Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //[....] //----------------------------------------------------------------------------- namespace System.Xml { using System.Net; using System.Security; using System.Security.Policy; using System.Security.Permissions; using System.Runtime.Versioning; [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")] public class XmlSecureResolver : XmlResolver { XmlResolver resolver; PermissionSet permissionSet; public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {} public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {} public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) { this.resolver = resolver; this.permissionSet = permissionSet; } public override ICredentials Credentials { set { resolver.Credentials = value; } } public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) { permissionSet.PermitOnly(); return resolver.GetEntity(absoluteUri, role, ofObjectToReturn); } [ResourceConsumption(ResourceScope.Machine)] [ResourceExposure(ResourceScope.Machine)] public override Uri ResolveUri(Uri baseUri, string relativeUri) { return resolver.ResolveUri(baseUri, relativeUri); } public static Evidence CreateEvidenceForUrl(string securityUrl) { Evidence evidence = new Evidence(); if (securityUrl != null && securityUrl.Length > 0) { evidence.AddHostEvidence(new Url(securityUrl)); evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl)); Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute); if (uri.IsAbsoluteUri && !uri.IsFile) { evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl)); } // Allow same directory access for UNCs (SQLBUDT 394535) if (uri.IsAbsoluteUri && uri.IsUnc) { string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath); if (uncDir != null && uncDir.Length != 0) { evidence.AddHostEvidence(new UncDirectory(uncDir)); } } } return evidence; } [Serializable] private class UncDirectory : EvidenceBase, IIdentityPermissionFactory { private string uncDir; public UncDirectory(string uncDirectory) { this.uncDir = uncDirectory; } public IPermission CreateIdentityPermission(Evidence evidence) { return new FileIOPermission(FileIOPermissionAccess.Read, uncDir); } public override EvidenceBase Clone() { return new UncDirectory(uncDir); } private SecurityElement ToXml() { SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver"); root.AddAttribute("version", "1"); root.AddChild(new SecurityElement("UncDirectory", uncDir)); return root; } public override string ToString() { return ToXml().ToString(); } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //[....] //----------------------------------------------------------------------------- namespace System.Xml { using System.Net; using System.Security; using System.Security.Policy; using System.Security.Permissions; using System.Runtime.Versioning; [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")] public class XmlSecureResolver : XmlResolver { XmlResolver resolver; PermissionSet permissionSet; public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {} public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {} public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) { this.resolver = resolver; this.permissionSet = permissionSet; } public override ICredentials Credentials { set { resolver.Credentials = value; } } public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) { permissionSet.PermitOnly(); return resolver.GetEntity(absoluteUri, role, ofObjectToReturn); } [ResourceConsumption(ResourceScope.Machine)] [ResourceExposure(ResourceScope.Machine)] public override Uri ResolveUri(Uri baseUri, string relativeUri) { return resolver.ResolveUri(baseUri, relativeUri); } public static Evidence CreateEvidenceForUrl(string securityUrl) { Evidence evidence = new Evidence(); if (securityUrl != null && securityUrl.Length > 0) { evidence.AddHostEvidence(new Url(securityUrl)); evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl)); Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute); if (uri.IsAbsoluteUri && !uri.IsFile) { evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl)); } // Allow same directory access for UNCs (SQLBUDT 394535) if (uri.IsAbsoluteUri && uri.IsUnc) { string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath); if (uncDir != null && uncDir.Length != 0) { evidence.AddHostEvidence(new UncDirectory(uncDir)); } } } return evidence; } [Serializable] private class UncDirectory : EvidenceBase, IIdentityPermissionFactory { private string uncDir; public UncDirectory(string uncDirectory) { this.uncDir = uncDirectory; } public IPermission CreateIdentityPermission(Evidence evidence) { return new FileIOPermission(FileIOPermissionAccess.Read, uncDir); } public override EvidenceBase Clone() { return new UncDirectory(uncDir); } private SecurityElement ToXml() { SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver"); root.AddAttribute("version", "1"); root.AddChild(new SecurityElement("UncDirectory", uncDir)); return root; } public override string ToString() { return ToXml().ToString(); } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- RenderingEventArgs.cs
- Viewport2DVisual3D.cs
- RestHandler.cs
- ConfigurationElementProperty.cs
- StackOverflowException.cs
- TabletDevice.cs
- HandlerWithFactory.cs
- Point3DIndependentAnimationStorage.cs
- UpDownEvent.cs
- Parameter.cs
- AttachedPropertyBrowsableWhenAttributePresentAttribute.cs
- HandleDictionary.cs
- SQLString.cs
- DoubleCollectionConverter.cs
- X509UI.cs
- StorageEntityContainerMapping.cs
- HandlerBase.cs
- TextEditorCopyPaste.cs
- BindingManagerDataErrorEventArgs.cs
- AssociativeAggregationOperator.cs
- XmlSchemaFacet.cs
- MetadataArtifactLoaderCompositeFile.cs
- ColumnTypeConverter.cs
- MergeFilterQuery.cs
- EntitySetDataBindingList.cs
- PickBranch.cs
- HttpVersion.cs
- DataGridViewCellValidatingEventArgs.cs
- HtmlAnchor.cs
- GenerateHelper.cs
- FileCodeGroup.cs
- Quad.cs
- BitmapEncoder.cs
- StreamReader.cs
- BitmapMetadataEnumerator.cs
- GorillaCodec.cs
- RayMeshGeometry3DHitTestResult.cs
- Roles.cs
- WebAdminConfigurationHelper.cs
- XmlObjectSerializerWriteContextComplexJson.cs
- DoubleIndependentAnimationStorage.cs
- EntityClientCacheEntry.cs
- ObjectReferenceStack.cs
- DecoderNLS.cs
- PieceNameHelper.cs
- ConditionalAttribute.cs
- PrintPreviewGraphics.cs
- PathFigureCollection.cs
- Process.cs
- ArrayListCollectionBase.cs
- ValueTypeFixupInfo.cs
- XmlReflectionMember.cs
- ResetableIterator.cs
- OuterGlowBitmapEffect.cs
- DesignerMetadata.cs
- LogicalExpr.cs
- CodeParameterDeclarationExpressionCollection.cs
- M3DUtil.cs
- String.cs
- StatusBarAutomationPeer.cs
- TextBounds.cs
- BitmapFrameDecode.cs
- RoutedEvent.cs
- mediapermission.cs
- ModuleBuilder.cs
- ContentPresenter.cs
- StylusPointDescription.cs
- RegexCaptureCollection.cs
- SiteMapNodeCollection.cs
- InputManager.cs
- CheckableControlBaseAdapter.cs
- RoleGroupCollection.cs
- SerializationObjectManager.cs
- DatePicker.cs
- MediaContext.cs
- SmiEventSink.cs
- OleDbEnumerator.cs
- Misc.cs
- WebPartCloseVerb.cs
- TextWriterTraceListener.cs
- SqlFacetAttribute.cs
- UnmanagedMemoryStream.cs
- SamlAction.cs
- LicFileLicenseProvider.cs
- X509ThumbprintKeyIdentifierClause.cs
- WorkflowInstanceAbortedRecord.cs
- PropertyPathWorker.cs
- EncoderNLS.cs
- BidOverLoads.cs
- baseshape.cs
- SystemIcons.cs
- MsmqInputSessionChannel.cs
- XAMLParseException.cs
- ReachUIElementCollectionSerializer.cs
- InvokeWebServiceDesigner.cs
- RootBrowserWindowAutomationPeer.cs
- cookiecontainer.cs
- ExceptionValidationRule.cs
- ISSmlParser.cs
- DispatcherTimer.cs