Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- FlowDocumentReader.cs
- panel.cs
- Grant.cs
- BitmapEffectRenderDataResource.cs
- BufferModeSettings.cs
- UserNameSecurityTokenProvider.cs
- SafeTokenHandle.cs
- ResourcesBuildProvider.cs
- WebRequest.cs
- PartialTrustValidationBehavior.cs
- HostedImpersonationContext.cs
- Nodes.cs
- OpenTypeCommon.cs
- ForeignKeyConstraint.cs
- XXXOnTypeBuilderInstantiation.cs
- RtfToken.cs
- DataGridColumn.cs
- SrgsRuleRef.cs
- Models.cs
- IsolatedStorageFile.cs
- BlockCollection.cs
- RedBlackList.cs
- WindowShowOrOpenTracker.cs
- CalendarTable.cs
- FormClosedEvent.cs
- _ChunkParse.cs
- SelectionEditingBehavior.cs
- FontEmbeddingManager.cs
- Literal.cs
- Vector3DCollection.cs
- ObjectNavigationPropertyMapping.cs
- OdbcError.cs
- BamlRecordReader.cs
- SqlDataSourceStatusEventArgs.cs
- ButtonField.cs
- HintTextMaxWidthConverter.cs
- PersonalizablePropertyEntry.cs
- AbstractDataSvcMapFileLoader.cs
- XmlComplianceUtil.cs
- LocatorPartList.cs
- ADMembershipUser.cs
- EncodingTable.cs
- CodeArrayIndexerExpression.cs
- IImplicitResourceProvider.cs
- XmlReader.cs
- ListDictionary.cs
- Line.cs
- ResourcePool.cs
- CustomAttributeFormatException.cs
- PrePrepareMethodAttribute.cs
- GridItem.cs
- NavigatingCancelEventArgs.cs
- WmlPageAdapter.cs
- FrugalList.cs
- ErrorFormatterPage.cs
- HtmlControlPersistable.cs
- FormsIdentity.cs
- RawTextInputReport.cs
- CommandHelpers.cs
- SHA256.cs
- ColorTypeConverter.cs
- LayoutManager.cs
- TypeConverterHelper.cs
- ObjectParameter.cs
- Translator.cs
- TdsRecordBufferSetter.cs
- TreeViewDesigner.cs
- StylusPoint.cs
- TextDecorationLocationValidation.cs
- PackWebRequestFactory.cs
- XmlAutoDetectWriter.cs
- MediaContextNotificationWindow.cs
- BamlVersionHeader.cs
- WebConfigurationHostFileChange.cs
- ColorConverter.cs
- WriterOutput.cs
- SrgsItemList.cs
- SchemaSetCompiler.cs
- SqlProcedureAttribute.cs
- ServicePerformanceCounters.cs
- RenameRuleObjectDialog.cs
- CollectionsUtil.cs
- SqlDataSourceParameterParser.cs
- WebConfigurationHost.cs
- ContextMenu.cs
- TreeNodeMouseHoverEvent.cs
- BindStream.cs
- SslStream.cs
- PointConverter.cs
- PathFigure.cs
- XmlDictionaryReaderQuotas.cs
- XmlEntityReference.cs
- DBCommand.cs
- serverconfig.cs
- listviewsubitemcollectioneditor.cs
- SimpleHandlerFactory.cs
- DocobjHost.cs
- DeferredTextReference.cs
- WebBrowser.cs
- SqlTypeSystemProvider.cs