Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

XmlResolver Class

Resolves external XML resources named by a Uniform Resource Identifier (URI).

Namespace:  System.Xml
Assembly:  System.Xml (in System.Xml.dll)
Public MustInherit Class XmlResolver

The XmlResolver type exposes the following members.

Protected methodSupported by the XNA FrameworkXmlResolverInitializes a new instance of the XmlResolver class.
Public propertySupported by the XNA FrameworkCredentialsWhen overridden in a derived class, sets the credentials used to authenticate web requests.
Public propertySupported by the XNA FrameworkNameTable Obsolete. Gets the XmlNameTable associated with this implementation.
Public methodSupported by the XNA FrameworkEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodSupported by the XNA FrameworkFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodSupported by the XNA FrameworkGetEntityWhen overridden in a derived class, maps a URI to an object that contains the actual resource.
Public methodGetEntityAsyncAsynchronously maps a URI to an object that contains the actual resource.
Public methodSupported by the XNA FrameworkGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodSupported by the XNA FrameworkGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodSupported by the XNA FrameworkMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodSupported by the XNA FrameworkResolveUriWhen overridden in a derived class, resolves the absolute URI from the base and relative URIs.
Public methodSupportsTypeEnables the resolver to return types other than System.IO.Stream.
Public methodSupported by the XNA FrameworkToStringReturns a string that represents the current object. (Inherited from Object.)

The XmlResolver type is used to resolve external XML resources, such as entities, document type definitions (DTDs), or schemas. It is also used to process include and import elements found in Extensible Stylesheet Language (XSL) style sheets or XML Schema definition language (XSD) schemas.

XmlResolver handles all aspects of negotiating the connection to the resources, including handling security credentials, opening the connection to the data source, and returning the resource in the form of a stream or other object type. The object that calls XmlResolver has the task of interpreting the stream.

The System.Xml namespace includes two concrete implementations of the XmlResolver class:

  • XmlUrlResolver is the default resolver for all classes in the System.Xml namespace. It supports the file:// and http:// protocols and requests from the System.Net.WebRequest class. For examples of extending the class to improve performance, see the XmlUrlResolver reference page.

  • XmlSecureResolver helps secure another XmlResolver object by wrapping the object object and restricting the resources that it can access. For example, the XmlSecureResolver can prohibit access to specific Internet sites or zones.

You can create and specify your own resolver. If you don't specify a resolver, the reader uses a default XmlUrlResolver with no user credentials.

You specify the XmlResolver to use by setting the XmlReaderSettings.XmlResolver property and passing the XmlReaderSettings object to the Create method.

If the resource is stored on a system that requires authentication, you use the XmlResolver.Credentials property to specify the necessary credentials.

Supplying authentication credentials

The file that contains the XML data to read may have a restricted access policy. If authentication is required to access a network resource, use the Credentials property to specify the necessary credentials. If the Credentials property is not set, credentials are set to Nothing.

For example, assume that credentials are needed when requesting data from the web for authentication purposes. Unless the web virtual directory allows anonymous access, you must set the Credentials property to supply credentials. The following example creates an XmlReader object that uses an XmlUrlResolver with default credentials to access the http://localhost/bookstore/inventory.xml site.

' Create a resolver with default credentials. 
Dim resolver as XmlUrlResolver = new XmlUrlResolver()
resolver.Credentials = System.Net.CredentialCache.DefaultCredentials

' Set the reader settings object to use the resolver.
settings.XmlResolver = resolver

' Create the XmlReader object. 
Dim reader as XmlReader = XmlReader.Create("http://ServerName/data/books.xml", settings)

You can supply different credentials for different URIs and add them to a cache. These credentials are used to check authentication for the different URIs regardless of the original source of the XML. The following example shows how to add credentials to a cache.

' Create the credentials. 
Dim myCred As NetworkCredential = New NetworkCredential(UserName,SecurelyStoredPassword,Domain)
Dim myCache As CredentialCache = New CredentialCache()
myCache.Add(new Uri("http://www.contoso.com/"), "Basic", myCred)
myCache.Add(new Uri("http://app.contoso.com/"), "Basic", myCred)

' Set the credentials on the XmlUrlResolver object. 
Dim resolver As XmlUrlResolver = New XmlUrlResolver()
resolver.Credentials = myCache

' Compile the style sheet. 
Dim xslt As XslCompiledTransform = New XslCompiledTransform()
xslt.Load("http://serverName/data/xsl/order.xsl", XsltSettings.Default, resolver)

Security considerations

Consider the following items when working with the XmlResolver class.

  • XmlResolver objects can contain sensitive information such as user credentials. You should be careful when caching XmlResolver objects and should not pass the XmlResolver object to an untrusted component.

  • If you are designing a class property that uses the XmlResolver class, the property should be defined as a write-only property. The property can be used to specify the XmlResolver to use, but it cannot be used to return an XmlResolver object.

  • If your application accepts XmlResolver objects from untrusted code, you cannot assume that the URI passed into the GetEntity method will be the same as that returned by the ResolveUri method. Classes derived from the XmlResolver class can override the GetEntity method and return data that is different than what was contained in the original URI.

  • Your application can mitigate memory denial of service threats to the GetEntity method by implementing an IStream that limits the number of bytes read. This helps guard against situations where malicious code attempts to pass an infinite stream of bytes to the GetEntity method.

The following example creates an XmlUrlResolver with default credentials. A XmlReader is used to read and display the resulting data stream.

Imports System
Imports System.Xml
Imports System.IO

Module Module1

    Sub Main()
        ' Create an XmlUrlResolver with default credentials. 
        Dim resolver As New XmlUrlResolver()
        resolver.Credentials = System.Net.CredentialCache.DefaultCredentials

        ' Point the resolver at the desired resource and resolve as a stream. 
        Dim baseUri As New Uri("http://serverName/")
        Dim fulluri As Uri = resolver.ResolveUri(baseUri, "fileName.xml")
        Dim s As Stream = CType(resolver.GetEntity(fulluri, Nothing, GetType(Stream)), Stream)

        ' Create the reader with the resolved stream and display the data. 
        Dim reader As XmlReader = XmlReader.Create(s)
        While reader.Read()
        End While 
    End Sub 
End Module

.NET Framework

Supported in: 4.5.1, 4.5, 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

.NET for Windows Phone apps

Supported in: Windows Phone 8.1, Windows Phone 8, Silverlight 8.1

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft. All rights reserved.