1 //------------------------------------------------------------------------------
2 // <copyright file="XmlSecureResolver.cs" company="Microsoft">
3 // Copyright (c) Microsoft Corporation. All rights reserved.
5 // <owner current="true" primary="true">[....]</owner>
6 //------------------------------------------------------------------------------
10 using System.Security;
11 using System.Security.Policy;
12 using System.Security.Permissions;
13 using System.Runtime.Versioning;
15 [PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
16 public partial class XmlSecureResolver : XmlResolver {
18 PermissionSet permissionSet;
20 public XmlSecureResolver(XmlResolver resolver, string securityUrl) : this(resolver, CreateEvidenceForUrl(securityUrl)) {}
22 public XmlSecureResolver(XmlResolver resolver, Evidence evidence) : this(resolver, SecurityManager.GetStandardSandbox(evidence)) {}
24 public XmlSecureResolver(XmlResolver resolver, PermissionSet permissionSet) {
25 this.resolver = resolver;
26 this.permissionSet = permissionSet;
29 public override ICredentials Credentials {
30 set { resolver.Credentials = value; }
33 public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn) {
34 permissionSet.PermitOnly();
35 return resolver.GetEntity(absoluteUri, role, ofObjectToReturn);
38 [ResourceConsumption(ResourceScope.Machine)]
39 [ResourceExposure(ResourceScope.Machine)]
40 public override Uri ResolveUri(Uri baseUri, string relativeUri) {
41 return resolver.ResolveUri(baseUri, relativeUri);
44 public static Evidence CreateEvidenceForUrl(string securityUrl) {
45 Evidence evidence = new Evidence();
46 if (securityUrl != null && securityUrl.Length > 0) {
47 evidence.AddHostEvidence(new Url(securityUrl));
48 evidence.AddHostEvidence(Zone.CreateFromUrl(securityUrl));
49 Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
50 if (uri.IsAbsoluteUri && !uri.IsFile) {
51 evidence.AddHostEvidence(Site.CreateFromUrl(securityUrl));
54 // Allow same directory access for UNCs (SQLBUDT 394535)
55 if (uri.IsAbsoluteUri && uri.IsUnc) {
56 string uncDir = System.IO.Path.GetDirectoryName(uri.LocalPath);
57 if (uncDir != null && uncDir.Length != 0) {
58 evidence.AddHostEvidence(new UncDirectory(uncDir));
66 private class UncDirectory : EvidenceBase, IIdentityPermissionFactory {
67 private string uncDir;
69 public UncDirectory(string uncDirectory) {
70 this.uncDir = uncDirectory;
73 public IPermission CreateIdentityPermission(Evidence evidence) {
74 return new FileIOPermission(FileIOPermissionAccess.Read, uncDir);
77 public override EvidenceBase Clone()
79 return new UncDirectory(uncDir);
82 private SecurityElement ToXml() {
83 SecurityElement root = new SecurityElement("System.Xml.XmlSecureResolver");
84 root.AddAttribute("version", "1");
85 root.AddChild(new SecurityElement("UncDirectory", uncDir));
89 public override string ToString() {
90 return ToXml().ToString();