Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- DataGridViewIntLinkedList.cs
- DBSqlParser.cs
- HttpChannelHelper.cs
- ProcessDesigner.cs
- ArrayElementGridEntry.cs
- Switch.cs
- HwndStylusInputProvider.cs
- BoolExpr.cs
- BindToObject.cs
- PolyQuadraticBezierSegment.cs
- FontCacheUtil.cs
- FilterElement.cs
- EmptyStringExpandableObjectConverter.cs
- ProfileSection.cs
- CallbackHandler.cs
- TabletDeviceInfo.cs
- TextEditor.cs
- _IPv6Address.cs
- RequestStatusBarUpdateEventArgs.cs
- Timer.cs
- CharacterShapingProperties.cs
- PixelFormat.cs
- XmlIlVisitor.cs
- DataSourceHelper.cs
- Stroke.cs
- DispatchWrapper.cs
- TextHidden.cs
- Assert.cs
- TextContainerChangeEventArgs.cs
- ErrorEventArgs.cs
- XPathDocumentIterator.cs
- TextTreeUndoUnit.cs
- PrintPreviewGraphics.cs
- NamedPermissionSet.cs
- ProxyWebPartConnectionCollection.cs
- LineSegment.cs
- HttpHandlerActionCollection.cs
- ImpersonateTokenRef.cs
- InputScopeNameConverter.cs
- HostingPreferredMapPath.cs
- BaseCollection.cs
- documentsequencetextview.cs
- Positioning.cs
- templategroup.cs
- Profiler.cs
- Certificate.cs
- UrlRoutingHandler.cs
- TemplatedEditableDesignerRegion.cs
- WindowsListView.cs
- WindowsSysHeader.cs
- PersonalizableAttribute.cs
- ReadOnlyDictionary.cs
- DocumentViewerAutomationPeer.cs
- GradientStop.cs
- XPathQilFactory.cs
- ValueTypeFixupInfo.cs
- SchemaImporter.cs
- DbResourceAllocator.cs
- UIntPtr.cs
- EntityDataSourceContextDisposingEventArgs.cs
- ThicknessAnimationUsingKeyFrames.cs
- MetadataArtifactLoaderComposite.cs
- HttpChannelFactory.cs
- EntitySetBase.cs
- WindowsScrollBar.cs
- ForeignConstraint.cs
- CodeMemberProperty.cs
- RemoveStoryboard.cs
- MemberRestriction.cs
- TriggerBase.cs
- Floater.cs
- HtmlAnchor.cs
- DoWorkEventArgs.cs
- Inflater.cs
- ThreadAttributes.cs
- XsdCachingReader.cs
- EventArgs.cs
- PenLineJoinValidation.cs
- LocationReferenceEnvironment.cs
- TableStyle.cs
- ByValueEqualityComparer.cs
- MergePropertyDescriptor.cs
- WinFormsSpinner.cs
- StyleSheetRefUrlEditor.cs
- HttpRequestTraceRecord.cs
- DataTableNewRowEvent.cs
- EventListenerClientSide.cs
- PlatformCulture.cs
- ScrollChrome.cs
- ThemeDirectoryCompiler.cs
- BulletChrome.cs
- SrgsSemanticInterpretationTag.cs
- ConvertersCollection.cs
- SafeUserTokenHandle.cs
- ExcludePathInfo.cs
- StateElementCollection.cs
- PolyBezierSegment.cs
- TitleStyle.cs
- PublisherMembershipCondition.cs
- Manipulation.cs