XmlResolver XmlResolver XmlResolver XmlResolver Class

Definition

Resolves external XML resources named by a Uniform Resource Identifier (URI).

public ref class XmlResolver abstract
public abstract class XmlResolver
type XmlResolver = class
Public MustInherit Class XmlResolver
Inheritance
XmlResolverXmlResolverXmlResolverXmlResolver
Derived

Examples

The following example creates an XmlUrlResolver with default credentials. A XmlReader is used to read and display the resulting data stream.

using System;
using System.Xml;
using System.IO;

class Example
{
    static void Main()
    {
        // Create an XmlUrlResolver with default credentials.
        XmlUrlResolver resolver = new XmlUrlResolver();
        resolver.Credentials = System.Net.CredentialCache.DefaultCredentials;

        // Point the resolver at the desired resource and resolve as a stream.
        Uri baseUri = new Uri("http://serverName/");
        Uri fulluri = resolver.ResolveUri(baseUri, "fileName.xml");
        Stream s = (Stream)resolver.GetEntity(fulluri, null, typeof(Stream));

        // Create the reader with the resolved stream and display the data.
        XmlReader reader = XmlReader.Create(s);
        while (reader.Read())
        {
            Console.WriteLine(reader.ReadOuterXml());
        }
    }
}
Imports System
Imports System.Xml
Imports System.IO

Module Module1

    Sub Main()
        ' Create an XmlUrlResolver with default credentials.
        Dim resolver As New XmlUrlResolver()
        resolver.Credentials = System.Net.CredentialCache.DefaultCredentials

        ' Point the resolver at the desired resource and resolve as a stream.
        Dim baseUri As New Uri("http://serverName/")
        Dim fulluri As Uri = resolver.ResolveUri(baseUri, "fileName.xml")
        Dim s As Stream = CType(resolver.GetEntity(fulluri, Nothing, GetType(Stream)), Stream)

        ' Create the reader with the resolved stream and display the data.
        Dim reader As XmlReader = XmlReader.Create(s)
        While reader.Read()
            Console.WriteLine(reader.ReadOuterXml())
        End While
    End Sub
End Module

Remarks

The XmlResolver type is used to resolve external XML resources, such as entities, document type definitions (DTDs), or schemas. It is also used to process include and import elements found in Extensible Stylesheet Language (XSL) style sheets or XML Schema definition language (XSD) schemas.

XmlResolver handles all aspects of negotiating the connection to the resources, including handling security credentials, opening the connection to the data source, and returning the resource in the form of a stream or other object type. The object that calls XmlResolver has the task of interpreting the stream.

The System.Xml namespace includes two concrete implementations of the XmlResolver class:

You can create and specify your own resolver. If you don't specify a resolver, the reader uses a default XmlUrlResolver with no user credentials.

You specify the XmlResolver to use by setting the XmlReaderSettings.XmlResolver property and passing the XmlReaderSettings object to the Create method.

If the resource is stored on a system that requires authentication, you use the XmlResolver.Credentials property to specify the necessary credentials.

Supplying authentication credentials

The file that contains the XML data to read may have a restricted access policy. If authentication is required to access a network resource, use the Credentials property to specify the necessary credentials. If the Credentials property is not set, credentials are set to null.

For example, assume that credentials are needed when requesting data from the web for authentication purposes. Unless the web virtual directory allows anonymous access, you must set the Credentials property to supply credentials. The following example creates an XmlReader object that uses an XmlUrlResolver with default credentials to access the http://localhost/bookstore/inventory.xml site.

// Create a resolver with default credentials.
XmlUrlResolver^ resolver = gcnew XmlUrlResolver;
resolver->Credentials = System::Net::CredentialCache::DefaultCredentials;

 // Set the reader settings object to use the resolver.
 settings->XmlResolver = resolver;

// Create the XmlReader object.
XmlReader^ reader = XmlReader::Create( L"http://ServerName/data/books.xml", settings );

// Create a resolver with default credentials.
XmlUrlResolver resolver = new XmlUrlResolver();
resolver.Credentials = System.Net.CredentialCache.DefaultCredentials;

// Set the reader settings object to use the resolver.
settings.XmlResolver = resolver;

// Create the XmlReader object.
XmlReader reader = XmlReader.Create("http://ServerName/data/books.xml", settings);
' Create a resolver with default credentials.
Dim resolver as XmlUrlResolver = new XmlUrlResolver()
resolver.Credentials = System.Net.CredentialCache.DefaultCredentials

' Set the reader settings object to use the resolver.
settings.XmlResolver = resolver

' Create the XmlReader object.
Dim reader as XmlReader = XmlReader.Create("http://ServerName/data/books.xml", settings)

You can supply different credentials for different URIs and add them to a cache. These credentials are used to check authentication for the different URIs regardless of the original source of the XML. The following example shows how to add credentials to a cache.

// Create the credentials.
NetworkCredential myCred = new NetworkCredential(UserName,SecurelyStoredPassword,Domain); 
CredentialCache myCache = new CredentialCache(); 
myCache.Add(new Uri("http://www.contoso.com/"), "Basic", myCred); 
myCache.Add(new Uri("http://app.contoso.com/"), "Basic", myCred);

// Set the credentials on the XmlUrlResolver object.
XmlUrlResolver resolver = new XmlUrlResolver();
resolver.Credentials = myCache;

// Compile the style sheet.
XslCompiledTransform xslt = new XslCompiledTransform();
xslt.Load("http://serverName/data/xsl/order.xsl",XsltSettings.Default, resolver);	
' Create the credentials.
Dim myCred As NetworkCredential = New NetworkCredential(UserName,SecurelyStoredPassword,Domain)
Dim myCache As CredentialCache = New CredentialCache()
myCache.Add(new Uri("http://www.contoso.com/"), "Basic", myCred)
myCache.Add(new Uri("http://app.contoso.com/"), "Basic", myCred)

' Set the credentials on the XmlUrlResolver object.
Dim resolver As XmlUrlResolver = New XmlUrlResolver()
resolver.Credentials = myCache

' Compile the style sheet.
Dim xslt As XslCompiledTransform = New XslCompiledTransform()
xslt.Load("http://serverName/data/xsl/order.xsl", XsltSettings.Default, resolver)

Security considerations

Consider the following items when working with the XmlResolver class.

  • XmlResolver objects can contain sensitive information such as user credentials. You should be careful when caching XmlResolver objects and should not pass the XmlResolver object to an untrusted component.

  • If you are designing a class property that uses the XmlResolver class, the property should be defined as a write-only property. The property can be used to specify the XmlResolver to use, but it cannot be used to return an XmlResolver object.

  • If your application accepts XmlResolver objects from untrusted code, you cannot assume that the URI passed into the GetEntity method will be the same as that returned by the ResolveUri method. Classes derived from the XmlResolver class can override the GetEntity method and return data that is different than what was contained in the original URI.

  • Your application can mitigate memory denial of service threats to the GetEntity method by implementing an IStream that limits the number of bytes read. This helps guard against situations where malicious code attempts to pass an infinite stream of bytes to the GetEntity method.

Constructors

XmlResolver() XmlResolver() XmlResolver() XmlResolver()

Initializes a new instance of the XmlResolver class.

Properties

Credentials Credentials Credentials Credentials

When overridden in a derived class, sets the credentials used to authenticate web requests.

Methods

Equals(Object) Equals(Object) Equals(Object) Equals(Object)

Determines whether the specified object is equal to the current object.

(Inherited from Object)
GetEntity(Uri, String, Type) GetEntity(Uri, String, Type) GetEntity(Uri, String, Type) GetEntity(Uri, String, Type)

When overridden in a derived class, maps a URI to an object that contains the actual resource.

GetEntityAsync(Uri, String, Type) GetEntityAsync(Uri, String, Type) GetEntityAsync(Uri, String, Type) GetEntityAsync(Uri, String, Type)

Asynchronously maps a URI to an object that contains the actual resource.

GetHashCode() GetHashCode() GetHashCode() GetHashCode()

Serves as the default hash function.

(Inherited from Object)
GetType() GetType() GetType() GetType()

Gets the Type of the current instance.

(Inherited from Object)
MemberwiseClone() MemberwiseClone() MemberwiseClone() MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
ResolveUri(Uri, String) ResolveUri(Uri, String) ResolveUri(Uri, String) ResolveUri(Uri, String)

When overridden in a derived class, resolves the absolute URI from the base and relative URIs.

SupportsType(Uri, Type) SupportsType(Uri, Type) SupportsType(Uri, Type) SupportsType(Uri, Type)

Enables the resolver to return types other than Stream.

ToString() ToString() ToString() ToString()

Returns a string that represents the current object.

(Inherited from Object)

Applies to

See Also