Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / Xml / System / Xml / XmlSecureResolver.cs / 1305376 / XmlSecureResolver.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //[....] //----------------------------------------------------------------------------- namespace System.Xml { using System.Net; using System.Security; using System.Security.Policy; using System.Security.Permissions; using System.Runtime.Versioning; [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")] public class XmlSecureResolver : XmlResolver { XmlResolver resolver; PermissionSet permissionSet; public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {} public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {} public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) { this.resolver = resolver; this.permissionSet = permissionSet; } public override ICredentials Credentials { set { resolver.Credentials = value; } } public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) { permissionSet.PermitOnly(); return resolver.GetEntity(absoluteUri, role, ofObjectToReturn); } [ResourceConsumption(ResourceScope.Machine)] [ResourceExposure(ResourceScope.Machine)] public override Uri ResolveUri(Uri baseUri, string relativeUri) { return resolver.ResolveUri(baseUri, relativeUri); } public static Evidence CreateEvidenceForUrl(string securityUrl) { Evidence evidence = new Evidence(); if (securityUrl != null && securityUrl.Length > 0) { evidence.AddHostEvidence(new Url(securityUrl)); evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl)); Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute); if (uri.IsAbsoluteUri && !uri.IsFile) { evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl)); } // Allow same directory access for UNCs (SQLBUDT 394535) if (uri.IsAbsoluteUri && uri.IsUnc) { string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath); if (uncDir != null && uncDir.Length != 0) { evidence.AddHostEvidence(new UncDirectory(uncDir)); } } } return evidence; } [Serializable] private class UncDirectory : EvidenceBase, IIdentityPermissionFactory { private string uncDir; public UncDirectory(string uncDirectory) { this.uncDir = uncDirectory; } public IPermission CreateIdentityPermission(Evidence evidence) { return new FileIOPermission(FileIOPermissionAccess.Read, uncDir); } public override EvidenceBase Clone() { return new UncDirectory(uncDir); } private SecurityElement ToXml() { SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver"); root.AddAttribute("version", "1"); root.AddChild(new SecurityElement("UncDirectory", uncDir)); return root; } public override string ToString() { return ToXml().ToString(); } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // //[....] //----------------------------------------------------------------------------- namespace System.Xml { using System.Net; using System.Security; using System.Security.Policy; using System.Security.Permissions; using System.Runtime.Versioning; [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")] public class XmlSecureResolver : XmlResolver { XmlResolver resolver; PermissionSet permissionSet; public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {} public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {} public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) { this.resolver = resolver; this.permissionSet = permissionSet; } public override ICredentials Credentials { set { resolver.Credentials = value; } } public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) { permissionSet.PermitOnly(); return resolver.GetEntity(absoluteUri, role, ofObjectToReturn); } [ResourceConsumption(ResourceScope.Machine)] [ResourceExposure(ResourceScope.Machine)] public override Uri ResolveUri(Uri baseUri, string relativeUri) { return resolver.ResolveUri(baseUri, relativeUri); } public static Evidence CreateEvidenceForUrl(string securityUrl) { Evidence evidence = new Evidence(); if (securityUrl != null && securityUrl.Length > 0) { evidence.AddHostEvidence(new Url(securityUrl)); evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl)); Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute); if (uri.IsAbsoluteUri && !uri.IsFile) { evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl)); } // Allow same directory access for UNCs (SQLBUDT 394535) if (uri.IsAbsoluteUri && uri.IsUnc) { string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath); if (uncDir != null && uncDir.Length != 0) { evidence.AddHostEvidence(new UncDirectory(uncDir)); } } } return evidence; } [Serializable] private class UncDirectory : EvidenceBase, IIdentityPermissionFactory { private string uncDir; public UncDirectory(string uncDirectory) { this.uncDir = uncDirectory; } public IPermission CreateIdentityPermission(Evidence evidence) { return new FileIOPermission(FileIOPermissionAccess.Read, uncDir); } public override EvidenceBase Clone() { return new UncDirectory(uncDir); } private SecurityElement ToXml() { SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver"); root.AddAttribute("version", "1"); root.AddChild(new SecurityElement("UncDirectory", uncDir)); return root; } public override string ToString() { return ToXml().ToString(); } } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- versioninfo.cs
- Geometry3D.cs
- ResolveDuplexAsyncResult.cs
- SqlCacheDependencySection.cs
- UrlPath.cs
- NumberFormatInfo.cs
- SelectionItemPattern.cs
- CompilationPass2Task.cs
- RelationshipConstraintValidator.cs
- CellConstant.cs
- UnsafeNativeMethods.cs
- QilVisitor.cs
- RegexMatchCollection.cs
- SafePointer.cs
- AutoGeneratedField.cs
- ProbeMatchesMessage11.cs
- PropagatorResult.cs
- SortExpressionBuilder.cs
- _ListenerRequestStream.cs
- CompilationRelaxations.cs
- QuaternionRotation3D.cs
- EnvelopedPkcs7.cs
- CollectionViewGroupInternal.cs
- DispatcherOperation.cs
- PageCopyCount.cs
- ListViewVirtualItemsSelectionRangeChangedEvent.cs
- SelectionChangedEventArgs.cs
- CfgParser.cs
- SmiTypedGetterSetter.cs
- XamlBuildTaskServices.cs
- MimeTypeMapper.cs
- WindowsToolbarAsMenu.cs
- PageSettings.cs
- DataTableCollection.cs
- LassoHelper.cs
- MenuItemBinding.cs
- SubstitutionDesigner.cs
- OptimizerPatterns.cs
- TagPrefixInfo.cs
- XmlSchemaCompilationSettings.cs
- MeshGeometry3D.cs
- X500Name.cs
- TraceLevelStore.cs
- DSGeneratorProblem.cs
- StringBlob.cs
- EditCommandColumn.cs
- PreloadedPackages.cs
- COM2Properties.cs
- QueryReaderSettings.cs
- RuntimeResourceSet.cs
- StorageAssociationTypeMapping.cs
- messageonlyhwndwrapper.cs
- DataServiceBuildProvider.cs
- ParentQuery.cs
- ChannelSinkStacks.cs
- SaveFileDialog.cs
- ImageCodecInfoPrivate.cs
- MethodBody.cs
- BaseComponentEditor.cs
- LogEntrySerializationException.cs
- ConnectivityStatus.cs
- TraceSection.cs
- SmiConnection.cs
- ToolZone.cs
- ReadOnlyAttribute.cs
- BitmapEffectDrawing.cs
- GeometryDrawing.cs
- CorrelationQueryBehavior.cs
- RecognitionResult.cs
- MetroSerializationManager.cs
- AccessibleObject.cs
- DbExpressionVisitor.cs
- SmtpFailedRecipientException.cs
- HealthMonitoringSection.cs
- MemberAccessException.cs
- StreamingContext.cs
- TextFindEngine.cs
- NativeMethods.cs
- MatchNoneMessageFilter.cs
- EntityCommandExecutionException.cs
- ArglessEventHandlerProxy.cs
- DeclarativeCatalogPart.cs
- WpfWebRequestHelper.cs
- CodeExpressionStatement.cs
- Animatable.cs
- SettingsPropertyValue.cs
- EntityContainerEmitter.cs
- XmlException.cs
- MsmqEncryptionAlgorithm.cs
- AuthorizationContext.cs
- QueryableFilterRepeater.cs
- ToolStripOverflow.cs
- BitmapEffectrendercontext.cs
- TimeSpanSecondsOrInfiniteConverter.cs
- DiscoveryClientReferences.cs
- RelationshipEntry.cs
- SizeF.cs
- XmlSchemaAttributeGroupRef.cs
- PropertyFilterAttribute.cs
- SmtpMail.cs