Assembly: System.Xml (in System.Xml.dll)
Initializes a new instance of the XmlResolver and URL provided.class with the
Creates evidence using the supplied URL.
Determines whether the specified object is equal to the current object.(Inherited from Object.)
Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)
|GetEntity(Uri, String, Type)|
Maps a URI to an object that contains the actual resource. This method temporarily sets the System.Security.PermissionSet created in the constructor by calling PermissionSet.PermitOnly before calling GetEntity on the underlying XmlResolver to open the resource.(Overrides XmlResolver.GetEntity(Uri, String, Type).)
|GetEntityAsync(Uri, String, Type)|
Asynchronously maps a URI to an object that contains the actual resource.(Overrides XmlResolver.GetEntityAsync(Uri, String, Type).)
Serves as the default hash function. (Inherited from Object.)
Returns a string that represents the current object.(Inherited from Object.)
The XmlUrlResolver class is the default resolver for all classes in the System.Xml namespace. It is used to load XML documents and to resolve external resources such as entities, DTDs or schemas, and import or include directives.
XmlResolver and restricts the resources that the underlying XmlResolver has access to. For example, has the ability to prohibit cross-domain redirection, which occurs from an embedded Uniform Resource Identifier (URI) reference.wraps around a concrete implementation of
When you construct an XmlResolver implementation along with a URL, an instance of an evidence object, or a permission set, which is used by the to determine security. Either a System.Security.PermissionSet is generated or the existing one is used and PermissionSet.PermitOnly is called on it to help secure the underlying XmlResolver.object, you provide a valid
objects can contain sensitive information such as user credentials. You should be careful when caching objects and should not pass the object to an untrusted component.
There are differences in the security infrastructure for code running on the .NET Framework common language runtime (CLR) and for code running on the CLR that is integrated within Microsoft SQL Server 2005. This can lead to cases where code developed for the .NET Framework CLR operates differently when used on the SQL Server integrated CLR. One of these differences affects the CreateEvidenceForUrl(String) method or the XmlSecureResolver constructor). The policy resolution mechanism of the SQL Server integrated CLR does not use the Url or Zone information. Instead, it grants permissions based on the GUID that the server adds when assemblies are loaded. When you use the in the SQL Server integrated CLR, provide any required evidence directly by using a specified PermissionSet.class when you have evidence that is based on a URL (that is, when you use the
Create anwith the correct permission set.
You can restrict access by using the XmlSecureResolver(XmlResolver, Evidence) constructor and specifying Evidence. The Evidence is used to create the PermissionSet that is applied to the underlying XmlResolver. The calls PermitOnly on the created PermissionSet before opening any resources.
Here are some common scenarios and the type of evidence to provide for each:
If you are working in a fully trusted environment, use your assembly to create the evidence:
If you are working in a semi-trusted environment, you have code or data coming from an outside source, and you know the origin of the outside source and have a verifiable URI, use the URI to create the evidence:
If you are working in a semi-trusted environment and you have code or data coming from an outside source, but you don't know the origin of the outside source, either:
Set the evidence parameter to null. This allows no access to resources.
If your application requires some access to resources, request evidence from the caller.
Notes to Inheritors:
This class has an inheritance demand. Full trust is required to inherit from theclass.
Available since 1.1
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.