Works on #U4-2078

src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs

@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.Web;
 using System.Web.Services;
+using Umbraco.Web.WebServices;
 using umbraco.presentation.umbraco.controls;
 using umbraco.cms.presentation.Trees;
 using System.Web.Script.Services;
@@ -18,7 +19,7 @@ namespace umbraco.presentation.webservices
 	/// </summary>
 	[ScriptService]
 	[WebService]
-	public class TreeClientService : WebService
+    public class TreeClientService : UmbracoAuthorizedWebService
 	{
 
 		/// <summary>
@@ -29,7 +30,7 @@ namespace umbraco.presentation.webservices
         [ScriptMethod(ResponseFormat = ResponseFormat.Json)]
 		public Dictionary<string, string> GetInitAppTreeData(string app, string treeType, bool showContextMenu, bool isDialog, TreeDialogModes dialogMode, string functionToCall, string nodeKey)
 		{
-			Authorize();
+		    AuthorizeRequest(app, true);
 
 			var treeCtl = new TreeControl()
 			{
@@ -74,13 +75,13 @@ namespace umbraco.presentation.webservices
 			returnVal.Add("js", treeCtl.JSCurrApp);
 
 			return returnVal;
-		}	
+		}
 
+        [Obsolete("Use the AuthorizeRequest methods on the base class UmbracoAuthorizedWebService instead")]
 		public static void Authorize()
 		{
 			if (!BasePages.BasePage.ValidateUserContextID(BasePages.BasePage.umbracoUserContextID))
 				throw new Exception("Client authorization failed. User is not logged in");
-
 		}
 
 	}

src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs

@@ -7,7 +7,9 @@ using System.Web.Script.Services;
 using System.Web.Services;
 using System.Web.Services.Protocols;
 using System.ComponentModel;
+using Umbraco.Web.WebServices;
 using umbraco.BasePages;
+using umbraco.BusinessLogic;
 using umbraco.BusinessLogic.console;
 using umbraco.cms.businesslogic;
 using umbraco.cms.businesslogic.web;
@@ -22,23 +24,35 @@ namespace umbraco.presentation.webservices
     [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
     [ToolboxItem(false)]
     [ScriptService]
-    public class trashcan : System.Web.Services.WebService
+    public class trashcan : UmbracoAuthorizedWebService
     {
         [WebMethod]
-        public void EmptyTrashcan(cms.businesslogic.RecycleBin.RecycleBinType type)
+        public void EmptyTrashcan(RecycleBin.RecycleBinType type)
         {
-            if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID))
+            //validate against the app type!
+            switch (type)
             {
-                Application["trashcanEmptyLeft"] = RecycleBin.Count(type).ToString();
-                emptyTrashCanDo(type);
+                case RecycleBin.RecycleBinType.Content:
+                    if (!AuthorizeRequest(DefaultApps.content.ToString())) return;
+                    break;
+                case RecycleBin.RecycleBinType.Media:
+                    if (!AuthorizeRequest(DefaultApps.media.ToString())) return;
+                    break;
+                default:
+                    throw new ArgumentOutOfRangeException("type");
             }
 
+            //TODO: This will never work in LB scenarios
+            Application["trashcanEmptyLeft"] = RecycleBin.Count(type).ToString();
+            emptyTrashCanDo(type);
         }
 
         [WebMethod]
         public string GetTrashStatus()
         {
-            if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID))
+            //TODO: This will never work in LB scenarios
+
+            if (AuthorizeRequest())
             {
                 return Application["trashcanEmptyLeft"] != null 
                     ? Application["trashcanEmptyLeft"].ToString()