Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- BaseComponentEditor.cs
- WsdlWriter.cs
- Int32Rect.cs
- SslStream.cs
- StylusCollection.cs
- ClockGroup.cs
- HttpCookiesSection.cs
- Cursors.cs
- GeometryHitTestParameters.cs
- WebRequestModuleElementCollection.cs
- ReadWriteSpinLock.cs
- Stream.cs
- MethodBuilder.cs
- StringReader.cs
- ToolStripDropDownClosingEventArgs.cs
- DataServiceRequestOfT.cs
- RSAPKCS1SignatureFormatter.cs
- XmlSchemaSimpleTypeRestriction.cs
- Calendar.cs
- EncodingNLS.cs
- PreservationFileReader.cs
- SmiEventSink_Default.cs
- EntityCommandExecutionException.cs
- _AutoWebProxyScriptHelper.cs
- ImageFormat.cs
- CharAnimationBase.cs
- CryptoConfig.cs
- TextFormatterImp.cs
- Itemizer.cs
- ImageSourceValueSerializer.cs
- COMException.cs
- FormsIdentity.cs
- DataSourceDescriptorCollection.cs
- AppManager.cs
- Literal.cs
- CopyAction.cs
- SortDescriptionCollection.cs
- ParameterModifier.cs
- WebRequest.cs
- DataSvcMapFileSerializer.cs
- StorageComplexTypeMapping.cs
- XmlWriterTraceListener.cs
- DefaultTypeArgumentAttribute.cs
- TableItemProviderWrapper.cs
- Pts.cs
- Animatable.cs
- ToolStripPanelRenderEventArgs.cs
- EncodingInfo.cs
- TextAnchor.cs
- ToolStripProfessionalLowResolutionRenderer.cs
- odbcmetadatacollectionnames.cs
- InternalBufferManager.cs
- PageClientProxyGenerator.cs
- WorkflowInstance.cs
- DbgCompiler.cs
- EmptyStringExpandableObjectConverter.cs
- HtmlMeta.cs
- FreeFormDragDropManager.cs
- DesignOnlyAttribute.cs
- MD5.cs
- WorkflowApplicationAbortedException.cs
- DispatcherTimer.cs
- DataStorage.cs
- Hyperlink.cs
- HostedTransportConfigurationBase.cs
- TextStore.cs
- CompiledELinqQueryState.cs
- HttpException.cs
- PrintPageEvent.cs
- ConstructorBuilder.cs
- TakeQueryOptionExpression.cs
- SoapSchemaImporter.cs
- SQLInt64Storage.cs
- SqlDataRecord.cs
- ToolStripContentPanelRenderEventArgs.cs
- PageCatalogPartDesigner.cs
- BroadcastEventHelper.cs
- XPathSelfQuery.cs
- JournalEntryListConverter.cs
- _UriSyntax.cs
- FunctionDetailsReader.cs
- MultipartContentParser.cs
- OpenTypeLayoutCache.cs
- UriSection.cs
- CommandHelper.cs
- ModifierKeysConverter.cs
- TextProviderWrapper.cs
- BitmapVisualManager.cs
- _NetRes.cs
- DesignerAttribute.cs
- PatternMatcher.cs
- ConfigErrorGlyph.cs
- FilterQuery.cs
- ClonableStack.cs
- NavigationFailedEventArgs.cs
- JsonEncodingStreamWrapper.cs
- CheckBox.cs
- TypographyProperties.cs
- GridViewCellAutomationPeer.cs
- DataBindingCollection.cs