Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ScriptComponentDescriptor.cs
- SatelliteContractVersionAttribute.cs
- MemoryStream.cs
- SingleConverter.cs
- ServiceNameElement.cs
- MouseGestureConverter.cs
- MruCache.cs
- CustomCategoryAttribute.cs
- GC.cs
- IntSecurity.cs
- HashCodeCombiner.cs
- DefaultShape.cs
- SqlDataAdapter.cs
- SpnegoTokenProvider.cs
- RadioButton.cs
- ToolStripPanelSelectionBehavior.cs
- FamilyMapCollection.cs
- BitmapEffect.cs
- BindingUtils.cs
- PointAnimationClockResource.cs
- CodeGroup.cs
- AspNetHostingPermission.cs
- PerspectiveCamera.cs
- SamlConditions.cs
- XmlQueryType.cs
- WebServiceTypeData.cs
- BaseAddressElementCollection.cs
- Vars.cs
- CachedFontFace.cs
- DefaultCommandExtensionCallback.cs
- SID.cs
- DebugViewWriter.cs
- CompoundFileStorageReference.cs
- JpegBitmapEncoder.cs
- _UncName.cs
- UserControl.cs
- SpellerInterop.cs
- SqlDataAdapter.cs
- FillErrorEventArgs.cs
- FatalException.cs
- InvalidAsynchronousStateException.cs
- MDIWindowDialog.cs
- XamlSerializationHelper.cs
- RSAOAEPKeyExchangeFormatter.cs
- Exceptions.cs
- CryptoConfig.cs
- CssStyleCollection.cs
- XsltConvert.cs
- AnimationException.cs
- ReflectPropertyDescriptor.cs
- Timer.cs
- PanelDesigner.cs
- NativeMethods.cs
- BulletChrome.cs
- TextPointerBase.cs
- GatewayDefinition.cs
- Color.cs
- HashCodeCombiner.cs
- EventLogPermission.cs
- ClockController.cs
- CommentEmitter.cs
- DesigntimeLicenseContextSerializer.cs
- DataServices.cs
- WindowsFormsLinkLabel.cs
- DataGridViewComboBoxCell.cs
- DataTrigger.cs
- ImportStoreException.cs
- TextElementCollection.cs
- XmlQualifiedName.cs
- MouseCaptureWithinProperty.cs
- path.cs
- ToolStripContentPanel.cs
- ScriptBehaviorDescriptor.cs
- PointConverter.cs
- SqlProviderUtilities.cs
- PieceNameHelper.cs
- DbProviderManifest.cs
- WebReferenceCollection.cs
- UrlMappingCollection.cs
- RoutingUtilities.cs
- CompilationUtil.cs
- DbConnectionPool.cs
- ServiceOperationParameter.cs
- CodeAttributeDeclarationCollection.cs
- LocalBuilder.cs
- VersionPair.cs
- X509LogoTypeExtension.cs
- TableDetailsCollection.cs
- BuildProvider.cs
- TableItemPattern.cs
- SmtpFailedRecipientException.cs
- TableItemProviderWrapper.cs
- XmlQueryRuntime.cs
- SmtpNegotiateAuthenticationModule.cs
- SessionStateSection.cs
- MenuItemAutomationPeer.cs
- DeviceContexts.cs
- Variant.cs
- ClientSponsor.cs
- DependencyObjectProvider.cs