Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- FormsAuthenticationEventArgs.cs
- KeyToListMap.cs
- HttpCacheVaryByContentEncodings.cs
- HttpStaticObjectsCollectionWrapper.cs
- AssemblyResourceLoader.cs
- DataGridColumn.cs
- MarkupExtensionReturnTypeAttribute.cs
- TextEditorLists.cs
- StyleXamlParser.cs
- EncodingStreamWrapper.cs
- ErrorWebPart.cs
- OutputCacheModule.cs
- GridViewColumnCollection.cs
- EventRoute.cs
- InternalRelationshipCollection.cs
- Misc.cs
- CurrencyManager.cs
- ContainerAction.cs
- SafeEventLogWriteHandle.cs
- TextMessageEncodingBindingElement.cs
- SafeSystemMetrics.cs
- RuleValidation.cs
- MDIClient.cs
- Padding.cs
- BuildProviderUtils.cs
- SettingsContext.cs
- Int64.cs
- UnauthorizedWebPart.cs
- TypeBuilderInstantiation.cs
- ExceptionAggregator.cs
- Utility.cs
- SimpleFieldTemplateUserControl.cs
- EditorZoneAutoFormat.cs
- DataGridViewRowDividerDoubleClickEventArgs.cs
- MenuItem.cs
- NamespaceMapping.cs
- BuildDependencySet.cs
- PcmConverter.cs
- HtmlTextArea.cs
- HtmlTableCellCollection.cs
- SHA512Cng.cs
- _LocalDataStoreMgr.cs
- RelativeSource.cs
- oledbconnectionstring.cs
- translator.cs
- TreeViewDataItemAutomationPeer.cs
- PropertyGridEditorPart.cs
- Random.cs
- FrameworkTextComposition.cs
- PackWebResponse.cs
- HttpCookiesSection.cs
- WebRequestModuleElement.cs
- ToolStripOverflow.cs
- ActiveXHost.cs
- RightsManagementPermission.cs
- VariantWrapper.cs
- DeploymentSection.cs
- ISO2022Encoding.cs
- TagMapCollection.cs
- ByteStorage.cs
- SqlProfileProvider.cs
- CompatibleIComparer.cs
- XmlValidatingReader.cs
- ArrayTypeMismatchException.cs
- IImplicitResourceProvider.cs
- TextEditorLists.cs
- ColorPalette.cs
- BinaryCommonClasses.cs
- ValueConversionAttribute.cs
- mansign.cs
- GenericTypeParameterBuilder.cs
- mansign.cs
- HtmlTextArea.cs
- SplineKeyFrames.cs
- EmptyCollection.cs
- XPathPatternBuilder.cs
- SecurityPolicySection.cs
- KeyboardEventArgs.cs
- input.cs
- LinqDataSourceDisposeEventArgs.cs
- SymbolPair.cs
- ReferenceSchema.cs
- SourceSwitch.cs
- GuidConverter.cs
- FontFamilyIdentifier.cs
- CompositeScriptReferenceEventArgs.cs
- AutomationPatternInfo.cs
- figurelengthconverter.cs
- SqlParameter.cs
- WebPartHelpVerb.cs
- FormViewDeleteEventArgs.cs
- SafeLocalAllocation.cs
- ProtocolsSection.cs
- HebrewCalendar.cs
- DataGridViewRowPostPaintEventArgs.cs
- TableColumn.cs
- OracleRowUpdatedEventArgs.cs
- PlatformCulture.cs
- ExpressionBuilderCollection.cs
- AssemblyInfo.cs