How to: Use the XmlSecureResolver Class
Theclass helps to secure another object by wrapping the XmlResolver object and restricting the resources that the underlying XmlResolver has access to. For example, the XmlSecureResolver class can prohibit access to particular Internet sites or zones.
To restrict access using a URL
Create an XmlSecureResolver object that is only allowed to access your local intranet site.
To restrict access using a permission set
Allow access only to the following two URLs.
Add the web permissions to theobject.
Create an XmlSecureResolver object using the permission set.
To restrict access using evidence
You can restrict access using. The Evidence is used to create the PermissionSet that is applied to the underlying XmlResolver. The XmlSecureResolver calls on the created PermissionSet before opening any resources.
The following list summarizes some possible scenarios and the type of evidence to provide for each scenario.
You are working in a fully-trusted environment:
Use your assembly to create the evidence.
You are working in a semi-trusted environment and you have code or data coming from an outside source. You know the origin of the outside source and have a verifiable URI:
Use the URI to create the evidence.
You are working in a semi-trusted environment and you have code or data coming from an outside source and you do not know the origin of the outside source:
Set the evidence parameter to null. This allows no access to resources.
If your application requires some access to resources, request evidence from the caller.
Use the XmlSecureResolver to Resolve XML Resources
Theclass is the default resolver for all classes in the namespace. It is used to load XML documents, and to resolve external resources such as entities, DTDs or schemas, and import or include directives.
You can override this by specifying the XmlResolver object to use. By specifying an XmlSecureResolver, you can restrict the resources that the underlying XmlResolver can access.
To create an XmlReader object that uses an XmlSecureResolver
Create an XmlSecureResolver with the correct permission set.
Create anobject that uses the XmlSecureResolver object.
Use the XmlReaderSettings object to create theobject.