Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- TableAdapterManagerMethodGenerator.cs
- ConstrainedDataObject.cs
- DbSourceParameterCollection.cs
- ContextMenuAutomationPeer.cs
- SqlProfileProvider.cs
- CompilationLock.cs
- GeneralTransformGroup.cs
- Journal.cs
- ClientScriptManager.cs
- AssemblyBuilderData.cs
- PersonalizableAttribute.cs
- NetCodeGroup.cs
- unsafenativemethodstextservices.cs
- String.cs
- PenContexts.cs
- RuleDefinitions.cs
- ProfileManager.cs
- SspiSafeHandles.cs
- FieldNameLookup.cs
- DataBoundControlHelper.cs
- FixedSchema.cs
- ModelChangedEventArgsImpl.cs
- LocatorManager.cs
- EmissiveMaterial.cs
- HelpKeywordAttribute.cs
- SchemaDeclBase.cs
- ListViewItem.cs
- DataGridViewRowsRemovedEventArgs.cs
- DragAssistanceManager.cs
- EventMappingSettingsCollection.cs
- FigureParagraph.cs
- QuaternionAnimationBase.cs
- Frame.cs
- RecommendedAsConfigurableAttribute.cs
- CorrelationTokenTypeConvertor.cs
- HwndSourceKeyboardInputSite.cs
- securitycriticaldataClass.cs
- ConstraintCollection.cs
- sqlmetadatafactory.cs
- SoapObjectWriter.cs
- SqlReferenceCollection.cs
- PersistenceMetadataNamespace.cs
- Roles.cs
- odbcmetadatafactory.cs
- DependencyProperty.cs
- ToolStripPanelSelectionBehavior.cs
- BufferModesCollection.cs
- ScrollViewer.cs
- SelectionWordBreaker.cs
- Repeater.cs
- ConstructorExpr.cs
- ConnectionStringsExpressionEditor.cs
- GenericArgumentsUpdater.cs
- TextEditorContextMenu.cs
- InstanceCreationEditor.cs
- CompositeDataBoundControl.cs
- TextEvent.cs
- ProtocolImporter.cs
- NavigatorInput.cs
- ContractNamespaceAttribute.cs
- IssuedTokenClientElement.cs
- GridViewEditEventArgs.cs
- _StreamFramer.cs
- CurrentChangedEventManager.cs
- Material.cs
- COM2ComponentEditor.cs
- CompilerWrapper.cs
- ObjectStateEntryDbUpdatableDataRecord.cs
- Vector.cs
- AnyReturnReader.cs
- TransactionFormatter.cs
- ObservableDictionary.cs
- AncillaryOps.cs
- CodeSubDirectory.cs
- SerializationObjectManager.cs
- PlanCompilerUtil.cs
- SmtpReplyReader.cs
- CFStream.cs
- EndEvent.cs
- ToolStripItemBehavior.cs
- GridViewUpdateEventArgs.cs
- IDispatchConstantAttribute.cs
- Accessible.cs
- InstanceCompleteException.cs
- DocumentViewerConstants.cs
- ConfigXmlCDataSection.cs
- DBNull.cs
- Rect3DValueSerializer.cs
- PlaceHolder.cs
- GZipStream.cs
- HyperlinkAutomationPeer.cs
- Set.cs
- BooleanKeyFrameCollection.cs
- DesignerCategoryAttribute.cs
- XamlTreeBuilderBamlRecordWriter.cs
- SafeThreadHandle.cs
- MimeMapping.cs
- BidirectionalDictionary.cs
- ControlCodeDomSerializer.cs
- Events.cs