Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- TextControl.cs
- ResourceIDHelper.cs
- Delay.cs
- RemoveStoryboard.cs
- ContainerSelectorGlyph.cs
- SkinIDTypeConverter.cs
- StringComparer.cs
- Formatter.cs
- TreeViewImageIndexConverter.cs
- ObjectDataSource.cs
- LingerOption.cs
- XmlILOptimizerVisitor.cs
- Preprocessor.cs
- ByteStack.cs
- ProtocolElementCollection.cs
- MailWebEventProvider.cs
- SystemKeyConverter.cs
- Int32Converter.cs
- XmlnsCompatibleWithAttribute.cs
- ContextProperty.cs
- DBBindings.cs
- XmlObjectSerializerContext.cs
- ClaimComparer.cs
- BuildProvidersCompiler.cs
- EntityStoreSchemaFilterEntry.cs
- SoapCodeExporter.cs
- Dictionary.cs
- RTTrackingProfile.cs
- MemberExpression.cs
- HMACRIPEMD160.cs
- ComponentResourceManager.cs
- ToolStripDropTargetManager.cs
- NavigationWindowAutomationPeer.cs
- Triangle.cs
- DodSequenceMerge.cs
- StreamUpdate.cs
- TriState.cs
- CornerRadiusConverter.cs
- CodeExpressionCollection.cs
- MyContact.cs
- PointAnimationClockResource.cs
- FilterException.cs
- SecurityKeyType.cs
- SplitterPanel.cs
- InterleavedZipPartStream.cs
- TableLayoutPanel.cs
- PersonalizationProviderHelper.cs
- TranslateTransform3D.cs
- FontNamesConverter.cs
- HiddenFieldDesigner.cs
- SecurityKeyEntropyMode.cs
- LogEntry.cs
- ScriptResourceAttribute.cs
- ReachDocumentPageSerializer.cs
- CounterSet.cs
- OperationResponse.cs
- TextOptions.cs
- TabItemWrapperAutomationPeer.cs
- WindowsFormsHostPropertyMap.cs
- AnnotationObservableCollection.cs
- DSACryptoServiceProvider.cs
- ProxyGenerationError.cs
- HostingPreferredMapPath.cs
- XmlDocumentSerializer.cs
- FlowPanelDesigner.cs
- OrderedDictionaryStateHelper.cs
- PropertyChangedEventArgs.cs
- DefaultTraceListener.cs
- NavigationFailedEventArgs.cs
- BrowserCapabilitiesCodeGenerator.cs
- ButtonBaseAutomationPeer.cs
- TextAction.cs
- printdlgexmarshaler.cs
- ExpressionNode.cs
- ToolboxItemCollection.cs
- TextDecorationUnitValidation.cs
- X509CertificateStore.cs
- DataObjectFieldAttribute.cs
- DiscoveryClientChannelFactory.cs
- WinFormsSpinner.cs
- XsltException.cs
- Journaling.cs
- DataGridViewRowConverter.cs
- _HelperAsyncResults.cs
- ParallelDesigner.xaml.cs
- SelectorAutomationPeer.cs
- HttpValueCollection.cs
- RuleDefinitions.cs
- DeferredReference.cs
- FileDialog_Vista.cs
- ELinqQueryState.cs
- SignatureToken.cs
- FunctionMappingTranslator.cs
- ClientFormsAuthenticationCredentials.cs
- Material.cs
- PenContext.cs
- JsonClassDataContract.cs
- WebReferenceCollection.cs
- ModelVisual3D.cs
- ConfigUtil.cs