XmlSecureResolver Constructors

Definition

Initializes a new instance of the XmlSecureResolver class.

Overloads

XmlSecureResolver(XmlResolver, PermissionSet)

Initializes a new instance of the XmlSecureResolver class with the XmlResolver and PermissionSet specified.

XmlSecureResolver(XmlResolver, Evidence)

Initializes a new instance of the XmlSecureResolver class with the XmlResolver and Evidence specified.

XmlSecureResolver(XmlResolver, String)

Initializes a new instance of the XmlSecureResolver class with the XmlResolver and URL provided.

Remarks

The three constructors provide three types of access restrictions:

See the constructor reference topics for examples of these types of restrictions.

XmlSecureResolver(XmlResolver, PermissionSet)

Initializes a new instance of the XmlSecureResolver class with the XmlResolver and PermissionSet specified.

public:
 XmlSecureResolver(System::Xml::XmlResolver ^ resolver, System::Security::PermissionSet ^ permissionSet);
public XmlSecureResolver (System.Xml.XmlResolver resolver, System.Security.PermissionSet permissionSet);
new System.Xml.XmlSecureResolver : System.Xml.XmlResolver * System.Security.PermissionSet -> System.Xml.XmlSecureResolver

Parameters

resolver
XmlResolver

The XML resolver that is wrapped by the XmlSecureResolver.

permissionSet
PermissionSet

The permission set to apply to the underlying XmlResolver. The XmlSecureResolver calls the PermitOnly() method on the permission set before calling the GetEntity(Uri, String, Type) method on the underlying XML resolver.

Examples

The following example constructs an XmlSecureResolver object by using a customized permission set.

Object^ GetFile( String^ fileURL, XmlResolver^ resolver )
{
   // Generate the default PermissionSet using the file URL.
   Evidence^ evidence = XmlSecureResolver::CreateEvidenceForUrl( fileURL );
   PermissionSet^ myPermissions = SecurityManager::ResolvePolicy( evidence );
   
   // Modify the PermissionSet to only allow access to http://www.contoso.com.
   // Create a WebPermission which only allows access to http://www.contoso.com.
   WebPermission^ myWebPermission = gcnew WebPermission(
      NetworkAccess::Connect,"http://www.contoso.com" );
   // Replace the existing WebPermission in myPermissions with the updated WebPermission.
   myPermissions->SetPermission( myWebPermission );
   
   // Use the modified PermissionSet to construct the XmlSecureResolver.
   XmlSecureResolver^ sResolver = gcnew XmlSecureResolver( resolver,myPermissions );
   
   // Get the object.
   Uri^ fullUri = sResolver->ResolveUri( nullptr, fileURL );
   return sResolver->GetEntity( fullUri, nullptr, nullptr );
}

public static Object GetFile (String fileURL, XmlResolver resolver) {
 
  // Generate the default PermissionSet using the file URL.
  Evidence evidence = XmlSecureResolver.CreateEvidenceForUrl(fileURL);
  PermissionSet myPermissions = SecurityManager.ResolvePolicy(evidence);

  // Modify the PermissionSet to only allow access to http://www.contoso.com.
  // Create a WebPermission which only allows access to http://www.contoso.com.
  WebPermission myWebPermission = new WebPermission(NetworkAccess.Connect, "http://www.contoso.com");
  // Replace the existing WebPermission in myPermissions with the updated WebPermission.
  myPermissions.SetPermission(myWebPermission);

  // Use the modified PermissionSet to construct the XmlSecureResolver.
  XmlSecureResolver sResolver = new XmlSecureResolver(resolver, myPermissions);

  // Get the object.
  Uri fullUri = sResolver.ResolveUri(null, fileURL);
  return sResolver.GetEntity(fullUri, null, null);
} 

public shared function GetFile (fileURL as String , resolver as XmlResolver) as Object
 
  '  Generate the default PermissionSet using the file URL.
  Dim evidence as Evidence = XmlSecureResolver.CreateEvidenceForUrl(fileURL)
  Dim myPermissions as PermissionSet = SecurityManager.ResolvePolicy(evidence)

  '  Modify the PermissionSet to only allow access to http://www.contoso.com.
  '  Create a WebPermission that only allows access to http://www.contoso.com.
  Dim myWebPermission as WebPermission = new WebPermission(NetworkAccess.Connect, "http://www.contoso.com")
  '  Replace the existing WebPermission in myPermissions with the updated WebPermission.
  myPermissions.SetPermission(myWebPermission)

  '  Use the modified PermissionSet to construct the XmlSecureResolver.
  Dim sResolver as XmlSecureResolver = new XmlSecureResolver(resolver, myPermissions)

  '  Get the object.
  Dim fullUri as Uri = sResolver.ResolveUri(nothing, fileURL)
  return sResolver.GetEntity(fullUri, nothing, nothing)
end function 

See also

XmlSecureResolver(XmlResolver, Evidence)

Initializes a new instance of the XmlSecureResolver class with the XmlResolver and Evidence specified.

public:
 XmlSecureResolver(System::Xml::XmlResolver ^ resolver, System::Security::Policy::Evidence ^ evidence);
public XmlSecureResolver (System.Xml.XmlResolver resolver, System.Security.Policy.Evidence evidence);
new System.Xml.XmlSecureResolver : System.Xml.XmlResolver * System.Security.Policy.Evidence -> System.Xml.XmlSecureResolver

Parameters

resolver
XmlResolver

The XML resolver that is wrapped by the XmlSecureResolver.

evidence
Evidence

The evidence used to create the PermissionSet that will be applied to the underlying XmlResolver. The XmlSecureResolver calls the PermitOnly() method on the created PermissionSet before calling GetEntity(Uri, String, Type) on the underlying XmlResolver.

Remarks

Here are some possible scenarios and the type of evidence to provide for each scenario:

  • If you are working in a fully trusted environment, use your assembly to create the evidence:

    Evidence myEvidence = this.GetType().Assembly.Evidence;
    XmlSecureResolver myResolver;
    myResolver = new XmlSecureResolver(new XmlUrlResolver(), myEvidence);
    
    Dim myEvidence As Evidence = Me.GetType().Assembly.Evidence
    Dim myResolver As XmlSecureResolver
    myResolver = New XmlSecureResolver(New XmlUrlResolver(), myEvidence)
    
  • If you are working in a semi-trusted environment, you have code or data coming from an outside source, and you know the origin of the outside source and have a verifiable URI, use the URI to create the evidence:

    
    Evidence myEvidence = XmlSecureResolver.CreateEvidenceForUrl(sourceURI);
    XmlSecureResolver myResolver = new XmlSecureResolver(new XmlUrlResolver(), myEvidence);
    
    Dim myEvidence As Evidence = XmlSecureResolver.CreateEvidenceForUrl(sourceURI)
    Dim myResolver As New XmlSecureResolver(New XmlUrlResolver(), myEvidence)
    
  • If you are working in a semi-trusted environment and you have code or data coming from an outside source, but you don't know the origin of the outside source, either:

    Set the evidence parameter to null. This allows no access to resources.

    -or-

    If your application requires some access to resources, request evidence from the caller.

XmlSecureResolver(XmlResolver, String)

Initializes a new instance of the XmlSecureResolver class with the XmlResolver and URL provided.

public:
 XmlSecureResolver(System::Xml::XmlResolver ^ resolver, System::String ^ securityUrl);
public XmlSecureResolver (System.Xml.XmlResolver resolver, string securityUrl);
new System.Xml.XmlSecureResolver : System.Xml.XmlResolver * string -> System.Xml.XmlSecureResolver
Public Sub New (resolver As XmlResolver, securityUrl As String)

Parameters

resolver
XmlResolver

The XML resolver that is wrapped by the XmlSecureResolver.

securityUrl
String

The URL used to create the PermissionSet that will be applied to the underlying XmlResolver. The XmlSecureResolver calls PermitOnly() on the created PermissionSet before calling GetEntity(Uri, String, Type) on the underlying XmlResolver.

Examples

This example uses the XmlSecureResolver(XmlResolver, String) constructor to create an XmlSecureResolver object that is allowed to access your local intranet site only.

XmlSecureResolver myResolver = new XmlSecureResolver(new XmlUrlResolver(), "http://myLocalSite/");
Dim myResolver As New XmlSecureResolver(New XmlUrlResolver(), "http://myLocalSite/") 

Remarks

Important

There are differences in the security infrastructure for code running on the .NET Framework common language runtime (CLR) and for code running on the CLR that is integrated within Microsoft SQL Server 2005. This can lead to cases where code developed for the .NET Framework CLR operates differently when used on the SQL Server integrated CLR. One of these differences affects the XmlSecureResolver class when you have evidence that is based on a URL (that is, when you use the CreateEvidenceForUrl method or the XmlSecureResolver(XmlResolver, String) constructor). The policy resolution mechanism of the SQL Server integrated CLR does not use the Url or Zone information. Instead, it grants permissions based on the GUID that the server adds when assemblies are loaded. When you use the XmlSecureResolver in the SQL Server integrated CLR, provide any required evidence directly by using a specified PermissionSet.

Applies to