Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- BufferedGraphicsManager.cs
- DocumentGridPage.cs
- OleDbStruct.cs
- RemoteWebConfigurationHostServer.cs
- ObsoleteAttribute.cs
- XmlNamespaceMappingCollection.cs
- BaseCollection.cs
- RectAnimationClockResource.cs
- PeerUnsafeNativeCryptMethods.cs
- PersonalizablePropertyEntry.cs
- HtmlInputCheckBox.cs
- Parameter.cs
- Misc.cs
- SingleConverter.cs
- ViewgenGatekeeper.cs
- FixedSOMImage.cs
- X509ChainElement.cs
- Binding.cs
- EntitySetBaseCollection.cs
- ToolStripControlHost.cs
- EmissiveMaterial.cs
- PointLightBase.cs
- FactoryMaker.cs
- SubMenuStyle.cs
- InheritanceRules.cs
- SafeNativeMethodsOther.cs
- MatchingStyle.cs
- __Error.cs
- IncrementalCompileAnalyzer.cs
- VisualTransition.cs
- _ConnectionGroup.cs
- XmlBaseWriter.cs
- Odbc32.cs
- Delegate.cs
- KeyValueConfigurationCollection.cs
- SortFieldComparer.cs
- XmlReflectionImporter.cs
- ProtocolsConfigurationHandler.cs
- SafeNativeMethods.cs
- GroupStyle.cs
- TypeLoadException.cs
- WindowInteractionStateTracker.cs
- CacheAxisQuery.cs
- SimplePropertyEntry.cs
- FunctionImportElement.cs
- smtpconnection.cs
- WebRequestModuleElementCollection.cs
- TagPrefixCollection.cs
- MemoryRecordBuffer.cs
- Byte.cs
- TextParagraphProperties.cs
- WebPartChrome.cs
- _NativeSSPI.cs
- DesignerActionKeyboardBehavior.cs
- AuthorizationBehavior.cs
- ParallelDesigner.cs
- KnownAssembliesSet.cs
- ObjectDataSourceStatusEventArgs.cs
- PolicyStatement.cs
- OlePropertyStructs.cs
- Currency.cs
- MemoryResponseElement.cs
- TransformerInfo.cs
- RelationshipManager.cs
- userdatakeys.cs
- DataColumnMapping.cs
- VariableAction.cs
- ConfigurationValidatorAttribute.cs
- SessionStateContainer.cs
- MaterialGroup.cs
- _HeaderInfo.cs
- SymDocumentType.cs
- SchemaTypeEmitter.cs
- BitmapEffectvisualstate.cs
- SingleConverter.cs
- Permission.cs
- ResourceIDHelper.cs
- StreamMarshaler.cs
- DbProviderSpecificTypePropertyAttribute.cs
- FrameworkPropertyMetadata.cs
- DbConnectionPoolGroup.cs
- GridViewSelectEventArgs.cs
- RepeatButton.cs
- CodeFieldReferenceExpression.cs
- InputLanguageSource.cs
- NameValueSectionHandler.cs
- TemplateControl.cs
- ProjectionCamera.cs
- Matrix3D.cs
- WhereaboutsReader.cs
- SchemaTypeEmitter.cs
- SerTrace.cs
- ComNativeDescriptor.cs
- BrowserCapabilitiesCompiler.cs
- ListControl.cs
- FunctionNode.cs
- DragDeltaEventArgs.cs
- NativeMethods.cs
- DocumentViewerBase.cs
- XmlIncludeAttribute.cs