Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// [....]
//-----------------------------------------------------------------------------
namespace System.Xml {
using System.Net;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Runtime.Versioning;
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public class XmlSecureResolver : XmlResolver {
XmlResolver resolver;
PermissionSet permissionSet;
public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
this.resolver = resolver;
this.permissionSet = permissionSet;
}
public override ICredentials Credentials {
set { resolver.Credentials = value; }
}
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
permissionSet.PermitOnly();
return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
}
[ResourceConsumption(ResourceScope.Machine)]
[ResourceExposure(ResourceScope.Machine)]
public override Uri ResolveUri(Uri baseUri, string relativeUri) {
return resolver.ResolveUri(baseUri, relativeUri);
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHostEvidence(new Url(securityUrl));
evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
}
// Allow same directory access for UNCs (SQLBUDT 394535)
if (uri.IsAbsoluteUri && uri.IsUnc) {
string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
if (uncDir != null && uncDir.Length != 0) {
evidence.AddHostEvidence(new UncDirectory(uncDir));
}
}
}
return evidence;
}
[Serializable]
private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
private string uncDir;
public UncDirectory(string uncDirectory) {
this.uncDir = uncDirectory;
}
public IPermission CreateIdentityPermission(Evidence evidence) {
return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
}
public override EvidenceBase Clone()
{
return new UncDirectory(uncDir);
}
private SecurityElement ToXml() {
SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
root.AddAttribute("version", "1");
root.AddChild(new SecurityElement("UncDirectory", uncDir));
return root;
}
public override string ToString() {
return ToXml().ToString();
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- NewArray.cs
- RequestCachePolicyConverter.cs
- RoleService.cs
- DrawingAttributes.cs
- ServiceInstanceProvider.cs
- ListItemCollection.cs
- QuaternionConverter.cs
- CategoryGridEntry.cs
- BitmapMetadata.cs
- DynamicPropertyHolder.cs
- WebBrowserProgressChangedEventHandler.cs
- PagedDataSource.cs
- DiscoveryClientDocuments.cs
- TemplateColumn.cs
- OneWayElement.cs
- ExtenderProvidedPropertyAttribute.cs
- JsonQueryStringConverter.cs
- EventLogStatus.cs
- XmlEnumAttribute.cs
- SapiAttributeParser.cs
- SqlPersistenceWorkflowInstanceDescription.cs
- ResizeGrip.cs
- ColorIndependentAnimationStorage.cs
- XmlSchemaCollection.cs
- TextModifier.cs
- SessionSwitchEventArgs.cs
- Underline.cs
- CompositionAdorner.cs
- ComPlusContractBehavior.cs
- CodePageEncoding.cs
- DataGridViewRowHeaderCell.cs
- ThreadLocal.cs
- ProfileSection.cs
- PrintControllerWithStatusDialog.cs
- handlecollector.cs
- SSmlParser.cs
- FocusChangedEventArgs.cs
- ApplyTemplatesAction.cs
- ButtonAutomationPeer.cs
- ScriptManagerProxy.cs
- SmtpDigestAuthenticationModule.cs
- Object.cs
- dsa.cs
- StaticDataManager.cs
- LinkUtilities.cs
- AssemblyLoader.cs
- DesignerActionVerbItem.cs
- DataFormat.cs
- __TransparentProxy.cs
- XamlBuildProvider.cs
- DesignerSerializationOptionsAttribute.cs
- DynamicPropertyHolder.cs
- LicenseException.cs
- ReturnEventArgs.cs
- MenuItem.cs
- DrawingContextDrawingContextWalker.cs
- ItemCollection.cs
- CmsInterop.cs
- XmlSchemaSubstitutionGroup.cs
- HMACRIPEMD160.cs
- RuntimeArgumentHandle.cs
- PixelShader.cs
- DataViewManagerListItemTypeDescriptor.cs
- ColorAnimationBase.cs
- FilterRepeater.cs
- EncoderBestFitFallback.cs
- TextEncodedRawTextWriter.cs
- RangeValuePatternIdentifiers.cs
- SqlClientWrapperSmiStream.cs
- TypeDependencyAttribute.cs
- StringKeyFrameCollection.cs
- HttpPostedFile.cs
- ProtocolViolationException.cs
- UnsafeNetInfoNativeMethods.cs
- LabelDesigner.cs
- InvokeFunc.cs
- Axis.cs
- TdsParser.cs
- SmtpNtlmAuthenticationModule.cs
- MachineKeyConverter.cs
- RectangleGeometry.cs
- Mutex.cs
- C14NUtil.cs
- MdiWindowListStrip.cs
- XDeferredAxisSource.cs
- DataRelationPropertyDescriptor.cs
- Delegate.cs
- DynamicPropertyReader.cs
- ErrorRuntimeConfig.cs
- TdsParserStateObject.cs
- ButtonField.cs
- Switch.cs
- CategoryNameCollection.cs
- PeerNameRegistration.cs
- PagePropertiesChangingEventArgs.cs
- StickyNoteAnnotations.cs
- QueryExecutionOption.cs
- StoreItemCollection.cs
- SafeNativeMethodsMilCoreApi.cs
- GeneralTransformCollection.cs