This documentation is archived and is not being maintained.

XmlResolver Class

Resolves external XML resources named by a Uniform Resource Identifier (URI).

Namespace:  System.Xml
Assembly:  System.Xml (in System.Xml.dll)

public abstract class XmlResolver

XmlResolver is used to resolve external XML resources, such as entities, document type definitions (DTDs), or schemas. It is also used to process include and import elements found in Extensible StyleSheet Language (XSL) style sheets or XML Schema definition language (XSD) schemas.

XmlUrlResolver is a concrete implementation of XmlResolver and is the default resolver for all classes in the System.Xml namespace. You can also create your own resolver.

Security Considerations

Consider the following items when working with the XmlResolver class.

  • XmlResolver objects can contain sensitive information such as user credentials. You should be careful when caching XmlResolver objects and should not pass the XmlResolver object to an untrusted component.

  • If you are designing a class property that uses the XmlResolver class, the property should be defined as a write-only property. The property can be used to specify the XmlResolver to use, but it cannot be used to return an XmlResolver object.

  • If your application accepts XmlResolver objects from untrusted code, you cannot assume that the URI passed into the GetEntity method will be the same as that returned by the ResolveUri method. Classes derived from the XmlResolver class can override the GetEntity method and return data that is different than what was contained in the original URI.

  • Your application can mitigate memory Denial of Service threats to the GetEntity method by implementing a wrapping implemented IStream that limits the number of bytes read. This helps to guard against situations where malicious code attempts to pass an infinite stream of bytes to the GetEntity method.

The following example creates an XmlUrlResolver with default credentials. A XmlReader is used to read and display the resulting data stream.

using System;
using System.Xml;
using System.IO;

class Example
    static void Main()
        // Create an XmlUrlResolver with default credentials.
        XmlUrlResolver resolver = new XmlUrlResolver();
        resolver.Credentials = System.Net.CredentialCache.DefaultCredentials;

        // Point the resolver at the desired resource and resolve as a stream.
        Uri baseUri = new Uri("http://serverName/");
        Uri fulluri = resolver.ResolveUri(baseUri, "fileName.xml");
        Stream s = (Stream)resolver.GetEntity(fulluri, null, typeof(Stream));

        // Create the reader with the resolved stream and display the data.
        XmlReader reader = XmlReader.Create(s);
        while (reader.Read())

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98, Windows CE, Windows Mobile for Smartphone, Windows Mobile for Pocket PC, Xbox 360, Zune

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

.NET Compact Framework

Supported in: 3.5, 2.0, 1.0

XNA Framework

Supported in: 3.0, 2.0, 1.0