Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- Translator.cs
- XmlCharCheckingWriter.cs
- TrustManager.cs
- TypeDefinition.cs
- RightsManagementInformation.cs
- DurationConverter.cs
- ExpressionBindingsDialog.cs
- ButtonChrome.cs
- CollectionConverter.cs
- ConfigXmlElement.cs
- SecurityCapabilities.cs
- RSAPKCS1KeyExchangeFormatter.cs
- InstanceCreationEditor.cs
- Unit.cs
- ButtonFieldBase.cs
- NetworkCredential.cs
- ComponentDesigner.cs
- ColorTransform.cs
- GACIdentityPermission.cs
- ResourceProviderFactory.cs
- ExpressionPrefixAttribute.cs
- FrameworkRichTextComposition.cs
- LineGeometry.cs
- NameValueSectionHandler.cs
- WebPart.cs
- StringStorage.cs
- EntityDataSourceWizardForm.cs
- ComboBox.cs
- TreeNodeBindingDepthConverter.cs
- ObjectPersistData.cs
- ExceptionHandlersDesigner.cs
- x509utils.cs
- IdnMapping.cs
- DropSourceBehavior.cs
- ConfigurationValues.cs
- PrintDialog.cs
- HebrewNumber.cs
- SQLDateTime.cs
- OpCellTreeNode.cs
- ObjectTag.cs
- TableRowGroup.cs
- GridViewColumnCollectionChangedEventArgs.cs
- SqlMethods.cs
- WebControlToolBoxItem.cs
- EntityDesignerBuildProvider.cs
- CodeArrayCreateExpression.cs
- DataTemplate.cs
- FlowDocumentFormatter.cs
- XmlSchemaParticle.cs
- DirectionalAction.cs
- TextChangedEventArgs.cs
- HttpRequest.cs
- ToolStripMenuItem.cs
- WebRequestModuleElementCollection.cs
- HyperLink.cs
- TemplateBaseAction.cs
- DataControlFieldCell.cs
- CodeIdentifiers.cs
- SafeRightsManagementQueryHandle.cs
- ObjectMemberMapping.cs
- BridgeDataRecord.cs
- IResourceProvider.cs
- EditableRegion.cs
- ToolStripGripRenderEventArgs.cs
- CodeCompileUnit.cs
- CodeComment.cs
- LassoHelper.cs
- ObjectAnimationBase.cs
- FrameworkElementAutomationPeer.cs
- EncodingInfo.cs
- IsolatedStorage.cs
- Section.cs
- NetNamedPipeSecurityMode.cs
- XmlDataCollection.cs
- Point3DIndependentAnimationStorage.cs
- DelegatingTypeDescriptionProvider.cs
- CroppedBitmap.cs
- Pkcs7Signer.cs
- ValueChangedEventManager.cs
- PropertyGroupDescription.cs
- DataColumnPropertyDescriptor.cs
- EpmTargetPathSegment.cs
- PngBitmapEncoder.cs
- TypedElement.cs
- DesignTimeResourceProviderFactoryAttribute.cs
- ComplexLine.cs
- SQLDouble.cs
- GridItemProviderWrapper.cs
- ContentDisposition.cs
- ActivityXRefPropertyEditor.cs
- XmlArrayAttribute.cs
- handlecollector.cs
- TerminatorSinks.cs
- Profiler.cs
- SQLByte.cs
- ContextProperty.cs
- SQLCharsStorage.cs
- GridViewUpdatedEventArgs.cs
- DrawingImage.cs
- PostBackTrigger.cs