Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //[....] //----------------------------------------------------------------------------- namespace System.Xml { using System.Net; using System.Security; using System.Security.Policy; using System.Security.Permissions; using System.Runtime.Versioning; [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")] public class XmlSecureResolver : XmlResolver { XmlResolver resolver; PermissionSet permissionSet; public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {} public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {} public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) { this.resolver = resolver; this.permissionSet = permissionSet; } public override ICredentials Credentials { set { resolver.Credentials = value; } } public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) { permissionSet.PermitOnly(); return resolver.GetEntity(absoluteUri, role, ofObjectToReturn); } [ResourceConsumption(ResourceScope.Machine)] [ResourceExposure(ResourceScope.Machine)] public override Uri ResolveUri(Uri baseUri, string relativeUri) { return resolver.ResolveUri(baseUri, relativeUri); } public static Evidence CreateEvidenceForUrl(string securityUrl) { Evidence evidence = new Evidence(); if (securityUrl != null && securityUrl.Length > 0) { evidence.AddHostEvidence(new Url(securityUrl)); evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl)); Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute); if (uri.IsAbsoluteUri && !uri.IsFile) { evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl)); } // Allow same directory access for UNCs (SQLBUDT 394535) if (uri.IsAbsoluteUri && uri.IsUnc) { string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath); if (uncDir != null && uncDir.Length != 0) { evidence.AddHostEvidence(new UncDirectory(uncDir)); } } } return evidence; } [Serializable] private class UncDirectory : EvidenceBase, IIdentityPermissionFactory { private string uncDir; public UncDirectory(string uncDirectory) { this.uncDir = uncDirectory; } public IPermission CreateIdentityPermission(Evidence evidence) { return new FileIOPermission(FileIOPermissionAccess.Read, uncDir); } public override EvidenceBase Clone() { return new UncDirectory(uncDir); } private SecurityElement ToXml() { SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver"); root.AddAttribute("version", "1"); root.AddChild(new SecurityElement("UncDirectory", uncDir)); return root; } public override string ToString() { return ToXml().ToString(); } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //[....] //----------------------------------------------------------------------------- namespace System.Xml { using System.Net; using System.Security; using System.Security.Policy; using System.Security.Permissions; using System.Runtime.Versioning; [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")] public class XmlSecureResolver : XmlResolver { XmlResolver resolver; PermissionSet permissionSet; public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {} public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {} public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) { this.resolver = resolver; this.permissionSet = permissionSet; } public override ICredentials Credentials { set { resolver.Credentials = value; } } public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) { permissionSet.PermitOnly(); return resolver.GetEntity(absoluteUri, role, ofObjectToReturn); } [ResourceConsumption(ResourceScope.Machine)] [ResourceExposure(ResourceScope.Machine)] public override Uri ResolveUri(Uri baseUri, string relativeUri) { return resolver.ResolveUri(baseUri, relativeUri); } public static Evidence CreateEvidenceForUrl(string securityUrl) { Evidence evidence = new Evidence(); if (securityUrl != null && securityUrl.Length > 0) { evidence.AddHostEvidence(new Url(securityUrl)); evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl)); Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute); if (uri.IsAbsoluteUri && !uri.IsFile) { evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl)); } // Allow same directory access for UNCs (SQLBUDT 394535) if (uri.IsAbsoluteUri && uri.IsUnc) { string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath); if (uncDir != null && uncDir.Length != 0) { evidence.AddHostEvidence(new UncDirectory(uncDir)); } } } return evidence; } [Serializable] private class UncDirectory : EvidenceBase, IIdentityPermissionFactory { private string uncDir; public UncDirectory(string uncDirectory) { this.uncDir = uncDirectory; } public IPermission CreateIdentityPermission(Evidence evidence) { return new FileIOPermission(FileIOPermissionAccess.Read, uncDir); } public override EvidenceBase Clone() { return new UncDirectory(uncDir); } private SecurityElement ToXml() { SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver"); root.AddAttribute("version", "1"); root.AddChild(new SecurityElement("UncDirectory", uncDir)); return root; } public override string ToString() { return ToXml().ToString(); } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- StylusLogic.cs
- x509store.cs
- PermissionSet.cs
- Table.cs
- ViewStateException.cs
- InterleavedZipPartStream.cs
- EventSinkActivity.cs
- SubpageParaClient.cs
- PriorityQueue.cs
- newinstructionaction.cs
- ChildTable.cs
- LayoutUtils.cs
- ProxyAttribute.cs
- ProbeMatchesMessageCD1.cs
- WebWorkflowRole.cs
- SqlTransaction.cs
- WebChannelFactory.cs
- RenderDataDrawingContext.cs
- ConsoleKeyInfo.cs
- GeometryHitTestResult.cs
- BamlBinaryReader.cs
- TableColumn.cs
- ImageField.cs
- ASCIIEncoding.cs
- HMACSHA384.cs
- StylusCollection.cs
- DataGridViewCellCollection.cs
- WebPartCancelEventArgs.cs
- LowerCaseStringConverter.cs
- LicenseContext.cs
- InstanceHandleReference.cs
- StateBag.cs
- HttpGetProtocolImporter.cs
- EmptyStringExpandableObjectConverter.cs
- HttpCacheParams.cs
- HwndSubclass.cs
- InstanceNameConverter.cs
- safemediahandle.cs
- ValidationEventArgs.cs
- RightsManagementInformation.cs
- EdmScalarPropertyAttribute.cs
- InvokePattern.cs
- StrokeRenderer.cs
- CompModSwitches.cs
- FontDifferentiator.cs
- AuthorizationPolicyTypeElementCollection.cs
- DbDataRecord.cs
- FormViewInsertedEventArgs.cs
- WindowsMenu.cs
- BamlCollectionHolder.cs
- StatusStrip.cs
- SimpleTextLine.cs
- Color.cs
- DesignDataSource.cs
- PermissionToken.cs
- XmlConverter.cs
- RenamedEventArgs.cs
- DocumentAutomationPeer.cs
- BuildProviderCollection.cs
- DataBindingCollection.cs
- CallContext.cs
- SqlSupersetValidator.cs
- XmlAttributes.cs
- SignedPkcs7.cs
- WindowsPrincipal.cs
- DataContractJsonSerializerOperationFormatter.cs
- CapabilitiesSection.cs
- DependencyPropertyChangedEventArgs.cs
- CompositionTarget.cs
- GroupItem.cs
- HttpResponseHeader.cs
- SystemUnicastIPAddressInformation.cs
- updateconfighost.cs
- PrimitiveCodeDomSerializer.cs
- InputBindingCollection.cs
- StylusTouchDevice.cs
- MsmqIntegrationInputChannel.cs
- PlaceHolder.cs
- CompareValidator.cs
- ListItemCollection.cs
- PKCS1MaskGenerationMethod.cs
- TrackBarRenderer.cs
- DBBindings.cs
- BitHelper.cs
- RawStylusActions.cs
- EntityTemplateUserControl.cs
- SetStoryboardSpeedRatio.cs
- ChangeInterceptorAttribute.cs
- sqlstateclientmanager.cs
- SqlBinder.cs
- PropertyDescriptorCollection.cs
- ToolboxItemCollection.cs
- GenericPrincipal.cs
- BaseComponentEditor.cs
- OdbcErrorCollection.cs
- UserControlParser.cs
- DrawingAttributeSerializer.cs
- DBCommandBuilder.cs
- DefaultEventAttribute.cs
- ParserExtension.cs