Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ElementProxy.cs
- ZipIOExtraFieldElement.cs
- NullToBooleanConverter.cs
- HtmlToClrEventProxy.cs
- Wildcard.cs
- ObjectSpanRewriter.cs
- IPHostEntry.cs
- SerializationException.cs
- Compiler.cs
- ListViewContainer.cs
- XPathEmptyIterator.cs
- CompilerGeneratedAttribute.cs
- SystemColorTracker.cs
- RectKeyFrameCollection.cs
- TimeSpanConverter.cs
- GetCertificateRequest.cs
- ArgumentOutOfRangeException.cs
- CallbackException.cs
- RenderOptions.cs
- SystemColorTracker.cs
- Style.cs
- XmlSubtreeReader.cs
- HttpApplicationFactory.cs
- AtomicFile.cs
- NodeCounter.cs
- ClassHandlersStore.cs
- WebPartCancelEventArgs.cs
- CallSiteBinder.cs
- RequestBringIntoViewEventArgs.cs
- PersonalizablePropertyEntry.cs
- ApplicationSecurityInfo.cs
- SerializerWriterEventHandlers.cs
- RichTextBox.cs
- BaseDataBoundControl.cs
- XmlNavigatorStack.cs
- ConstraintConverter.cs
- OleTxTransaction.cs
- XmlNodeChangedEventArgs.cs
- EntitySqlQueryState.cs
- Rotation3DAnimationUsingKeyFrames.cs
- FormatterServices.cs
- ToolStripSeparator.cs
- ListView.cs
- DBSchemaTable.cs
- BamlRecords.cs
- AdornerHitTestResult.cs
- KnownBoxes.cs
- ModifierKeysConverter.cs
- RelatedView.cs
- TempFiles.cs
- RSAPKCS1SignatureDeformatter.cs
- WebResourceUtil.cs
- InlineCollection.cs
- TrackingMemoryStream.cs
- HttpServerVarsCollection.cs
- RadioButton.cs
- MembershipUser.cs
- DescendantOverDescendantQuery.cs
- XslAst.cs
- PathSegmentCollection.cs
- DataContractSerializer.cs
- ClientApiGenerator.cs
- messageonlyhwndwrapper.cs
- AssemblyUtil.cs
- DataGridViewLinkCell.cs
- ScriptComponentDescriptor.cs
- OperatorExpressions.cs
- Config.cs
- AnchoredBlock.cs
- FileAuthorizationModule.cs
- ProvidePropertyAttribute.cs
- ContainerFilterService.cs
- CommandBindingCollection.cs
- UnionCqlBlock.cs
- IndentTextWriter.cs
- StylusButtonCollection.cs
- control.ime.cs
- DebugController.cs
- SystemSounds.cs
- TableLayoutPanelCodeDomSerializer.cs
- TemplatePropertyEntry.cs
- Globals.cs
- ContainerActivationHelper.cs
- UnsafeNativeMethodsMilCoreApi.cs
- RuntimeHandles.cs
- PersonalizationProvider.cs
- FixedFlowMap.cs
- ImageCollectionCodeDomSerializer.cs
- SmiConnection.cs
- StatusBarDrawItemEvent.cs
- MultiPropertyDescriptorGridEntry.cs
- ExitEventArgs.cs
- Frame.cs
- InfoCardServiceInstallComponent.cs
- Expression.cs
- Menu.cs
- FontFaceLayoutInfo.cs
- Emitter.cs
- WebPageTraceListener.cs
- ConstraintConverter.cs