1 //------------------------------------------------------------------------------
2 // <copyright file="XmlSecureResolver.cs" company="Microsoft">
3 // Copyright (c) Microsoft Corporation. All rights reserved.
5 // <owner current="true" primary="true">[....]</owner>
6 //------------------------------------------------------------------------------
10 using System.Security;
11 using System.Security.Policy;
12 using System.Security.Permissions;
13 using System.Runtime.Versioning;
15 [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
16 public partial class XmlSecureResolver : XmlResolver {
19 PermissionSet permissionSet;
23 public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
25 public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
27 public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, (PermissionSet) null) {}
29 public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, (PermissionSet) null) {}
32 public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
33 this.resolver = resolver;
35 this.permissionSet = permissionSet;
39 public override ICredentials Credentials {
40 set { resolver.Credentials = value; }
43 public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
45 permissionSet.PermitOnly();
47 return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
50 [ResourceConsumption(ResourceScope.Machine)]
51 [ResourceExposure(ResourceScope.Machine)]
52 public override Uri ResolveUri(Uri baseUri, string relativeUri) {
53 return resolver.ResolveUri(baseUri, relativeUri);
56 public static Evidence CreateEvidenceForUrl(string securityUrl) {
58 Evidence evidence = new Evidence();
59 if (securityUrl != null && securityUrl.Length > 0) {
60 evidence.AddHostEvidence(new Url(securityUrl));
61 evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
62 Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
63 if (uri.IsAbsoluteUri && !uri.IsFile) {
64 evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
67 // Allow same directory access for UNCs (SQLBUDT 394535)
68 if (uri.IsAbsoluteUri && uri.IsUnc) {
69 string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
70 if (uncDir != null && uncDir.Length != 0) {
71 evidence.AddHostEvidence(new UncDirectory(uncDir));
84 private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
85 private string uncDir;
87 public UncDirectory(string uncDirectory) {
88 this.uncDir = uncDirectory;
91 public IPermission CreateIdentityPermission(Evidence evidence) {
92 return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
95 public override EvidenceBase Clone()
97 return new UncDirectory(uncDir);
100 private SecurityElement ToXml() {
101 SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
102 root.AddAttribute("version", "1");
103 root.AddChild(new SecurityElement("UncDirectory", uncDir));
107 public override string ToString() {
108 return ToXml().ToString();