Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- TemplatePartAttribute.cs
- XmlILStorageConverter.cs
- MD5CryptoServiceProvider.cs
- TableHeaderCell.cs
- Cursor.cs
- CollectionTraceRecord.cs
- WebReferencesBuildProvider.cs
- ContextDataSourceView.cs
- ExpressionReplacer.cs
- AuthStoreRoleProvider.cs
- DataGridTextBoxColumn.cs
- SqlConnection.cs
- FormClosingEvent.cs
- _RequestCacheProtocol.cs
- BatchServiceHost.cs
- InstanceDescriptor.cs
- ObjectDisposedException.cs
- MenuAutomationPeer.cs
- DefaultMergeHelper.cs
- TargetControlTypeCache.cs
- StaticExtension.cs
- StreamInfo.cs
- PresentationAppDomainManager.cs
- ManagementObjectSearcher.cs
- EventDescriptor.cs
- DataObjectFieldAttribute.cs
- ContactManager.cs
- WebResponse.cs
- SvcMapFile.cs
- ErrorTolerantObjectWriter.cs
- TextParagraphView.cs
- hresults.cs
- ColumnHeader.cs
- XsltContext.cs
- DashStyles.cs
- TableSectionStyle.cs
- EventWaitHandleSecurity.cs
- ProcessHost.cs
- PrintingPermission.cs
- RequestBringIntoViewEventArgs.cs
- SendMailErrorEventArgs.cs
- MessageDecoder.cs
- HtmlObjectListAdapter.cs
- KeyGesture.cs
- SqlConnectionStringBuilder.cs
- DbDataReader.cs
- ContentTypeSettingDispatchMessageFormatter.cs
- ClientSettingsStore.cs
- DbReferenceCollection.cs
- FieldMetadata.cs
- SettingsPropertyCollection.cs
- UnionExpr.cs
- BuildProviderUtils.cs
- Pair.cs
- StringStorage.cs
- ContractInferenceHelper.cs
- SqlUserDefinedTypeAttribute.cs
- _MultipleConnectAsync.cs
- ObjectSet.cs
- MarkerProperties.cs
- Mappings.cs
- GridProviderWrapper.cs
- DocComment.cs
- IListConverters.cs
- WindowsListViewGroupHelper.cs
- DataRowComparer.cs
- OleDbCommandBuilder.cs
- FormsAuthenticationTicket.cs
- HtmlInputButton.cs
- TripleDESCryptoServiceProvider.cs
- XamlGridLengthSerializer.cs
- sortedlist.cs
- ListBindingConverter.cs
- StorageModelBuildProvider.cs
- DependentList.cs
- TextTreeInsertUndoUnit.cs
- LongPath.cs
- DnsCache.cs
- BaseCollection.cs
- ResXResourceSet.cs
- RedistVersionInfo.cs
- HttpCachePolicyElement.cs
- ScriptIgnoreAttribute.cs
- CollectionExtensions.cs
- ChannelServices.cs
- ModulesEntry.cs
- CodeFieldReferenceExpression.cs
- BaseDataListComponentEditor.cs
- BitmapDownload.cs
- DistinctQueryOperator.cs
- CertificateManager.cs
- PropertyGeneratedEventArgs.cs
- CalendarData.cs
- EmbeddedMailObjectsCollection.cs
- ReadOnlyPermissionSet.cs
- IdentityModelStringsVersion1.cs
- Msec.cs
- LoginUtil.cs
- DataGridViewCellStyleChangedEventArgs.cs
- HuffCodec.cs