Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- ActiveXContainer.cs
- AllMembershipCondition.cs
- HttpListenerContext.cs
- FixedLineResult.cs
- GridViewHeaderRowPresenter.cs
- Comparer.cs
- SqlDataSourceConfigureSelectPanel.cs
- DictionaryManager.cs
- Math.cs
- WebConvert.cs
- ListViewTableCell.cs
- PowerEase.cs
- CompositeActivityTypeDescriptorProvider.cs
- SqlTopReducer.cs
- Number.cs
- HtmlControlPersistable.cs
- MobileControl.cs
- Binding.cs
- ClientTarget.cs
- EmptyEnumerator.cs
- OuterProxyWrapper.cs
- XmlSchemaCompilationSettings.cs
- GridViewSelectEventArgs.cs
- SignerInfo.cs
- Setter.cs
- DetailsViewPageEventArgs.cs
- GenericUriParser.cs
- PolyQuadraticBezierSegment.cs
- serverconfig.cs
- AuthenticationServiceManager.cs
- DrawingGroup.cs
- Queue.cs
- BidOverLoads.cs
- BamlVersionHeader.cs
- BaseServiceProvider.cs
- SetStoryboardSpeedRatio.cs
- DeflateInput.cs
- PropertyTabAttribute.cs
- XmlMembersMapping.cs
- ListenerAdapterBase.cs
- ArgumentNullException.cs
- SmtpReplyReaderFactory.cs
- LinqDataSourceView.cs
- BamlLocalizer.cs
- CuspData.cs
- SafeFindHandle.cs
- ConsoleCancelEventArgs.cs
- ResourceDisplayNameAttribute.cs
- Item.cs
- GridItem.cs
- DateTimeConverter2.cs
- UpdateManifestForBrowserApplication.cs
- StructuredTypeInfo.cs
- XmlQueryStaticData.cs
- OracleConnectionStringBuilder.cs
- MasterPageCodeDomTreeGenerator.cs
- CodeCommentStatement.cs
- EndpointBehaviorElement.cs
- RootProfilePropertySettingsCollection.cs
- ColorAnimationBase.cs
- CryptoApi.cs
- MessageBox.cs
- WorkflowPersistenceContext.cs
- DataGrid.cs
- EpmSourceTree.cs
- FilteredAttributeCollection.cs
- Soap12ProtocolReflector.cs
- JournalEntry.cs
- CodeIterationStatement.cs
- ByteStack.cs
- StdRegProviderWrapper.cs
- SqlDataSource.cs
- SystemIPGlobalStatistics.cs
- DbProviderFactory.cs
- DesignerEditorPartChrome.cs
- OutputBuffer.cs
- FormViewDeletedEventArgs.cs
- DataObjectMethodAttribute.cs
- ErrorProvider.cs
- RealizationContext.cs
- ComplexPropertyEntry.cs
- EntityViewGenerator.cs
- PermissionToken.cs
- Overlapped.cs
- HyperLinkStyle.cs
- ListViewEditEventArgs.cs
- DragDropManager.cs
- ListViewUpdateEventArgs.cs
- Part.cs
- Win32Exception.cs
- XmlMembersMapping.cs
- EpmContentSerializer.cs
- DbConnectionClosed.cs
- WebBrowsableAttribute.cs
- TypeNameParser.cs
- ProfileEventArgs.cs
- KeyManager.cs
- ComboBox.cs
- LoadWorkflowByKeyAsyncResult.cs
- ResourceProperty.cs