Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- BroadcastEventHelper.cs
- XmlUtil.cs
- DataGridCheckBoxColumn.cs
- WebServiceEnumData.cs
- XmlSchemaSubstitutionGroup.cs
- DbProviderFactories.cs
- TableSectionStyle.cs
- WsdlBuildProvider.cs
- NCryptNative.cs
- xmlglyphRunInfo.cs
- SmiRequestExecutor.cs
- ItemDragEvent.cs
- GridToolTip.cs
- Cursor.cs
- DbgUtil.cs
- Group.cs
- NamedPipeAppDomainProtocolHandler.cs
- Exceptions.cs
- SerializationSectionGroup.cs
- Vector3dCollection.cs
- MetadataSerializer.cs
- ExportOptions.cs
- PeerName.cs
- ProfessionalColors.cs
- Rect3D.cs
- DateTimeFormat.cs
- ItemsPresenter.cs
- DataGridViewColumnCollection.cs
- BmpBitmapDecoder.cs
- MethodImplAttribute.cs
- SqlXmlStorage.cs
- StructuredType.cs
- ParseNumbers.cs
- SHA256Managed.cs
- Action.cs
- XmlDictionaryReaderQuotas.cs
- wmiprovider.cs
- MimeObjectFactory.cs
- ConfigurationSection.cs
- SmiMetaDataProperty.cs
- GifBitmapDecoder.cs
- DefaultSection.cs
- CharacterBuffer.cs
- HostedBindingBehavior.cs
- SapiRecognizer.cs
- DynamicMetaObject.cs
- DockingAttribute.cs
- ColorDialog.cs
- EventTrigger.cs
- DataListAutoFormat.cs
- GuidelineCollection.cs
- DependencyPropertyKey.cs
- EtwTrace.cs
- TextSearch.cs
- EdmSchemaError.cs
- CustomWebEventKey.cs
- XmlSubtreeReader.cs
- Stream.cs
- DesignerActionVerbList.cs
- TabletDeviceInfo.cs
- DesignerActionTextItem.cs
- Brush.cs
- ObjectDataSourceDisposingEventArgs.cs
- CannotUnloadAppDomainException.cs
- XmlUtil.cs
- UrlMappingsSection.cs
- EditingScopeUndoUnit.cs
- MediaElementAutomationPeer.cs
- dtdvalidator.cs
- PtsPage.cs
- FormViewPageEventArgs.cs
- VisualStateGroup.cs
- SubclassTypeValidatorAttribute.cs
- ZipIOLocalFileBlock.cs
- SymmetricKey.cs
- Main.cs
- Size3D.cs
- ObjectListDataBindEventArgs.cs
- SuppressMessageAttribute.cs
- LiteralControl.cs
- DurableEnlistmentState.cs
- UnaryOperationBinder.cs
- backend.cs
- CodeConditionStatement.cs
- VerificationException.cs
- Evaluator.cs
- ReliableOutputConnection.cs
- ClientEventManager.cs
- SelectorItemAutomationPeer.cs
- ProjectionCamera.cs
- StringFunctions.cs
- GeometryCombineModeValidation.cs
- MarshalByValueComponent.cs
- TextBoxDesigner.cs
- ProcessInputEventArgs.cs
- TableRowCollection.cs
- ToolStripDropTargetManager.cs
- TableHeaderCell.cs
- HttpCachePolicy.cs
- AnnotationResource.cs