Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //[....] //----------------------------------------------------------------------------- namespace System.Xml { using System.Net; using System.Security; using System.Security.Policy; using System.Security.Permissions; using System.Runtime.Versioning; [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")] public class XmlSecureResolver : XmlResolver { XmlResolver resolver; PermissionSet permissionSet; public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {} public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {} public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) { this.resolver = resolver; this.permissionSet = permissionSet; } public override ICredentials Credentials { set { resolver.Credentials = value; } } public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) { permissionSet.PermitOnly(); return resolver.GetEntity(absoluteUri, role, ofObjectToReturn); } [ResourceConsumption(ResourceScope.Machine)] [ResourceExposure(ResourceScope.Machine)] public override Uri ResolveUri(Uri baseUri, string relativeUri) { return resolver.ResolveUri(baseUri, relativeUri); } public static Evidence CreateEvidenceForUrl(string securityUrl) { Evidence evidence = new Evidence(); if (securityUrl != null && securityUrl.Length > 0) { evidence.AddHostEvidence(new Url(securityUrl)); evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl)); Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute); if (uri.IsAbsoluteUri && !uri.IsFile) { evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl)); } // Allow same directory access for UNCs (SQLBUDT 394535) if (uri.IsAbsoluteUri && uri.IsUnc) { string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath); if (uncDir != null && uncDir.Length != 0) { evidence.AddHostEvidence(new UncDirectory(uncDir)); } } } return evidence; } [Serializable] private class UncDirectory : EvidenceBase, IIdentityPermissionFactory { private string uncDir; public UncDirectory(string uncDirectory) { this.uncDir = uncDirectory; } public IPermission CreateIdentityPermission(Evidence evidence) { return new FileIOPermission(FileIOPermissionAccess.Read, uncDir); } public override EvidenceBase Clone() { return new UncDirectory(uncDir); } private SecurityElement ToXml() { SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver"); root.AddAttribute("version", "1"); root.AddChild(new SecurityElement("UncDirectory", uncDir)); return root; } public override string ToString() { return ToXml().ToString(); } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //[....] //----------------------------------------------------------------------------- namespace System.Xml { using System.Net; using System.Security; using System.Security.Policy; using System.Security.Permissions; using System.Runtime.Versioning; [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")] public class XmlSecureResolver : XmlResolver { XmlResolver resolver; PermissionSet permissionSet; public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {} public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {} public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) { this.resolver = resolver; this.permissionSet = permissionSet; } public override ICredentials Credentials { set { resolver.Credentials = value; } } public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) { permissionSet.PermitOnly(); return resolver.GetEntity(absoluteUri, role, ofObjectToReturn); } [ResourceConsumption(ResourceScope.Machine)] [ResourceExposure(ResourceScope.Machine)] public override Uri ResolveUri(Uri baseUri, string relativeUri) { return resolver.ResolveUri(baseUri, relativeUri); } public static Evidence CreateEvidenceForUrl(string securityUrl) { Evidence evidence = new Evidence(); if (securityUrl != null && securityUrl.Length > 0) { evidence.AddHostEvidence(new Url(securityUrl)); evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl)); Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute); if (uri.IsAbsoluteUri && !uri.IsFile) { evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl)); } // Allow same directory access for UNCs (SQLBUDT 394535) if (uri.IsAbsoluteUri && uri.IsUnc) { string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath); if (uncDir != null && uncDir.Length != 0) { evidence.AddHostEvidence(new UncDirectory(uncDir)); } } } return evidence; } [Serializable] private class UncDirectory : EvidenceBase, IIdentityPermissionFactory { private string uncDir; public UncDirectory(string uncDirectory) { this.uncDir = uncDirectory; } public IPermission CreateIdentityPermission(Evidence evidence) { return new FileIOPermission(FileIOPermissionAccess.Read, uncDir); } public override EvidenceBase Clone() { return new UncDirectory(uncDir); } private SecurityElement ToXml() { SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver"); root.AddAttribute("version", "1"); root.AddChild(new SecurityElement("UncDirectory", uncDir)); return root; } public override string ToString() { return ToXml().ToString(); } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ConnectionStringsExpressionBuilder.cs
- AuthenticationSection.cs
- WindowsContainer.cs
- CodeSubDirectoriesCollection.cs
- MetadataResolver.cs
- Filter.cs
- DataSourceXmlSubItemAttribute.cs
- InnerItemCollectionView.cs
- ContractValidationHelper.cs
- HighlightVisual.cs
- ObjectDataSource.cs
- PasswordPropertyTextAttribute.cs
- ItemsControl.cs
- ObjectDataSourceFilteringEventArgs.cs
- MbpInfo.cs
- PageRouteHandler.cs
- DiscoveryRequestHandler.cs
- DictionaryEntry.cs
- XmlILOptimizerVisitor.cs
- TextWriter.cs
- _ProxyRegBlob.cs
- DataGridTextBoxColumn.cs
- XmlSchemaAny.cs
- EraserBehavior.cs
- FloaterParaClient.cs
- StrongNamePublicKeyBlob.cs
- InfoCardSymmetricAlgorithm.cs
- PersonalizationProvider.cs
- CharEnumerator.cs
- FilterException.cs
- AssociatedControlConverter.cs
- ColumnCollection.cs
- MbpInfo.cs
- SafeBitVector32.cs
- TextTrailingCharacterEllipsis.cs
- ReaderContextStackData.cs
- MessageSecurityException.cs
- DateTimeFormatInfo.cs
- DataSourceView.cs
- SessionPageStatePersister.cs
- PrintDialogException.cs
- HttpRequestWrapper.cs
- DrawingCollection.cs
- JoinElimination.cs
- ClickablePoint.cs
- FunctionParameter.cs
- AssemblyBuilderData.cs
- XmlSerializerFormatAttribute.cs
- RefType.cs
- DriveInfo.cs
- WorkflowInstanceTerminatedRecord.cs
- Deflater.cs
- StringSource.cs
- CompatibleComparer.cs
- DesignTimeHTMLTextWriter.cs
- WorkflowPageSetupDialog.cs
- HwndProxyElementProvider.cs
- XmlAutoDetectWriter.cs
- EntityDataSourceColumn.cs
- KeyValueConfigurationCollection.cs
- UnsafeNativeMethods.cs
- RenderOptions.cs
- DescendentsWalkerBase.cs
- SecurityResources.cs
- SqlInternalConnectionSmi.cs
- VirtualPathUtility.cs
- State.cs
- dataobject.cs
- StoreUtilities.cs
- XmlSchemaExporter.cs
- DataGridAddNewRow.cs
- messageonlyhwndwrapper.cs
- ToolStripPanel.cs
- RequestStatusBarUpdateEventArgs.cs
- WindowsToolbarItemAsMenuItem.cs
- IChannel.cs
- ResourceWriter.cs
- DiscriminatorMap.cs
- SkipStoryboardToFill.cs
- ControlIdConverter.cs
- DPTypeDescriptorContext.cs
- MetabaseSettings.cs
- Stylus.cs
- Section.cs
- NotSupportedException.cs
- InputQueue.cs
- Item.cs
- GenericsInstances.cs
- RectangleHotSpot.cs
- HelpInfo.cs
- RowSpanVector.cs
- ParameterBinding.cs
- TypeSemantics.cs
- LinkedList.cs
- WaitingCursor.cs
- ServiceBuildProvider.cs
- OdbcParameterCollection.cs
- AuthenticationModuleElement.cs
- XmlMtomReader.cs
- StringComparer.cs