The Labs \ Source Viewer \ SSCLI \ System.Xml \ XmlSecureResolver

  1. //------------------------------------------------------------------------------
  2. // <copyright file="XmlAttributeTokenInfo.cs" company="Microsoft">
  3. //
  4. // Copyright (c) 2006 Microsoft Corporation. All rights reserved.
  5. //
  6. // The use and distribution terms for this software are contained in the file
  7. // named license.txt, which can be found in the root of this distribution.
  8. // By using this software in any fashion, you are agreeing to be bound by the
  9. // terms of this license.
  10. //
  11. // You must not remove this notice, or any other, from this software.
  12. //
  13. // </copyright>
  14. //------------------------------------------------------------------------------
  15. namespace System.Xml
  16. {
  17.    
  18.     using System.Net;
  19.     using System.Security;
  20.     using System.Security.Policy;
  21.     using System.Security.Permissions;
  22.    
  23.     [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
  24.     public class XmlSecureResolver : XmlResolver
  25.     {
  26.         XmlResolver resolver;
  27.         PermissionSet permissionSet;
  28.        
  29.         public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl))
  30.         {
  31.         }
  32.        
  33.         public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.ResolvePolicy(evidence))
  34.         {
  35.         }
  36.        
  37.         public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet)
  38.         {
  39.             this.resolver = resolver;
  40.             this.permissionSet = permissionSet;
  41.         }
  42.        
  43.         public override ICredentials Credentials {
  44.             set { resolver.Credentials = value; }
  45.         }
  46.        
  47.         public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn)
  48.         {
  49.             permissionSet.PermitOnly();
  50.             return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
  51.         }
  52.        
  53.         public override Uri ResolveUri(Uri baseUri, string relativeUri)
  54.         {
  55.             return resolver.ResolveUri(baseUri, relativeUri);
  56.         }
  57.        
  58.         public static Evidence CreateEvidenceForUrl(string securityUrl)
  59.         {
  60.             Evidence evidence = new Evidence();
  61.             if (securityUrl != null && securityUrl.Length > 0) {
  62.                 evidence.AddHost(new Url(securityUrl));
  63.                 evidence.AddHost(Zone.CreateFromUrl(securityUrl));
  64.                 Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
  65.                 if (uri.IsAbsoluteUri && !uri.IsFile) {
  66.                     evidence.AddHost(Site.CreateFromUrl(securityUrl));
  67.                 }
  68.             }
  69.             return evidence;
  70.         }
  71.     }
  72. }

Developer Fusion