order to do that I must know the names of the cookies. For that, I attempted to do this:
AuthCookieName = FormsAuthentication.FormsCookieName;
var anonSection = (AnonymousIdentificationSection)WebConfigurationManager.GetSection("system.web/anonymousIdentification");
if (anonSection != null)
AnonCookieName = anonSection.CookieName;
While the auth cookie name is retrieved without any problems, the WebConfigurationManager throws the security exception: System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.
I know this is a trust issue because when I give High or Full Trust the exception goes away. However, it is important this works in Medium Trust, and I cannot modify the machine.config.
Is there a way to set requirePermission="false"
at the web.config level of my application for the anonymousIdentification section?
Am I going to have to load the web.config in an XML document and parse it out manually?
Other ideas?
Is there something better than this? I'm only running once on Application_Start()
.
XmlDocument config = new XmlDocument();
config.Load(Server.MapPath("~/Web.config"));
XmlNode anonSection = config.SelectSingleNode("configuration/system.web/anonymousIdentification");
if (anonSection != null)
{
XmlAttribute nameAttr = anonSection.Attributes["cookieName"];
if (nameAttr != null)
AnonCookieName = nameAttr.Value;
}
if (string.IsNullOrWhiteSpace(AnonCookieName))
AnonCookieName = ".ASPXANONYMOUS";
According to Microsoft, Medium Trust is dead. But if you have to do it, this should work:
XmlDocument config = new XmlDocument();
config.Load(Server.MapPath("~/Web.config"));
XmlNode anonSection = config.SelectSingleNode("configuration/system.web/anonymousIdentification");
if (anonSection != null)
{
XmlAttribute nameAttr = anonSection.Attributes["cookieName"];
if (nameAttr != null)
AnonCookieName = nameAttr.Value;
}
if (string.IsNullOrWhiteSpace(AnonCookieName))
AnonCookieName = ".ASPXANONYMOUS";