How to: Use the XmlSecureResolver Class
The XmlSecureResolver class helps to secure another XmlResolver object by wrapping the XmlResolver object and restricting the resources that the underlying XmlResolver has access to. For example, the XmlSecureResolver class can prohibit access to particular Internet sites or zones.
To restrict access using a URL
Create an XmlSecureResolver object that is only allowed to access your local intranet site.
To restrict access using a permission set
To restrict access using evidence
You can restrict access using Evidence. The Evidence is used to create the PermissionSet that is applied to the underlying XmlResolver. The XmlSecureResolver calls PermitOnly on the created PermissionSet before opening any resources.
The following list summarizes some possible scenarios and the type of evidence to provide for each scenario.
You are working in a fully-trusted environment:
Use your assembly to create the evidence.
You are working in a semi-trusted environment and you have code or data coming from an outside source. You know the origin of the outside source and have a verifiable URI:
Use the URI to create the evidence.
You are working in a semi-trusted environment and you have code or data coming from an outside source and you do not know the origin of the outside source:
Set the evidence parameter to null. This allows no access to resources.
If your application requires some access to resources, request evidence from the caller.
The XmlUrlResolver class is the default resolver for all classes in the System.Xml namespace. It is used to load XML documents, and to resolve external resources such as entities, DTDs or schemas, and import or include directives.