From d030742a43404d299d8ae2d41bb2a9fe25a3ed79 Mon Sep 17 00:00:00 2001
From: Andre Rodrigues <andrerod@microsoft.com>
Date: Thu, 4 Nov 2010 16:12:16 -0700
Subject: [PATCH] Medium Trust: Fixing machinekey validation code to avoid
 securityexception on web.config getsection code.

--HG--
branch : dev
---
 .../Controllers/SetupController.cs            | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs b/src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs
index bd118f54c..689becc35 100644
--- a/src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs
+++ b/src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs
@@ -1,9 +1,11 @@
 using System;
 using System.Configuration;
+using System.IO;
 using System.Security.Cryptography;
 using System.Web.Configuration;
 using System.Web.Mvc;
 using System.Linq;
+using System.Xml;
 using Orchard.FileSystems.AppData;
 using Orchard.Setup.Services;
 using Orchard.Setup.ViewModels;
@@ -41,11 +43,21 @@ namespace Orchard.Setup.Controllers {
 
         private bool ValidateMachineKey() {
             // Get the machineKey section.
-            var section = ConfigurationManager.GetSection("system.web/machineKey") as MachineKeySection;
+            MachineKeySection machineKeySection = null;
 
-            if (section == null
-                || section.DecryptionKey.Contains("AutoGenerate")
-                || section.ValidationKey.Contains("AutoGenerate")) {
+            string webConfigFile = Path.Combine(HttpContext.Request.PhysicalApplicationPath, "web.config");
+            using (XmlTextReader webConfigReader = new XmlTextReader(new StreamReader(webConfigFile))) {
+                if (webConfigReader.ReadToFollowing("machineKey")) {
+                    machineKeySection = new MachineKeySection {
+                        DecryptionKey = webConfigReader.GetAttribute("decryptionKey"), 
+                        ValidationKey = webConfigReader.GetAttribute("validationKey")
+                    };
+                }
+            }
+
+            if (machineKeySection == null
+                || machineKeySection.DecryptionKey.Contains("AutoGenerate")
+                || machineKeySection.ValidationKey.Contains("AutoGenerate")) {
 
                 var rng = new RNGCryptoServiceProvider();
                 var decryptionData = new byte[32];