Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- FileLogRecordHeader.cs
- TypeElement.cs
- FunctionImportElement.cs
- PermissionToken.cs
- ClickablePoint.cs
- TypedAsyncResult.cs
- WaitForChangedResult.cs
- ResourceWriter.cs
- SqlDataSourceAdvancedOptionsForm.cs
- CustomAttributeFormatException.cs
- GraphicsContext.cs
- HostingEnvironment.cs
- Transform3DCollection.cs
- StateMachineWorkflow.cs
- ListViewItemMouseHoverEvent.cs
- RSAPKCS1SignatureDeformatter.cs
- DependencyObjectPropertyDescriptor.cs
- FontConverter.cs
- QueryModel.cs
- SecurityPermission.cs
- ModelItemCollection.cs
- ReliableDuplexSessionChannel.cs
- DtdParser.cs
- DataGridCaption.cs
- XmlBindingWorker.cs
- DataListComponentEditor.cs
- HostingEnvironmentWrapper.cs
- LinqDataSourceDisposeEventArgs.cs
- EditorReuseAttribute.cs
- ColumnWidthChangingEvent.cs
- FontCacheLogic.cs
- SecurityTokenSerializer.cs
- BuilderPropertyEntry.cs
- BindingManagerDataErrorEventArgs.cs
- CodeConstructor.cs
- EventsTab.cs
- UseManagedPresentationBindingElementImporter.cs
- CollectionType.cs
- ColumnCollection.cs
- ValidatorCollection.cs
- ThreadAbortException.cs
- RoutedEventHandlerInfo.cs
- ScalarType.cs
- ModelTypeConverter.cs
- Interlocked.cs
- Highlights.cs
- ProfileManager.cs
- ProvideValueServiceProvider.cs
- SqlProfileProvider.cs
- ScriptControl.cs
- RepeaterCommandEventArgs.cs
- CompositeScriptReferenceEventArgs.cs
- DynamicDiscoveryDocument.cs
- MimeXmlReflector.cs
- TransportReplyChannelAcceptor.cs
- DefaultConfirmation.cs
- PrimitiveSchema.cs
- COM2PropertyPageUITypeConverter.cs
- LaxModeSecurityHeaderElementInferenceEngine.cs
- GroupBoxRenderer.cs
- IISMapPath.cs
- MenuStrip.cs
- MediaTimeline.cs
- RichTextBox.cs
- HighlightComponent.cs
- Encoder.cs
- PersonalizablePropertyEntry.cs
- WebPartTracker.cs
- SqlGenerator.cs
- securitymgrsite.cs
- ResourceDictionaryCollection.cs
- _NetRes.cs
- DataGridViewComboBoxColumn.cs
- GroupStyle.cs
- ISFClipboardData.cs
- ResourceReferenceExpressionConverter.cs
- RelationshipFixer.cs
- BindingContext.cs
- Size3D.cs
- GeometryDrawing.cs
- RegexGroupCollection.cs
- XmlEncoding.cs
- WindowsListViewGroupSubsetLink.cs
- DispatcherExceptionFilterEventArgs.cs
- Debug.cs
- NameObjectCollectionBase.cs
- ConsoleTraceListener.cs
- WebZone.cs
- DbSource.cs
- CLSCompliantAttribute.cs
- SystemParameters.cs
- RuleSetBrowserDialog.cs
- AddInAdapter.cs
- XmlHelper.cs
- WsdlExporter.cs
- MemberCollection.cs
- DataGridViewLinkColumn.cs
- XmlAnyElementAttribute.cs
- DataGridRow.cs
- StyleCollection.cs